Php4, Php5 Programming, Ftp Web Hosting, Subdomain, Cpanel Blog

Chapter 17 . Mail Servers Postfix, Sendmail, Qpopper, and Cyrus 483 Figure 17-4: Specifying an outgoing mail server If you want mail sent from the host that you are configuring to appear to be from a different domain, click Masquerade and enter the information about that domain that you want to appear in the headers of mail sent by sendmail. This pane also enables you to configure sendmail to make mail from specific local users to appear to come from selected locations, which can be useful for mail from system accounts that you do not want to reflect the name of the specific host from which they were sent. Click OK to record any changes that you have made and return to the Outgoing mail pane, or click Back to return to the Outgoing mail pane without making any changes. Click Next to continue the configuration process and display the screen shown in Figure 17-5. The most important setting on this panel is the Accept remote SMTP connections setting. By default, sendmail listens on a system s loopback interface and uses that to locally deliver mail that has also been sent locally. You will therefore need to enable the Accept remote SMTP connections setting if you want your system to be able to accept and deliver mail sent from other systems (such as if you are setting up a system that will deliver or relay mail sent by other systems).
Note: In case you are looking for affordable webhost to host and run your servlet application check Vision mysql5 web hosting services

482 Part IV . Implementing Network Services in SUSE Linux Figure 17-3: Specifying your network connection On this screen, you identify the type of network connection that is used by the host on which you are running sendmail. If you want to automatically include virus scanning as part of receiving incoming mail, click the Enable virus scanning (AMaViS) check box. (If this package is not already installed, YaST will prompt you for the appropriate CD or DVD media at the end of the sendmail configuration process.) After selecting the appropriate options on this screen, click Next. The screen shown in Figure 17-4 displays. If you are configuring sendmail on a host where you want to be able to receive and deliver mail, but your site uses a central mail server for relaying email to the Internet or other local networks, enter the name of this central server on this screen. If sendmail will need to authenticate to this server in order to send mail through it, click Authentication and enter the name and password of the user that sendmail should use to authenticate. (This is often a user named sendmail, for whom a specific account has been created.) Click OK to record any changes that you have made and return to the Outgoing mail pane, or click Back to return to the Outgoing mail pane without making any changes.
Note: If you are looking for high quality webhost to host and run your jsp application check Vision christian web host services

Chapter 17 . Mail Servers Postfix, Sendmail, Qpopper, and Cyrus 481 Figure 17-2: YaST2 s dependency conflict dialog Configuring sendmail sendmail s primary configuration information is stored in the file /etc/sendmail .cf. Additional configuration information is stored in the directory /etc/mail. The file /etc/sendmail.cf is a text file that contains configuration information consisting of name/value pairs on separate lines of the file. Most systems that run sendmail create the file /etc/sendmail.cf from another file, sendmail.mc, which is often stored in the /etc/mail (Linux systems such as Red Hat) or /usr/lib/mail/cf (Solaris) directory. The file sendmail.cf is generated from sendmail.mc using the m4 command, which is a macro processor that expands the condensed configuration information in sendmail.mc into the more verbose but more complete sendmail.cf file. Luckily, SUSE simplifies sendmail configuration by providing a graphical configuration mechanism in YaST. The YaST configuration module for sendmail and the shell scripts and configuration files that it uses were all installed automatically as part of SUSE s sendmail package. Configuring any MTA in YaST is done in the same location, which is Network Services . Mail Transfer Agent. The underlying scripts implement any changes or additional options provided by different support MTAs on SUSE Linux, such as Postfix, sendmail, and Exim. This section describes the most common configuration options that you may want to set or change in YaST s sendmail configuration module. After starting YaST s MTA configuration module (Network Services . Mail Transfer Agent), the screen shown in Figure 17-3 will appear.
Note: If you are looking for reliable webhost to maintain and run your java application check Vision java hosting services

