[TriLUG] Sendmail configuration

Alan Porter porter at trilug.org
Wed Mar 19 20:24:14 EDT 2008 

 > I am using sendmail via php mail function to send
 > emails. However few servers reject my mails with
 > the error 'Sender address rejected: Domain not
 > found', since mails from my server are sent as
 > email at localhost.localdomain. How do I change this
 > to a valid domain name ?

It's getting harder and harder to send email from a
server these days.  The spam problem has forced
email receivers to implement a litany of tests that
incoming mail must pass before it is allowed in.

I have just recently set up a mail server, and before
I will accept email from you, you have to pass these
tests:

WHEN YOUR SERVER CONNECTS AND SENDS A "HELO" MESSAGE
smtpd_helo_restrictions =
   permit_sasl_authenticated - allow if you log in (me)
   permit_mynetworks - allow if you're on my networks
   check_helo_access - can't be in my black list
   reject_non_fqdn_hostname - must be a FQDN, not localhost
   reject_invalid_hostname - must be a valid host name
   permit

WHEN YOU TELL WHO THE EMAIL IS FROM
smtpd_sender_restrictions =
   permit_sasl_authenticated = if you're me
   permit_mynetworks = or in my house
   check_sender_access - you're not in my blacklist
   reject_non_fqdn_sender - must be a FQDN
   reject_unknown_sender_domain - must be a REAL domain
   permit

WHEN YOU TELL WHO THE EMAIL IS TO
smtpd_recipient_restrictions =
   permit_sasl_authenticated - OK if you're me
   permit_mynetworks - OK from my house
   reject_non_fqdn_recipient - recipient needs FQDN
   reject_unknown_recipient_domain - a REAL one
   reject_unauth_destination - must be sent to my domains
   check_recipient_access - and not in my blacklist
   reject_rbl_client list.dsbl.org - connection not on a blacklist
   reject_rbl_client sbl-xbl.spamhaus.org - or this blacklist
   # check_policy_service (spfpolicy) - domain supports SPF
   check_policy_service (postgrey) - call me back in 5 min
   permit

WHEN YOU START TELLING ME THE MESSAGE
smtpd_data_restrictions =
   reject_unauth_pipelining - don't send commands until I say OK
   permit


As you can see, this is a lot of tests.  Most of them have to
do with domains and senders that are known to be spammers, and
a lot have to do with sending in bad form.

If you're sending mail to the internet at large, you can expect
the big boys (aol, rr.com, etc) to reject your mail.  These days,
you pretty much need a domain name and a real A record for the
machine that sends the mail.  It would also help to have an MX
record for that domain that points to the sending machine.  Some
ISP's will not accept from you if they can not connect to your
incoming mail server (which may or may not be the sending machine).

At the bare minimum, you need to set your mail host to something
besides "localhost".  If you're running postfix's implementation
of sendmail, edit /etc/mailname and look at /etc/postfix/main.cf
and set "myhostname".  This value should be a resolvable host
name.

Hope this helps.

Alan







.

More information about the TriLUG mailing list