1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
|
<!--
The FreeBSD Documentation Project
$FreeBSD: doc/en_US.ISO_8859-1/books/handbook/mail/chapter.sgml,v 1.19 2000/06/14 20:30:34 jim Exp $
-->
<chapter id="mail">
<title>Electronic Mail</title>
<para><emphasis>Rewritten by &a.jim;, 02 December 1999. Original work
done by &a.wlloyd;.</emphasis></para>
<sect1>
<title>Synopsis</title>
<para>Electronic Mail, better known as email, is one of the most
widely used forms of communication today. Millions of people use
email every day, and chances are if you are reading this online,
you fall into that category and probably even have more than one
email address.</para>
<para>Electronic Mail configuration is the subject of many <link
linkend="bibliography">System Administration</link> books. If you
plan on doing anything beyond setting up one mailhost for your
network, you need industrial strength help.</para>
<para>Some parts of email configuration are controlled in the Domain
Name System (DNS). If you are going to run your own DNS server, be
sure to read through the files in <filename>/etc/namedb</filename>
and <command>man -k named</command>.</para>
</sect1>
<sect1 id="mail-using">
<title>Using Electronic Mail</title>
<para>There are five major parts involved in an email exchange. They
are: <link linkend="mail-mua">the user program</link>, <link
linkend="mail-mta">the server daemon</link>, <link
linkend="mail-dns">DNS</link>, <link linkend="mail-receive">a pop or
IMAP daemon</link>, and of course, <link linkend="mail-host">the
mailhost itself</link>.</para>
<sect2 id="mail-mua">
<title>The User Program</title>
<para>This includes command line programs such as
<application>mutt</application>, <application>pine</application>,
<application>elm</application>, and
<application>mail</application>, and GUI programs such as
<application>balsa</application>,
<application>xfmail</application> to name a few, and something
more <quote>sophisticated</quote> like a WWW browser. These
programs simply pass off the email transactions to the local <link
linkend="mail-host"><quote>mailhost</quote></link>, either by
calling one of the <link linkend="mail-mta">server daemons</link>
available or delivering it over TCP.</para>
</sect2>
<sect2 id="mail-mta">
<title>Mailhost Server Daemon</title>
<para>This is usually <application>sendmail</application> (by
default with FreeBSD) or one of the other mail server daemons such
as <application>qmail</application>,
<application>postfix</application>, or
<application>exim</application>. There are others, but those are
the most widely used.</para>
<para>The server daemon usually has two functions—it looks
after receiving incoming mail and delivers outgoing mail. It does
not allow you to connect to it via POP or IMAP to read your mail.
You need an additional <link linkend="mail-receive">daemon</link>
for that.</para>
<para>Be aware that some older versions of
<application>sendmail</application> have some serious security
problems, however as long as you run a current version of it you
should not have any problems. As always, it is a good idea to
stay up-to-date with any software you run.</para>
</sect2>
<sect2 id="mail-dns">
<title>Email and DNS</title>
<para>The Domain Name System (DNS) and its daemon
<command>named</command> play a large role in the delivery of
email. In order to deliver mail from your site to another, the
server daemon will look up the site in the DNS to determine the
host that will receive mail for the destination.</para>
<para>It works the same way when you have mail sent to you. The DNS
contains the database mapping hostname to an IP address, and a
hostname to mailhost. The IP address is specified in an A record.
The MX (Mail eXchanger) record specifies the mailhost that will
receive mail for you. If you do not have an MX record for your
hostname, the mail will be delivered directly to your host.</para>
</sect2>
<sect2 id="mail-receive">
<title>Receiving Mail</title>
<para>Receiving mail for your domain is done by the mail host. It
will collect mail sent to you and store it for reading or pickup.
