Posts Tagged ‘exim’

Install Sendmail mail server on Debian GNU / Linux

Sunday, March 31st, 2013

Installing sendmail on Debian Linux is something not so common these days. As sendmail has been overshadowed by his competitors Exim and Postfix. By default Debian Linux comes with Exim (light) installed as Exim is tiny and perfectly suitable for dealing with small and mid-sized SMTP needs. The reason why sendmail has been moved out by its competitors over the last 15 years is sendmail configuration is one big hell and besides that sendmail has been well known for its many security remote exploit holes – making it a famous target for crackers. Well anyways in some cases sendmail is necessary to install especially if you have a client which wants to have it set up. In this short article I will show how very basic sendmail installation on Debian host is done.

 blackstar:~# apt-get install sendmail-bin sensible-mda

Reading package lists… Done
Building dependency tree      
Reading state information… Done

The following extra packages will be installed:
  sendmail-base sendmail-cf sensible-mda
Suggested packages:
  sendmail-doc logcheck resolvconf sasl2-bin
The following packages will be REMOVED:
  exim4 exim4-base exim4-config exim4-daemon-light sa-exim task-mail-server
The following NEW packages will be installed:
  sendmail-base sendmail-bin sendmail-cf
0 upgraded, 3 newly installed, 6 to remove and 26 not upgraded.
Need to get 1,626 kB of archives.
After this operation, 592 kB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-base all 8.14.4-2.1 [362 kB]
Get:2 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-cf all 8.14.4-2.1 [300 kB]
Get:3 http://ftp.bg.debian.org/debian/ wheezy/main sendmail-bin i386 8.14.4-2.1 [964 kB]
Fetched 1,626 kB in 0s (3,057 kB/s)  
(Reading database … 199577 files and directories currently installed.)
Removing task-mail-server …
Selecting previously unselected package sendmail-base.
(Reading database … 199577 files and directories currently installed.)
Unpacking sendmail-base (from …/sendmail-base_8.14.4-2.1_all.deb) …
Selecting previously unselected package sendmail-cf.
Unpacking sendmail-cf (from …/sendmail-cf_8.14.4-2.1_all.deb) …
Processing triggers for man-db …
(Reading database … 199939 files and directories currently installed.)
Removing sa-exim …
[….] Reloading exim4 configuration files:invoke-rc.d: initscript exim4, action "reload" failed.
dpkg: exim4-config: dependency problems, but removing anyway as you requested:
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
 exim4-base depends on exim4-config (>= 4.30) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.

Removing exim4-config …
dpkg: exim4-daemon-light: dependency problems, but removing anyway as you requested:
 exim4 depends on exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom; however:
  Package exim4-daemon-light is to be removed.
  Package exim4-daemon-heavy is not installed.
  Package exim4-daemon-custom is not installed.
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.
 bsd-mailx depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package exim4-daemon-light which provides default-mta is to be removed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-light which provides mail-transport-agent is to be removed.

Removing exim4-daemon-light …
[ ok ] Stopping MTA:.
ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken
dpkg: exim4-base: dependency problems, but removing anyway as you requested:
 exim4 depends on exim4-base (>= 4.80).

Removing exim4-base …
Processing triggers for man-db …
Selecting previously unselected package sendmail-bin.
(Reading database … 199786 files and directories currently installed.)
Unpacking sendmail-bin (from …/sendmail-bin_8.14.4-2.1_i386.deb) …
Processing triggers for man-db …
Setting up sendmail-base (8.14.4-2.1) …
adduser: Warning: The home directory `/var/lib/sendmail' does not belong to the user you are currently creating.
Setting up sendmail-cf (8.14.4-2.1) …
Setting up sendmail-bin (8.14.4-2.1) …
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match sendmail Default-Stop values (1)
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-mta (sendmail-mta) in auto mode
update-alternatives: using /usr/lib/sm.bin/sendmail to provide /usr/sbin/sendmail-msp (sendmail-msp) in auto mode
update-alternatives: warning: not replacing /usr/share/man/man8/sendmail.8.gz with a link

You are doing a new install, or have erased /etc/mail/sendmail.mc.
If you've accidentaly erased /etc/mail/sendmail.mc, check /var/backups.

