Thursday, June 2, 2011

HOWTO: Configure linux sendmail to use external ISP as SMTP mail relay

SkyHi @ Thursday, June 02, 2011
Many server based applications on linux need to send email from the localhost. Unfortunately "out-of-the-box", linux sendmail doesn't work as expected.  Additionally, if you are hosting a server on an in-house machine and use a dynamically assigned IP address e.g. a Joomla website using, but you use an external ISP to handle email, you need to setup sendmail on your local machine so that it will relay email through your ISP. My example here is for a server that is hosted locally but email is handled by an ISP, namely Network Solutions. This article describes the basic steps you need to carry out to get sendmail working so that applications on your localhost can send email.

To setup sendmail on redhat, centos or fedora so that mail can be dispatched using local smtp that relays through your ISP (e.g. PHP mail() function for Joomla, Trac, sugarCRM etc)  you need to perform the following steps.

Step 1 - Install all the packages that you are going to need

Use yum to install all the packages that you are going to need. If they are already installed yum will tell you so, if they are not already installed, then yum will install them for you.
# yum install sendmail sendmail-devel sendmail-cf  bind bind-chroot 

NOTE: omit the Step3 for non-SMTP auth ISP(telus,shaw) on same network

Step 2 - Setup sendmail client-side SMTP AUTH

sendmail client-side SMTP AUTH allows us to authenticate in order to relay all outgoing mail to our ISP's SMTP mail server and have them send the mail on our behalf via SMART_HOST. Note that you can have SMART_HOST work just fine without SMTP AUTH if your ISP's SMTP server doesnt require authentication.

Now edit /etc/mail/ to contain the following. I have removed all lines that are commented out to make this more human readable.
VERSIONID(`setup for linux')dnl
define(`SMART_HOST', `')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl  

Step 3 -  Setup the authinfo file

Now edit /etc/mail/authinfo to contain the following. "U:user @" "P:password" "M:PLAIN"AuthInfo: "U:user @" "P:password" "M:PLAIN"
# chmod 660 /etc/mail/authinfo
# makemap hash /etc/mail/authinfo < /etc/mail/authinfo

Step 4 - Setup the access file

Now edit the /etc/mail/access file so that it contains the following.
# by default we allow relaying from localhost...
Connect:localhost.localdomain       RELAY
Connect:localhost                            RELAY 
Connect:                           RELAY
# chmod 660 /etc/mail/access
# makemap hash /etc/mail/access < /etc/mail/access

Step 5 - Now you need to install bind to get sendmail to work

For some reason sendmail does not use /etc/hosts for local name resolution, so it always fails (and is unbearably slow on system boot as it cannot find localhost.localdomain). To solve this problem you need to run bind on your local machine.

Now edit the /etc/named.conf file so that it contains the following.
options {
       listen-on port 53 { };
As we are using bind-chroot we need to copy the named.conf to where it expects t to be.
# cp -f /etc/named.conf /var/named/chroot/etc/
Now edit /etc/resolv.conf so that it contains the following. Change to be the IP address of your primary DNS
domain localdomain

Step 6 - Start the required services

# chkconfig named on
# chkconfig saslauthd on
# chkconfig sendmail on
# service named restart
# service saslauthd restart
# service sendmail restart

Test that it works

To check that sendmail is working properly, login to your server and fire up a terminal window.
# mailq
The mailq command will display a list of messages that are held in the outgoing mail queue. It should be empty. Now send an email, and then check the mail queue using mailq.

You can also get better diagnostic information by manually sending a message like this:
# sendmail -Am -t -v 
to:user @
from:user @