[TriLUG] Sendmail configuration

[Matt Pusateri]

Alan ++  Very nice explanation.   I've got pretty much the same setup 
only I'm also using maRBL( http://slu.ms/code/marbl )  maRBL can use p0f 
to do passive OS queries, and if it comes back a M$ product it triggers 
the RBL.  This has worked well for eliminating virus infect M$ 
products.  I'm not sure if maRBL being actively maintained, but it's 
been working well over a year without issue.


Matt P.

Alan Porter wrote:
>  > I am using sendmail via php mail function to send
>  > emails. However few servers reject my mails with
>  > the error 'Sender address rejected: Domain not
>  > found', since mails from my server are sent as
>  > email at localhost.localdomain. How do I change this
>  > to a valid domain name ?
>
> It's getting harder and harder to send email from a
> server these days.  The spam problem has forced
> email receivers to implement a litany of tests that
> incoming mail must pass before it is allowed in.
>
> I have just recently set up a mail server, and before
> I will accept email from you, you have to pass these
> tests:
>
> WHEN YOUR SERVER CONNECTS AND SENDS A "HELO" MESSAGE
> smtpd_helo_restrictions =
>    permit_sasl_authenticated - allow if you log in (me)
>    permit_mynetworks - allow if you're on my networks
>    check_helo_access - can't be in my black list
>    reject_non_fqdn_hostname - must be a FQDN, not localhost
>    reject_invalid_hostname - must be a valid host name
>    permit
>
> WHEN YOU TELL WHO THE EMAIL IS FROM
> smtpd_sender_restrictions =
>    permit_sasl_authenticated = if you're me
>    permit_mynetworks = or in my house
>    check_sender_access - you're not in my blacklist
>    reject_non_fqdn_sender - must be a FQDN
>    reject_unknown_sender_domain - must be a REAL domain
>    permit
>
> WHEN YOU TELL WHO THE EMAIL IS TO
> smtpd_recipient_restrictions =
>    permit_sasl_authenticated - OK if you're me
>    permit_mynetworks - OK from my house
>    reject_non_fqdn_recipient - recipient needs FQDN
>    reject_unknown_recipient_domain - a REAL one
>    reject_unauth_destination - must be sent to my domains
>    check_recipient_access - and not in my blacklist
>    reject_rbl_client list.dsbl.org - connection not on a blacklist
>    reject_rbl_client sbl-xbl.spamhaus.org - or this blacklist
>    # check_policy_service (spfpolicy) - domain supports SPF
>    check_policy_service (postgrey) - call me back in 5 min
>    permit
>
> WHEN YOU START TELLING ME THE MESSAGE
> smtpd_data_restrictions =
>    reject_unauth_pipelining - don't send commands until I say OK
>    permit
>
>
> As you can see, this is a lot of tests.  Most of them have to
> do with domains and senders that are known to be spammers, and
> a lot have to do with sending in bad form.
>
> If you're sending mail to the internet at large, you can expect
> the big boys (aol, rr.com, etc) to reject your mail.  These days,
> you pretty much need a domain name and a real A record for the
> machine that sends the mail.  It would also help to have an MX
> record for that domain that points to the sending machine.  Some
> ISP's will not accept from you if they can not connect to your
> incoming mail server (which may or may not be the sending machine).
>
> At the bare minimum, you need to set your mail host to something
> besides "localhost".  If you're running postfix's implementation
> of sendmail, edit /etc/mailname and look at /etc/postfix/main.cf
> and set "myhostname".  This value should be a resolvable host
> name.
>
> Hope this helps.
>
> Alan
>
>
>
>
>
>
>
> .
>