480 Part IV . Implementing Network Services in SUSE Linux freely available. Development of sendmail continues in both the Open Source community (www.sendmail.org) and at a company named Sendmail www.sendmail .com), where Eric Allman is CTO, and a next-generation version of sendmail is actively under development. This section explains how to install, configure, and initiate sendmail on a SUSE system. Installing sendmail As mentioned previously, sendmail is never installed by default on a SUSE system. To install sendmail, you will need to remove Postfix, the default MTA on SUSE Linux systems, or any other MTA that you may previously have installed. SUSE s use of RPM as a core database for tracking installed packages and associated files simplifies adding and removing entire packages, but YaST makes the process even easier. To install sendmail on your SUSE Linux system: 1. Start YaST, then select Software, and finally, select Install and Remove Software. Click the Administrator Mode button and enter the system s root password to proceed to the actual software installation screen. 2. To locate the sendmail package, enter sendmail in the Search text box and click the Search button. The sendmail package displays in the package list at the top right of this dialog. Click the check box to indicate that you want to install the package and the Accept button in the lower right portion of the Install and Remove Software pane. 3. If you configured your SUSE system as a server system, YaST automatically installed Postfix for you as part of the basic server installation. If this is the case, YaST displays the Dependency Conflict dialog box shown in Figure 17-2. As you can see from this figure, YaST automatically detects that sendmail conflicts with the Postfix MTA that is currently installed. To resolve this conflict, click the Remove the Conflicting Package button, which is shown selected in Figure 17-2. Click OK - Try Again to proceed. 4. If the media containing the sendmail package is not already in your CD or DVD drive, YaST prompts you to insert the appropriate CD or DVD and proceeds with the installation. 5. After installation is complete, YaST displays a dialog asking if you want to install other packages. Click No and then click OK to close YaST s Install and Remove Software pane.
Note: If you are looking for high quality webhost to host and run your jsp application check Vision christian web host services

Chapter 17 . Mail Servers Postfix, Sendmail, Qpopper, and Cyrus 479 Note A TLD, or top-level domain, encapsulates the .com, .org, .net, .co.uk, and so on domains and is the defined and controlled domain format for the Internet. An Internet fully qualified domain name (FQDN) is always composed of a domain and a TLD. For example, palmcoder.net is an FQDN. Restricting client connections to a mail server is always tricky because you do not want to produce false positives as it will drastically impact what mail you receive. To help with this, RBL (Real-time Black Hole) servers are in place that list known spammers addresses in real time to enable you to rely on rejecting mail connections. This is an extremely useful idea that takes away a large proportion of your spam catching and gives it to a trusted, free service. To enable RBL server lookups, you need to use the reject_rbl_client parameter in the smtpd_client_restrictions. smtpd_client_restrictions = permit_mynetworks, reject_rbl_client relays.ordb.org, reject_unknown_client This allows connections from mynetworks, rejects mail from spam artists listed in the ordb database, and also rejects mail from unknown clients (clients that do not have an entry in the Internet DNS). This just scratches the surface of what can be done with Postfix but gives you enough to get started configuring your own mail server. The Postfix documentation is some of the best out there and can be found at the Postfix site at www.postfix.org. sendmail As mentioned earlier in this chapter, sendmail is the most popular mail transfer agent in use on Linux and Unix systems today, but is not used by default on SUSE systems because its configuration syntax is somewhat cryptic. However, if you are installing a SUSE system in an environment where sendmail is the default MTA, you d be hard pressed to argue for using a different MTA on your SUSE box. sendmail was written by Eric Allman, whose delivermail program was the original ARPANET mail delivery system provided with 4.0 BSD Unix and early versions of 4.1 BSD. However, as the ARPANET transitioned to newer protocols (such as TCP), delivermail proved to be too inflexible, largely due to the fact that it used compiled-in configuration information. sendmail was developed to be dynamically reconfigurable by modifying an external configuration file and was first delivered with later versions of BSD 4.1. Although many alternate MTA software packages have been developed since then, sendmail is still the default MTA provided with most Unix and Unix-like systems. The source code for sendmail has always been
Note: If you are looking for cheap webhost to host and run your apache application check Vision apache web hosting services