I am creating a safe, default sendmail.mc for you and you can
run sendmailconfig later if you need to change the defaults.

[ ok ] Stopping Mail Transport Agent (MTA): sendmail.
Updating sendmail environment …
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Could not open /etc/mail/databases(No such file or directory), creating it.
Could not open /etc/mail/sendmail.mc(No such file or directory)
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Turning off Host Status collection
Could not open /etc/mail/databases(No such file or directory), creating it.
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…

Checking filesystem, this may take some time – it will not hang!
  …   Done.
 
Checking for installed MDAs…
Adding link for newly extant program (mail.local)
Adding link for newly extant program (procmail)
sasl2-bin not installed, not configuring sendmail support.

To enable sendmail SASL2 support at a later date, invoke "/usr/share/sendmail/update_auth"

 
Creating/Updating SSL(for TLS) information
Creating /etc/mail/tls/starttls.m4…
Creating SSL certificates for sendmail.
Generating DSA parameters, 2048 bit long prime
This could take some time
…+………………..+.+..+..+++
..+.+………….+.++++++++++++++++++++++++++++++*
Generating RSA private key, 2048 bit long modulus
………………..+++
…………………+++
e is 65537 (0x10001)

*** *** *** WARNING *** WARNING *** WARNING *** WARNING *** *** ***

Everything you need to support STARTTLS (encrypted mail transmission
and user authentication via certificates) is installed and configured
but is *NOT* being used.

To enable sendmail to use STARTTLS, you need to:
1) Add this line to /etc/mail/sendmail.mc and optionally
   to /etc/mail/submit.mc:
  include(`/etc/mail/tls/starttls.m4')dnl
2) Run sendmailconfig
3) Restart sendmail

 
Updating /etc/hosts.allow, adding "sendmail: all".

Please edit /etc/hosts.allow and check the rules location to
make sure your security measures have not been overridden –
it is common to move the sendmail:all line to the *end* of
the file, so your more selective rules take precedence.
Checking {sendmail,submit}.mc and related databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/Makefile…
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Writing configuration to /etc/mail/sendmail.conf.
Writing /etc/cron.d/sendmail.
Disabling HOST statistics file(/var/lib/sendmail/host_status).
Creating /etc/mail/sendmail.cf…
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()
 
Creating /etc/mail/submit.cf…
Informational: confCR_FILE file empty: /etc/mail/relay-domains
Warning: confCT_FILE source file not found: /etc/mail/trusted-users
 it was created
Informational: confCT_FILE file empty: /etc/mail/trusted-users
Warning: confCW_FILE source file not found: /etc/mail/local-host-names
 it was created
Warning: access_db source file not found: /etc/mail/access
 it was created
Updating /etc/mail/access…
Linking /etc/aliases to /etc/mail/aliases
Updating /etc/mail/aliases…

WARNING: local host name (blackstar) is not qualified; see cf/README: WHO AM I?
/etc/mail/aliases: 13 aliases, longest 10 bytes, 145 bytes total
 
Warning: 3 database(s) sources
    were not found, (but were created)
    please investigate.
 
Warning: These messages were issued while creating sendmail.cf
    make sure they are benign before starting sendmail!
 
Errors in generating sendmail.cf
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()
 
[ ok ] Starting Mail Transport Agent (MTA): sendmail.
(Reading database … 199837 files and directories currently installed.)
Removing exim4 …
 

Right after packages gets installed it is good idea to get rid of any remains of previous exim SMTP install, run;

blackstar:~# dpkg --purge exim4
blackstar:~# dpkg --purge exim4-base
blackstar:~# dpkg --purge exim4-config
blackstar:~# dpkg --purge exim4-daemon-light
blackstar:~# dpkg --purge sa-exim

blackstar:~# grep -i sendmail /etc/passwd
smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false
blackstar:~# grep -i -E "smmta|smmsp" /etc/passwd
smmta:x:121:128:Mail Transfer Agent,,,:/var/lib/sendmail:/bin/false
smmsp:x:124:129:Mail Submission Program,,,:/var/lib/sendmail:/bin/false

