I'm in mail-server hell.
Hi folks, I was wondering if anyone could help me out of mail-server setup hell.
I'd been putting off setting up my mail server for quite some time now. I had a try years ago and just got completely bamboozled my all this strange talk of using "M4" to create configuration files. I'd only really delt with configuration via the "./configure --opts=args" command-line style and the configuration file style like that of my.cnf of mysql and httpd.conf of the Apache http server and so on. So I couldn't really make head nor tail of writing a .mc configuration file and then "using the M4 preprocessor to generate a .cf configuration file" and so on. It all had me rather confused.
However, now that I'm finally getting somewhere with building my site, I want to set up email on it properly so I can use addresses from my domain. As much as I want to use email from my domain in the normal way, I also want it available for automated mail too. It's rather annoying that every mail my system sends out gets thrown straight in the bin simply because I can't get incoming mail to be accepted.
At first, I asked my hosting provider to set it up for me. I asked them to install and configure the necessary software for my domain to be able to send and recieve email and then leave me the information I need to be able to add, edit and delete accounts as and when I desire. I also told them to keep sendmail installed because I know that's the program PHP uses to send mail out. So they went ahead and uninstalled sendmail, installed something else in its place and then gave up trying to figure it out and just gave me a link to the "manual" for configuring the now-uninstalled sendmail via one of those awful web-based host account administration panels (y'know, like cPanel and all that crap).
So, with my mail software thoroughly decimated, I saw no other option but for me to try and fix everything myself. Luckily I got sendmail reinstalled pretty quickly. The OS on my VPS is Debian, so it was just a case of a quick "apt-get install sendmail" and it chucked out the MTA the support staff put on and put Sendmail back in its place. Unfortunately for me, however, it seems that the installation apt-get found and installed is broken by default. It wasn't anything too major, though. Just enough to force me to have to figure out what all this "M4" talk was about and re-order a few things in the config files. So, I now have a reasonable enough understanding of the basics of how configuring Sendmail using M4 works and I once again have a working local MTA. So things like
echo "Body text of a mail message." | mail -s "Subject text of a mail message" user
work fine (although like I said, the one to a user on another domain like gmail.com or hotmail.com gets thrown straight into the trash/spam bucket).
echo "Body text of a mail message." | mail -s "Subject text of a mail message" firstname.lastname@example.org
After much reading of documentation and various other sources of information, I then found that having Sendmail installed is only half of the job. I also needed a POP3 server to recieve mail from a remote client and then pass it on to Sendmail as if it was from a local user because Sendmail has no authentication mechanism and so can be either an open relay for mail from the entire internet (not good), a relay for specified domains and static addresses (better, but still entirely useless) or closed and relaying mail from local users only. So after a bit of looking around and reading, I decided to Go with Dovecot as my POP3 server. I've installed and configured it in so far as I can now connect to my domain via Dovecot and retrieve mail from the /var/mail/$USERNAME files, but I still can't send outgoing mail and recieve incoming mail from another domain.
I think everything would work if I could just get one last thing done, but I can't find out how. I think all I need to do now is enable Dovecot to listen on ports 25 and 465 so that it can relay incoming mail to Sendmail locally.
begins connecting, but then does nothing until the connection times out and
telnet stephenphilbin.com 25
gets the connection refused immediately, so I'm guessing there's nothing listening on 465 and
telnet stephenphilbin.com 465
confirmed my suspicion that Sendmail is listening on 25. Sendmail doesn't trust any external domains for relaying mail, though, so I'm guessing that's why nothing happens until the connection times out. It also means that it's listening on a port it has no need to listen on and is blocking Dovecot from listening on 25 too.
netstat -nlp | grep 25
So I guess my question is, does anyone know how to get Sendmail to stop listening on port 25? The only thing I've seen which I think might be a likely candidate is the line at the end of my main Sendmail configuration file. I suspect that removing this might stop Sendmail listening on 25, but I suspect it might also stop Sendmail relaying mail on to other domains too. I've been reading the Sendmail documentation (yet again) but I can't make a lot of sense of most of what I've read so far.
I'll also still need to find how to get Dovecot to listen on 25 and 465, but my primary concern, for now, is just getting Sendmail to stop listening on 25 without stopping it from relaying via SMTP to other domains.