478 Part IV . Implementing Network Services in SUSE Linux Note To stop your machine from unnecessarily trying to look up host names when processing mail in the queue, you need to turn off address lookups via DNS, so you need to change the default disable_dns_lookups parameter as follows: disable_dns_lookups = yes Usually if you are on a dial-up, you will pass on all of your mail to another, dedicated mail server for further handling, in which case you need to configure a relay host using the relayhost parameter: relayhost = mail.palmcoder.net Now, any mail that is not local to your mail server will be sent through SMTP to the machine mail.palmcoder.net. The relayhost parameter is used in larger sites where the use of department mail servers propagates mail through an organization with a central mail hub. Stopping Spam Spam, or UCE (unsolicited commercial email), is the bane of any Internet user s life, and an administrator is more than aware of how much mail is worthless junk. To combat this, you can use Postfix s UCE controls to limit the amount of spam that travels through your systems. We have already touched upon the restriction of relaying through your mail server, which is part of the problem of spam. Another way to stop spam is by making sure connections to the mail server are true to the RFC SMTP standard. With this comes the increased risk of false positives. False positives happen when Postfix sees that a non-standard connection is taking place and rejects the mail. This could happen when the sending mail server does not properly conform to the RFC, not because it is malicious, but because it is based on the legacy that mail servers are understanding when it comes to slight errors in the way an SMTP transaction takes place. To be more stringent with what data a connecting machine sends to Postfix, you can restrict their access and the format that data is in with the smtpd_sender_restrictions parameter. Consider the following example: smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender, permit This rejects any mail from a user whose domain does not exist in the Internet domain system. This will stop spammers from trying to use a fictitious domain component in their MAIL FROM: clause. The reject_non_fqdn_sender rejects any mail where the format of the MAIL FROM: does not include a fully qualified domain name (of the form domain.tld).
Note: If you are looking for high quality webhost to host and run your jsp application check Vision jsp web hosting services

Chapter 17 . Mail Servers Postfix, Sendmail, Qpopper, and Cyrus 477 disable_dns_lookups = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_helo_required = no smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination alias_maps = hash:/etc/aliases mailbox_size_limit = 0 message_size_limit = 10240000 In this example, we have configured Postfix to accept mail for $mydomain, which is found when Postfix strips off the domain portion of $myhostname. We could have explicitly set the domain, but the less retyping of any configuration changes, the better. This is the default behavior of Postfix, but it is better to explicitly set this in the configuration for verbosity. The inet_interfaces clause has been manually changed to listen on the real network address of the Ethernet card. (We have substituted the real address and replaced it with a non-routable one.) By default, the SUSE Postfix configuration listens only on the loopback address, which means your installation will not receive mail from the outside world. Dial-Up Server Configuration This scenario is unlikely to be used these days as most mail clients hold off from sending mail when you are offline, but the configuration is still relevant to other situations. When you do not have a constant connection to the Internet, it is a good idea to stop Postfix from attempting to send mail when it is not connected to the Internet. To do this, you need to defer the sending for a later date by telling Postfix that it should defer sending mail via SMTP using the defer_transports parameter. defer_transports = smtp When the machine is connected to the Internet, you then need to tell Postfix to send the mail it has queued. The sendmail command can be used to queue up mails, as follows: sendmail q When the command has completed, use the mailq command to query whether your mails have been sent. The mailq command also tells you if there are any mails stuck in the queue for any reason. Common problems will be that Postfix cannot communicate with another mail server because of connectivity problems or the local mail cannot be delivered because a user is over quota.
Note: If you are looking for best quality webspace to host and run your tomcat application check Vision tomcat hosting services

476 Part IV . Implementing Network Services in SUSE Linux Presentation to the Outside World It is always advisable to make mail sent from your network as Internet friendly as possible. Why? If you are running Postfix on a laptop, and you send mail using the system s mail command, and if you have not configured address rewriting, the mail will be sent in the form of username@fullmachinename. This is not pretty to see and can prove problematic for people trying to reply to you. To get around these problems, you need to masquerade your mail headers so that they are clean before they leave the system. The masquerade_domains parameter controls this behavior by rewriting the domain portion of a mail message before it leaves Postfix. For example, if your machine is called foo.bar.com, and your domain is bar.com, you need to remove the foo component. The masquerade_domains parameter can take your domain as a parameter to combat this. masquerade_domains = bar.com This tells Postfix that for anything that is below bar.com (which includes foo.bar.com), rewrite the address to bar.com. If you do not want to masquerade all users addresses, as is common for the root user so that you know what machine the email was from internally, then you use the masquerade_exceptions parameter: masquerade_exceptions = root Configuring an Always-On Server In this section, we take our example of Figure 17-1 and modify the default configuration to set up an always-on, Internet-facing mail server. In Listing 17-2, you can see the updated configuration for the domain palmcoder.net with some omissions for clarity. Listing 17-2: Updated Postfix main.cf Configuration mail_spool_directory = /var/mail canonical_maps = hash:/etc/postfix/canonical virtual_maps = hash:/etc/postfix/virtual relocated_maps = hash:/etc/postfix/relocated transport_maps = hash:/etc/postfix/transport sender_canonical_maps = hash:/etc/postfix/sender_canonical masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender, header_recipient myhostname = laptop.palmcoder.net program_directory = /usr/lib/postfix inet_interfaces = 127.0.0.1, 192.168.0.4 masquerade_domains = palmcoder.net mydestination = $myhostname, localhost.$mydomain, $mydomain
Note: In case you are looking for affordable webhost to host and run your web application check Vision cheap hosting services