In order to pick the stored mail up, you will need to connect to
the mail host. This is done by either using POP or IMAP. If you
want to read mail directly on the mail host, then a POP or IMAP
server is not needed.</para>
<para>If you want to run a POP or IMAP server, there are two things
you need to do:</para>
<procedure>
<step>
<para>Get a POP or IMAP daemon from the <ulink
url="../ports/mail.html">Ports Collection</ulink> and install
it on your system.</para>
</step>
<step>
<para>Modify <filename>/etc/inetd.conf</filename> to load the
POP or IMAP server.</para>
</step>
</procedure>
</sect2>
<sect2 id="mail-host">
<title>The Mail Host</title>
<para>The mail host is the name given to a server that is
responsible for delivering and receiving mail for your host, and
possibly your network.</para>
</sect2>
</sect1>
<sect1 id="mail-trouble">
<title>Troubleshooting</title>
<para>Here are some frequently asked questions and answers. These
have been migrated from the <ulink url="../FAQ/">FAQ</ulink>.</para>
<qandaset>
<qandaentry>
<question>
<para>Why do I have to use the FQDN for hosts on my site?</para>
</question>
<answer>
<para>You will probably find that the host is actually in a
different domain; for example, if you are in
<hostid role="fqdn">foo.bar.edu</hostid> and you wish to reach
a host called <hostid>mumble</hostid> in the <hostid
role="domainname">bar.edu</hostid> domain, you will have to
refer to it by the fully-qualified domain name, <hostid
role="fqdn">mumble.bar.edu</hostid>, instead of just
<hostid>mumble</hostid>.</para>
<para>Traditionally, this was allowed by BSD BIND resolvers.
However the current version of <application>BIND</application>
that ships with FreeBSD no longer provides default abbreviations
for non-fully qualified domain names other than the domain you
are in. So an unqualified host <hostid>mumble</hostid> must
either be found as <hostid
role="fqdn">mumble.foo.bar.edu</hostid>, or it will be searched
for in the root domain.</para>
<para>This is different from the previous behavior, where the
search continued across <hostid
role="domainname">mumble.bar.edu</hostid>, and <hostid
role="domainname">mumble.edu</hostid>. Have a look at RFC 1535
for why this was considered bad practice, or even a security
hole.</para>
<para>As a good workaround, you can place the line:
<programlisting>
search foo.bar.edu bar.edu</programlisting>
instead of the previous:
<programlisting>
domain foo.bar.edu</programlisting>
into your <filename>/etc/resolv.conf</filename>. However, make
sure that the search order does not go beyond the
<quote>boundary between local and public administration</quote>,
as RFC 1535 calls it.</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>Sendmail says <errorname>mail loops back to
myself</errorname></para>
</question>
<answer>
<para>This is answered in the sendmail FAQ as follows:</para>
<programlisting>
* I am getting <quote>Local configuration error</quote> messages, such as:
553 relay.domain.net config error: mail loops back to myself
554 <user@domain.net>... Local configuration error
How can I solve this problem?
You have asked mail to the domain (e.g., domain.net) to be
forwarded to a specific host (in this case, relay.domain.net)
by using an MX record, but the relay machine does not recognize
itself as domain.net. Add domain.net to /etc/sendmail.cw
(if you are using FEATURE(use_cw_file)) or add <quote>Cw domain.net</quote>
to /etc/sendmail.cf.</programlisting>
<para>The sendmail FAQ is in
<filename>/usr/src/usr.sbin/sendmail</filename> and is
recommended reading if you want to do any
<quote>tweaking</quote> of your mail setup.</para>
</answer>
</qandaentry>
<qandaentry>
<question>
<para>How can I do email with a dial-up PPP host?</para>
</question>
<answer>
<para>You want to connect a FreeBSD box on a lan, to the
Internet. The FreeBSD box will be a mail gateway for the lan.
The PPP connection is non-dedicated.</para>
<para>There are at least two ways to do this.</para>
<para>The other is to use UUCP.</para>
<para>The key is to get a Internet site to provide secondary MX
service for your domain. For example:</para>
<programlisting>
bigco.com. MX 10 bigco.com.
MX 20 smalliap.com.</programlisting>
<para>Only one host should be specified as the final recipient
(add <literal>Cw bigco.com</literal> in
<filename>/etc/sendmail.cf</filename> on bigco.com).</para>
<para>When the senders' <command>sendmail</command> is trying to
deliver the mail it will try to connect to you over the modem
link. It will most likely time out because you are not online.