Configuring Sendmail is really throwing yourself in the deep end. If you want to make life a bit easier for yourself, you could start by using Postfix rather than sendmail.
You can use the unix alternatives command to change mail servers from sendmail to postfix if postfix is installed. It will provide symbolic links mapping the sendmail app names to the postfix app names so it won't break any applications trying to send mail.
Postfix is loads easier to configure - the commands are somewhat less obfuscated than sendmail - but it maintains quite a lot of compatibility with sendmail.
There's a document http://www.freespamfilter.org/FC4.html which is great for configuring postfix. Although it refers to Fedora Core 4, a lot of the postfix configuration is typical. Some is deprecated now. There's also a bunch of postfix/dovecot howtos available.
Sendmail/postfix need to listen on port 25 in order to transfer mail to other mail servers and for local clients to send mail. Dovecot shouldn't be playing with port 25 at all.
Yeah, I know I'm throwing myself in at the deep end here, but I kinda' prefer it this way anyway. I did the same thing when I first started with Linux. I chucked out the rpm installations of Apache, PHP, MySQL and so on and then installed them from source instead. It took me two weeks to get MySQL installed the first time, but the knowledge gained from that ordeal has served me well ever since.
I'm OK with the M4 config method now, it just seemed a bit alien and rather pointless (I always have difficulty understanding the concept of something if I consider it to be pointless). I'm just a little wobbly on the process of outbound mail sent from a non-local client and inbound mail recieved via SMTP.
My understanding was that the MTA (Sendmail) normally accepts mail and (at the most basic level) does one of two things with it. It looks at the address of the intended recipient and if there is either no domain name (because it's from a local source) or there is a domain name wich resolves to the local host, it hands the mail off to the local LDA for delivery into the intended recipient's inbox. However if there's a domain name that resolves to an external host it does an MX lookup and sends it to the external host via SMTP. So an incoming mail not intended for a local user effectively bounces off the MTA to where it's supposed to go, but incoming mail intended for a local user gets swallowed and delivered locally.
After a little reading about POP3 servers I got the impression that because of all the spam on the net it was no longer safe to leave your MTA open and listening on 25 because then it's basically an open relay. So I got the impression that you were supposed disable your MTA from listening on 25 for remote connections and use the POP3 server to not only retrieve recieved messages, but authenticate a remote client and take its mail for delivery to the MTA as a local client (thus bypassing the MTA's inability to authenticate users but still allow outbound mail), but I'm getting the impression this is wrong. If that was the case, then it would cause problems for inbound mail too. A client sending mail to me would have to authenticate as a local user just to send a mail to me which obviously makes no sense.
I did some more reading and found that this timing out when doing "telnet stephenphilbin.com 25" is likely to be down to the ISP I'm connecting from blocking port 25 (to stop spam coming from their networks). I've been working on my laptop away from home for the past few weeks and getting timed out every time. I used ssh to connect to my computer at home to try to telnet my server through my own ISP at home, but I also got the same timeout there.
After a bit more reading I saw quite a few suggestions saying that using "SMTP auth" would get rid of this problem of ISPs blocking port 25. Am I on the right track with this "SMTP auth" thing or am I on another wild goose chase here?
Oh and am I to understand that the POP3 server is for nothing more than retrieveing mail delivered (via the LDA) to inboxes on the host? If that's the case, then surely all I need is to set up this "SMTP auth" thing (assuming it's not a wild goose chase) and all will be well?
Last edited by Stephen Philbin; 09-03-2007 at 08:19 AM.
Just a quick update to say that I've confirmed that the ISP I'm currently accessing the web from is indeed blocking port 25. I used telnet to try to connect to both stephenphilbin.com and smtpauth.earthlink.net on port 25 from my laptop and they both timed out. Then I tunneled to my computer back home, ran the same telnet commands and they both connected with no time outs. The connection was still rejected at stephenphilbin.com, but it at least didn't time out. So I ran netstat -nlp | grep 25 again and noticed that sendmail was listening on port 25 like I made sure it was before, but it's listening on 127.0.0.1:25.
Presumably I just need to configure Sendmail to listen on 0.0.0.0:25 and reject mail that doesn't originate from, or terminate at stephenphilbin.com and I'm all set then?
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)