Chapter 17 . Mail Servers Postfix, Sendmail, Qpopper, and Cyrus 475 . To allow all relays from machines that are in mynetworks . To deny all other relays using the reject_unauth_destination (reject all unauthorized connections) clause Caution Be careful with what you put into the mynetworks clause because this is the easiest way to configure Postfix to be an open relay. We pointed out the DMZ issue so you can understand that even if you think that locally the configuration is secure, as soon as you add the Internet to that equation, it can get a lot more difficult to see the bigger picture. Postfix also allows relaying to any domains listed in relay_domains. This parameter by default contains whatever is in the $mydomain parameter, which by default is your machine s configured domain. If you use the default setting, any untrusted sender (not in mynetworks) can relay mail through Postfix to any user at $mydomain. It should be obvious why this is the default, as this would mean that Postfix would accept mail for the domain it is hosting. Creating Virtual Domains Another parameter that is very useful is mydestination. In a real world example, we host our domain, palmcoder.net, and also the domain planetsuse.org. Even though by default our Postfix installation configures itself to accept mail for the palm- coder.net domain, we need to tell it that it should accept mail for the planetsuse.org domain (if we don t, the mail will be rejected). To do this, we add an updated mydestination clause. mydestination = palmcoder.net, planetsuse.org In this example, we are creating a virtual domain that is, a domain that physically (in terms of our server s configuration) does not exist, but we are hosting in the same realm as palmcoder.net (our physical server domain). Our login on this server is justin, and it exists as a real user. Any mail for justin@ palmcoder.net is delivered to Justin s mailbox, and with the mydestination clause, any mail for justin@planetsuse.org is delivered to the same mailbox. This works because Postfix believes it is the final destination for palmcoder.net and planetsuse.org. When the mail has gone through the mail system, Postfix will decide that the user justin does indeed exist and will deliver any mail on any domain that is listed in mydestination to justin. This type of virtual domain is called a sendmail virtual domain because it makes no distinction between one user and another regardless of the destination domain listed in the mydestination clause. If you want to make that distinction, you use a Postfix-style virtual domain that correlates the fact that a user and domain make up a unique user on the system.
Note: If you are looking for high quality webhost to host and run your jsp application check Vision jsp web hosting services

474 Part IV . Implementing Network Services in SUSE Linux Internet Firewall Internal Network 10.0.0.0/24 Postfix Server 192.168.0.4/24 Figure 17-1: Postfix server architecture In this example, you can see the Postfix server in the DMZ (demilitarized zone) on an IP address of 192.168.0.4/24. Your internal network is in the subnet of 10.0.0.0/24. Given Postfix s default mynetworksparameter, the 10.0.0.0/24 network will not be allowed to relay mail through Postfix because it is not part of the Postfix server s network. To remedy this, you need to add the 10.0.0.0/24 network to the mynetworks clause: mynetworks = 127.0.0.0/8, 192.168.0.0/24, 10.0.0.0/24 This entry now allows relaying from localhost, the DMZ network, and also your internal network. When mynetworks has been configured, the parameter smtpd_recipient_ restrictions actually allows the relaying to take place. As you can see from the default main.cf configuration we talked about before, this parameter has two objectives:
Note: If you are looking for cheap and reliable webhost to host and run your web application check Vision coldfusion web hosting services