To get sendmail domain masquerading working on a RedHat 8.0 server recently, I had to rebuild my sendmail configuration. I happen to always use the alias "external_mailhost" for any mailhost I setup that needs a smarthost defined, so that is whats setup here. If you steal this, or need to use it in your own configuration, please make sure to add an alias in your /etc/hosts, ldap, nis, or dns for "external_mailhost" on your smarthost.
Also take notice that by default, this configuration will cause the sendmail daemon to only bind to the loopback 127.0.0.1 interface - so its secure from a network vulnerability by default.
This is my modified sendmail.mc file.
divert(-1) dnl This is the sendmail macro config file. If you make changes to this file, dnl you need the sendmail-cf rpm installed and then have to generate a dnl new /etc/mail/sendmail.cf by running the following command: dnl dnl m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf dnl include(`/usr/share/sendmail-cf/m4/cf.m4') VERSIONID(`linux setup for Red Hat Linux')dnl OSTYPE(`linux') dnl Uncomment and edit the following line if your mail needs to be sent out dnl through an external mail server: dnl define(`SMART_HOST',`smtp.your.provider') dnl dnl Begin Paul A. Luzzi modification dnl MASQUERADE_AS(`pershing.com')dnl MASQUERADE_DOMAIN(`localhost')dnl MASQUERADE_DOMAIN(`localdomain')dnl MASQUERADE_DOMAIN(`localhost.localdomain')dnl MASQUERADE_DOMAIN(`ptgfplxtpva1')dnl MASQUERADE_DOMAIN(`ptgfplxtpva1.pershing.com')dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`masquerade_envelope')dnl define(`SMART_HOST', `external_mailhost')dnl dnl dnl End modification dnl define(`confDEF_USER_ID',``8:12'')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST',true)dnl define(`confDONT_PROBE_INTERFACES',true)dnl define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl define(`confCACERT_PATH',`/usr/share/ssl/certs') dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl dnl dnl Commented out the following dnl dnl FEATURE(always_add_domain)dnl dnl dnl End customization dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl The '-t' option will retry delivery if e.g. the user runs over his quota. FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T-o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl dnl dnl Commented out the following dnl dnl EXPOSED_USER(`root')dnl dnl dnl End customization dnl dnl This changes sendmail to only listen on the loopback device 127.0.0.1 dnl and not on any other network devices. Comment this out if you want dnl to accept email over the network. DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires dnl a kernel patch dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6') dnl We strongly recommend to comment this one out if you want to protect dnl yourself from spam. However, the laptop and users on computers that do dnl not have 24x7 DNS do need this. FEATURE(`accept_unresolvable_domains')dnl dnl FEATURE(`relay_based_on_MX')dnl MAILER(smtp)dnl MAILER(procmail)dnl Cwlocalhost
The way to use this is to run the following steps :
Thats it - good to go.
This page last modified by Paul A. Luzzi on 06/14/2004