<command>sendmail</command> will automatically deliver it to the
secondary MX site, i.e., your Internet provider. The secondary MX
site will try every
(<literal>sendmail_flags = -bd -q15m</literal> in
<filename>/etc/rc.conf</filename>) 15 minutes to connect to
your host to deliver the mail to the primary MX site.</para>
<para>You might want to use something like this as a login
script.</para>
<programlisting>
#!/bin/sh
# Put me in /usr/local/bin/pppbigco
( sleep 60 ; /usr/sbin/sendmail -q ) &
/usr/sbin/ppp -direct pppbigco</programlisting>
<para>If you are going to create a separate login script for a
user you could use <command>sendmail -qRbigco.com</command>
instead in the script above. This will force all mail in your
queue for bigco.com to be processed immediately.</para>
<para>A further refinement of the situation is as follows.</para>
<para>Message stolen from the &a.isp;.</para>
<programlisting>
> we provide the secondary MX for a customer. The customer connects to
> our services several times a day automatically to get the mails to
> his primary MX (We do not call his site when a mail for his domains
> arrived). Our sendmail sends the mailqueue every 30 minutes. At the
> moment he has to stay 30 minutes online to be sure that all mail is
> gone to the primary MX.
>
> Is there a command that would initiate sendmail to send all the mails
> now? The user has not root-privileges on our machine of course.
In the <quote>privacy flags</quote> section of sendmail.cf, there is a
definition Opgoaway,restrictqrun
Remove restrictqrun to allow non-root users to start the queue processing.
You might also like to rearrange the MXs. We are the 1st MX for our
customers like this, and we have defined:
# If we are the best MX for a host, try directly instead of generating
# local config error.
OwTrue
That way a remote site will deliver straight to you, without trying
the customer connection. You then send to your customer. Only works for
<quote>hosts</quote>, so you need to get your customer to name their mail
machine <quote>customer.com</quote> as well as
<quote>hostname.customer.com</quote> in the DNS. Just put an A record in
the DNS for <quote>customer.com</quote>.</programlisting>
</answer>
</qandaentry>
</qandaset>
</sect1>
<sect1 id="mail-advanced">
<title>Advanced Topics</title>
<para>The following section covers more involved topics such as mail
configuration and setting up mail for your entire domain.</para>
<sect2 id="mail-config">
<title>Basic Configuration</title>
<para>Out of the box, you should be able to send email to external
hosts as long as you have set up
<filename>/etc/resolv.conf</filename> or are running your own
name server. If you would like to have mail for your host
delivered to that specific host, there are two methods:</para>
<itemizedlist>
<listitem>
<para>Run your own name server and have your own domain. For
example, <hostid
role="domainname">FreeBSD.org</hostid></para>
</listitem>
<listitem>
<para>Get mail delivered directly to your host. This is done by
delivering mail directly to the current DNS name for your
machine. For example, <hostid
role="fqdn">example.FreeBSD.org</hostid>.</para>
</listitem>
</itemizedlist>
<para>Regardless of which of the above you choose, in order to have
mail delivered directly to your host, you must have a permanent
(static) IP address (no dynamic PPP dial-up). If you are behind a
firewall, it must pass SMTP traffic on to you. If you want to
receive mail at your host itself, you need to be sure of one of two
things:</para>
<itemizedlist>
<listitem>
<para>Make sure that the MX record in your DNS points to your
host's IP address.</para>
</listitem>
<listitem>
<para>Make sure there is no MX entry in your DNS for your
host.</para>
</listitem>
</itemizedlist>
<para>Either of the above will allow you to receive mail directly at
your host.</para>
<para>Try this:</para>
<screen>&prompt.root; <userinput>hostname</userinput>
example.FreeBSD.org
&prompt.root; <userinput>host example.FreeBSD.org</userinput>
example.FreeBSD.org has address 204.216.27.XX</screen>
<para>If that is what you see, mail directly to
<email>yourlogin@example.FreeBSD.org</email> should work without
problems.</para>
<para>If instead you see something like this:</para>
<screen>&prompt.root; <userinput>host example.FreeBSD.org</userinput>
example.FreeBSD.org has address 204.216.27.XX
example.FreeBSD.org mail is handled (pri=10) by hub.FreeBSD.org</screen>
<para>All mail sent to your host (<hostid
role="fqdn">example.FreeBSD.org</hostid>) will end up being
collected on <hostid>hub</hostid> under the same username instead
of being sent directly to your host.</para>
<para>The above information is handled by your DNS server. The DNS
record that carries mail routing information is the
<emphasis>M</emphasis>ail e<emphasis>X</emphasis>change entry. If
no MX record exists, mail will be delivered directly to the host by
way of its IP address.</para>
<para>The MX entry for <hostid
role="fqdn">freefall.FreeBSD.org</hostid> at one time looked like
this:</para>
<programlisting>
freefall MX 30 mail.crl.net
freefall MX 40 agora.rdrop.com
freefall MX 10 freefall.FreeBSD.org
freefall MX 20 who.cdrom.com</programlisting>
<para>As you can see, <hostid>freefall</hostid> had many MX entries.