Sendmail install does create two new users smmta and smmsp in /etc/passwd and /etc/group

As you see from earlier apt-get output sendmail is provided on Debian via 4 packs:

root@blackstar:~# dpkg -l |grep -i sendmail
ii  libmail-sendmail-perl                0.79.16-1                          all          Send email from a perl script
ii  sendmail-base                        8.14.4-2.1                         all          powerful, efficient, and scalable Mail Transport Agent
ii  sendmail-bin                         8.14.4-2.1                         i386         powerful, efficient, and scalable Mail Transport Agent
ii  sendmail-cf                          8.14.4-2.1                         all          powerful, efficient, and scalable Mail Transport Agent

libmail-sendmail-perl installs a perl module (class)  /usr/share/perl5/Mail/Sendmail.pm.

sendmail-bin contains main sendmail components binary files, cron bindings related to sendmail, some manual pages and creates structure necessary for sendmail to process email queue. sendmail-cf provides a multitude of sendmail configurations in macroses and few documentation files on the macros configuration. All sendmail configuration macros are stored in /usr/share/sendmail/* – there are pleny of .m4 configs so for people who never installed sendmail it is really confusing.

sendmail-base package contains some bindings on how to to log rotate sendmail log files, few more sendmail binaries who deal with sendmail architecture, few files whether sendmail is run via PPP or DHCP connection, some documentation and example files. Sendmail documentation is installed in /usr/share/doc/sendmail*,  unfortunately documentation there is scarce so for extended documentation it is good to check Sendmail's Official site

To check if sendmail is running you should have it visible  in the list of running processes;

root@blackstar:~# ps xa|grep sendmail|grep -v grep
  468 ?        Ss     0:00 sendmail: MTA: accepting connections        

Further on it should be accepting connections on localhost / 25, i.e.

root@blackstar:~# telnet localhost 25
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 blackstar ESMTP Sendmail 8.14.4/8.14.4/Debian-2.1; Sat, 30 Mar 2013 19:09:47 +0200; (No UCE/UBE) logging access from: localhost(OK)-localhost [127.0.0.1] ^]
telnet> quit
 

 

Sendmail's configuration is being generated using a macro file using a macro processor via m4 command. There are few files, used as a basis for generation the final m4 most important of course is /etc/mail/sendmail.mc and sendmail.cf  –  /etc/mail/sendmail.cf, sendmail.mc after processed with the mambo-jambo with m4 generates the complex and about 15 times larger by size sendmail.cf.
All configs related to generating files instructing how sendmail will operate are stored in /etc/mail;

blackstar:~#  ls -1
access
access.db
address.resolve
aliases
aliases.db
databases
helpfile
local-host-names
m4
Makefile
peers
sasl
sendmail.cf
sendmail.cf.errors
sendmail.conf
sendmail.mc
service.switch
service.switch-nodns
smrsh
spamassassin
submit.cf
submit.mc
tls

sendmail.cf.errors
– contains errors during processing of macros config files.

 

root@blackstar:/etc/mail# cat sendmail.cf.errors
*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`always_add_domain')*** ERROR: FEATURE() should be before MAILER()
*** MAILER(`local') must appear after FEATURE(`allmasquerade')*** ERROR: FEATURE() should be before MAILER()

This errors, are not fatal as sendmail.cf is there and sendmail is from now on ready to send mails via localhost.

To check if sendmail delivers mails onwards, use mail cmd;
 

hipo@blackstar:~$ mail -s "testing" test@pc-freak.net
this is a simple test email
Do you get it?
.
Cc:

To see all is fine with mail delivery check out /var/log/mail.log

blackstar:~# tail -f /var/log/mail/log
Mar 30 21:23:05 blackstar sm-msp-queue[1495]: unable to qualify my own domain name (blackstar) -- using short name
Mar 30 21:23:09 blackstar sm-mta[1499]: STARTTLS=client, relay=mail.pc-freak.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Mar 30 21:23:11 blackstar sm-mta[1524]: r2UJN8x2001524: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
Mar 30 21:23:13 blackstar sm-mta[1499]: r2UJKwqR001412: to=<hipo@pc-freak.net>, ctladdr=<root@blackstar> (0/0), delay=00:02:15, xdelay=00:00:10, mailer=esmtp, pri=210313, relay=mail.pc-freak.net. [83.228.93.76], dsn=2.0.0, stat=Sent (ok 1364671405 qp 7492)
Mar 30 21:24:28 blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry
Mar 30 21:27:16 blackstar sendmail[1633]: My unqualified host name (blackstar) unknown; sleeping for retry

