Michael's Daemonic Doodles
...blogging bits of BSD

Sun, 06 May 2012

Configure sendmail to forward root's email without DNS

For most of my professional life I tried to avoid sendmail whenever possible. Ever since qmail (and the myriad patches to it) got released I ran a couple of large scale setups for various ISPs successfully.

However, up to this day sendmail is FreeBSD's default MTA and I use it on all machines as the local mail delivery mechanism for system email (like the ones created by cron and periodic). So instead of trying to replace sendmail on all hosts I just tweak the configuration, so I can receive admin email in a centralized account without too much pain. For a couple of machines changing /etc/aliases might be enough, but there are some machines without DNS or public Internet access, for those the setup gets a little bit more complicated. This blog post obviously isn't for the sendmail savvy system administrator, but for people like me, who want to spend as little time as possible with sendmail and have it just in the background and do its job.

Excursus: The mechanics of sendmail configuration in FreeBSD

For the longest time I didn't spend any thought on this, as the out-of-the-box configuration of sendmail was good enough for me (local submit service, queuerunner process and aliases). For the setup shown below I had to modify sendmail configuration itself. So this is how it works:

cd /etc/mail
make

This will create four configuration files, prefixed by the machine's hostname:

/etc/mail/hostname.cf
/etc/mail/hostname.mc
/etc/mail/hostname.submit.cf
/etc/mail/hostname.submit.mc

(usually hostname is fully qualified, like in host.example.org).

You're only supposed to change the .mc files (those are then compiled into sendmail .cf files using m4 - the Makefile in /etc/mail does that for you).

After saving changes to one of the files do:

cd /etc/mail
make

to compile the files. To put the configuration into production run:

cd /etc/mail
make install

You want to restart sendmail afterwards. The Makefile also has switches for that, but depending on /etc/rc.conf it's usually safer to do:

service sendmail stop
service sendmail start

(for some reason, under certain circumstances service sendmail restart doesn't do exactly what you want).

Prerequisites for the configuration below

This host in question has no DNS name, no fully qualified host name (it's just called "backup"), no access to DNS and no access to the Internet (running on a local RFC 1918 IPv4 address). It has no sendmail specific settings in /etc/rc.conf, which means that a localhost-only MTA for mail submission will run and stuck mail will checked for every 30 minutes.

If you want to follow these instructions on your own host, make sure to replace sysadmin@example.org with your system administration email address, relay.example.org with your relaying mail server and backup with your (potentially fully qualified) hostname.

Make sendmail forward email for root

Add your system administration email address in /etc/aliases (which is a symlink to /etc/mail/aliases) so it contains (there's a nice marker and comment in that file that's really hard to miss):

...
root: sysadmin@example.org
...

Don't forget to run newaliases afterwards (running make aliases in /etc/mail has the same effect).

Create sendmail configuration

Create host specific configuration files (if they don't exist already):

cd /etc/mail
make

Add smart host to relay through

Add the following line to /etc/mail/hostname.mc:

define(`SMART_HOST', `relay.example.org')

Compile and install new configuration:

cd /etc/mail
make
make install

Add hostname to /etc/hosts

Add the IP address of relay.example.org to /etc/hosts, e.g.:

192.168.100.100       relay.example.org

Tell sendmail to use /etc/hosts

By default sendmail doesn't use /etc/hosts, we have to tell it to do so by:

echo "hosts files" >>/etc/mail/service.switch

Restart sendmail

service sendmail stop
service sendmail start

Conclusion and further reading

The setup above does exactly what it's supposed to, even though it took me way too long to figure out exactly how to make it happen. I would like to see sendmail being replaced by something more approachable in FreeBSD, but I have no illusions that this will happen anytime soon.

For further reading I recommend the FreeBSD Handbook on Sendmail.

Also, the following related configuration directives might be interesting to you to fine tune results:

FEATURE(`always_add_domain')
FEATURE(`masquerade_entire_domain')
FEATURE(`masquerade_envelope')
FEATURE(`allmasquerade')
MASQUERADE_AS(`example.org.')
MASQUERADE_DOMAIN(`examples.org.')

FreeBSD, Sendmail | /sysadmin | permalink