The lowest MX number is the host that ends up receiving the mail in
the end while the others will queue mail temporarily if
<hostid>freefall</hostid> is busy or down.</para>
<para>Alternate MX sites should have separate Internet connections
from your own in order to be the most useful. Your ISP or other
friendly site should have no problem providing this service for
you.</para>
</sect2>
<sect2 id="mail-domain">
<title>Mail for your Domain</title>
<para>In order to set up a <quote>mailhost</quote> (a.k.a., mail
server) you need to have any mail sent to various workstations
directed to it. Basically, you want to <quote>hijack</quote> any
mail for your domain (in this case <hostid
role="fqdn">*.FreeBSD.org</hostid>) and divert it to your mail
server so your users can check their mail via POP or directly on
the server.</para>
<para>To make life easiest, a user account with the same
<emphasis>username</emphasis> should exist on both machines. Use
<command>adduser</command> to do this.</para>
<para>The mailhost you will be using must be the designated mail
exchange for each workstation on the network. This is done in
your DNS configuration like so:</para>
<programlisting>
example.FreeBSD.org A 204.216.27.XX ; Workstation
MX 10 hub.FreeBSD.org ; Mailhost</programlisting>
<para>This will redirect mail for the workstation to the mailhost no
matter where the A record points. The mail is sent to the MX
host.</para>
<para>You cannot do this yourself unless you are running a DNS
server. If you are not, or cannot, run your own DNS server, talk
to your ISP or whoever does your DNS for you.</para>
<para>If you're doing virtual email hosting, the following
information will come in handy. For the sake of an example, we
will assume you have a customer with their own domain, in this
case <hostid role="domainname">customer1.org</hostid> and you want
all the mail for <hostid role="domainname">customer1.org</hostid>
sent to your mailhost, which is named <hostid
role="fqdn">mail.myhost.com</hostid>. The entry in your DNS
should look like this:</para>
<programlisting>
customer1.org MX 10 mail.myhost.com</programlisting>
<para>You do <emphasis>not</emphasis> need an A record if you only
want to handle email for the domain.</para>
<note>
<para>Be aware that this means pinging <hostid
role="domainname">customer1.org</hostid> will not work unless
an A record exists for it.</para>
</note>
<para>The last thing that you must do is tell
<application>sendmail</application> on your mailhost what domains
and/or hostnames it should be accepting mail for. There are a few
different ways this can be done. Either of the following will
work:</para>
<itemizedlist>
<listitem>
<para>Add the hosts to your
<filename>/etc/sendmail.cw</filename> file if you are using the
<literal>FEATURE(use_cw_file)</literal>. If you are using
sendmail 8.10 or higher, the file is
<filename>/etc/mail/local-host-names</filename>.</para>
</listitem>
<listitem>
<para>Add a <literal>Cwyour.host.com</literal> line to your
<filename>/etc/sendmail.cf</filename> or
<filename>/etc/mail/sendmail.cf</filename> if you are using
sendmail 8.10 or higher.</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
</chapter>
<!--
Local Variables:
mode: sgml
sgml-declaration: "../chapter.decl"
sgml-indent-data: t
sgml-omittag: nil
sgml-always-quote-attributes: t
sgml-parent-document: ("../book.sgml" "part" "chapter")
End:
-->
|