As you see there is an error in mail.log
 

blackstar sendmail[1532]: My unqualified host name (blackstar) unknown; sleeping for retry


This is because blackstar is not assigned as a a host recognized to 127.0.0.1 in /etc/hosts. To solve it on my host I had to change /etc/hosts which looked like so:

blackstar:~# cat /etc/hosts
127.0.0.1    localhost
127.0.1.1    blackstar
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

to

blackstar:~# vim /etc/hosts

127.0.0.1    localhost localhost.localdomain blackstar
127.0.1.1    blackstar

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
 

 

Then restart sendmail to reread /etc/hosts
 

root@blackstar:/etc/mail# /etc/init.d/sendmail restart
[ ok ] Restarting Mail Transport Agent (MTA): sendmail.

 

How to Fix E: Could not perform immediate configuration on ‘exim4-daemon-light’.

Saturday, March 23rd, 2013

If you get an error like:

E: Could not perform immediate configuration on 'exim4-daemon-light'. Please see man 5 apt.conf under APT::Immediate-Configure for details. (2)

,
During installing Exim with aptitude or apt-get, i.e. # apt-get install exim4-daemon-light

or

# aptitude install exim4-daemon-light

This is due to some kind of mess with other mail server packages (sendmail or postfix) previously installed on the host and some mess with mail servers installed on system, to solve it remove all SMTP server packages sendmail / postfix / exim and then after being sure all SMTP packages are purged from system from clean install Exim light SMTP variant: # apt-get update
# apt-get -f install
# apt-get --purge remove sendmail sendmail-bin
# dpkg --force-all -r postfix
# dpkg --purge exim4-base
# dpkg --purge exim4-config
# dpkg --purge exim4-daemon-light
# apt-get update
# apt-get -f install
# apt-get install exim4-base exim4-config exim4-daemon-light

 

 

Is it possible mail server to work on alternative port to 25?

Thursday, February 28th, 2013

If you're running a small home based Linux or BSD server with Qmail, Exim or Postfix and it happens your ISP has filtered incoming connections to TCP/IP port 25 and you wonder if it is possible to use other alternative port to 25 for example the (Secure SMTP) SMTPS 465 supported by all major SMTP servers, the answer unfortunately is it is not possible.

The only accepted and working mail transmission port works on TCP/IP Port 25, thus the only option to make the mail server working fine is contact your ISP and convince them to remove filtering for port 25 to your custom IP. Many ISPs set a Firewall filter for 25, because nowadays many Windows XP / Vista / 7 PCs get infected with Viruses and Trojans running a tiny SMTP server on the host and trying to send million of SPAM messages via the poor unknowing victim. This congests the network and often even creates ISP network overloads, thus ISPs prefer to filter Port 25 to get rid of such eventual problems.

Once again,  alternative port to 25 for Mail is impossible !

Fix to mail forwarding error “Received-SPF: none (domain.com: domain at maildomain does not designate permitted sender hosts)

Tuesday, October 18th, 2011

I’m Configuring a new Exim server to relay / forward mail via a remote Qmail SMTP server
Even though I configured properly the exim to forward via my relaying mail server with host mail.domain.com, still the mail forwarding from the Exim -> Qmail failed to work out with an error:

Fix to mail forwarding error "Received-SPF: none (domain.com: domain at maildomain does not designate permitted sender hosts)

I pondered for a while on what might be causing this “mysterous” error just to realize I forgot to add the IP address of my Exim mail server in the Qmail relay server

To solve the error I had to add in /etc/tcp.smtp on my Qmail server a record for my Exim server IP address xx.xx.xx.xx, like so:

debian-server:~# echo 'xx.xx.xx.xx:allow,RELAYCLIENT="",QS_SPAMASSASSIN="0"' >> /etc/tcp.smtp

The QS_SPAMASSASSIN=”0″ as you might have guessed instructs Qmail not to check the received mails originating from IP xx.xx.xx.xx with spamassassin.

Finally on the Qmail server to load up the new tcp.smtp settings I had to rebuild /etc/tcp.smtp.cdb and restart qmail :

– reload qmail cdb

linux-server:/var/qmail# qmailctl cdb
Reloaded /etc/tcp.smtp.
- restart qmail

linux-server:/var/qmail# qmailctl restart
Restarting qmail:
* Stopping qmail-smtpdssl.
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
* Restarting qmail-smtpdssl.

This solved the issue and now mails are forwarded without problems via the Qmail SMTPD.

How to configure Exim to relay mail to remote SMTP server on Debian and Ubuntu

Wednesday, August 24th, 2011

I’m required to do some mail relaying on a Debian Linux host which should use a remote mail server to relay its mails.
Until so far I’ve had not much experience with exim as I prefer using qmail, whever a mail server is needed. However since now only a relaying was necessery and exim is the default installed MTA on Debian, I’ve decided to use exim to take care of the SMTP mail relaying.
After a bit of reading it happened configuring exim to relay via remote SMTP server is more than easy!

All I had to do is run the command:

debian-relay:~# dpkg-reconfigure exim4-config

Next in the Ncruses interface to appear:

Debian Exim relay smtp config screenshot

I had to choose the option:

mail sent by smarthost; no local mail

Next a dialog appears asking for:
System mail name:
Therein it’s necessery to type in the hostname of the remote SMTP to be used for mail relay.
Next dialog asks for:
IP-addresses to listen on for incoming SMTP connections:
and I left it with 127.0.0.1 however if exim is supposed to be visible from external network one might decide to put in real IP address there.

Pressing OK leads to the next dialog:
 Other destinations for which mail is accepted: 
I decided to leave this blank as I don’t want to accept mail for any destinations.
Next pane reads:
Visible domain name for local users:
I’ve typed inside my smtp relay server e.g.:
smtp.myrelaymail.com

Further comes:
IP address or host name of the outgoing smarthost:
There once again I typed my mail relay host smtp.relaymail.com

The next config screen is:
Keep number of DNS-queries minimal (Dial-on-Demand)?
On any modern Linux host the default answer of No is fine.
Following prompt asked if I want to:
Split configuration into small files?
I’ve decided not to tamper with it and choosed No
Afterwards mail relaying works like a charm thx God 😉

How to change mail sent from in Nagios on Debian GNU/Linux 6

Wednesday, August 24th, 2011

I’ve been playing with configuring a new nagios running on a Linux host which’s aim is to monitor few Windows servers.
The Linux host’s exim is configured to act as relay host to another SMTP server, so all email ending up in the Linux localhost on port 25 is forwarded to the remote SMTP.

The remote smtp only allows the Linux to send email only in case if a real existing username@theserverhostname.com is passed it, otherwise it rejects mail and does not sent properly the email.
As the newly configured Nagios installatio is supposed to do e-mail notification, I was looking for a way to change the default user with which Nagios sends mails, which is inherited directly after the username with which /usr/sbin/nagios3 and /usr/sbin/nrpe are running (on Debian this is nagios@theserverhostname.com).

Thanksfully, there is a work around, I’ve red some forum threads explaning that the username with whch nagios sends mail can be easily changed from /etc/nagios3/commands.cfg by passing the -a “From: custom_user@myserverhostname.com” to all occurance of /usr/bin/mail -s , its preferrable that the -a custom_user@myserverhostname.com is inserted before the -s “” subject option. Hence the occurance of mail command should be changed from:

| /usr/bin/mail -s "** $NOTIFICATIONTYPE$

To:

| /usr/bin/mail -a "From: custom_user@theserverhostname.com" -s "** $NOTIFICATIONTYPE$

Now to read it’s new configurations nagios requirs restart:

debian:~# /etc/init.d/nagios3 restart
...

Now in case of failed services or Hosts Down nagios will send it’s mail from the custom user custom_user@theserverhostname.com and nagios can can send mail properly via the remote relay SMTP host 😉