Setting up sendmail over SSL on Ensim Pro Control Panel for Linux
Login as root on your Ensim Pro Control Panel for Linux box
Backup your current sendmail conf file
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.bak
Prepare sendmail’s certificate
cd /usr/share/ssl/certs
make sendmail.pem
You will be prompted with several questions typical for SSL certificate generation)
Backup /usr/lib/opcenter/sendmail/install/sendmail.mc file
cp /usr/lib/opcenter/sendmail/install/sendmail.mc /usr/lib/opcenter/sendmail/install/sendmail.mc.bak
Edit /usr/lib/opcenter/sendmail/install/sendmail.mc file
vi /usr/lib/opcenter/sendmail/install/sendmail.mc
Uncomment the following lines to point to your generated certificate
define(`confCACERT_PATH’,`/usr/share/ssl/certs’)
define(`confCACERT’,`/usr/share/ssl/certs/ca-bundle.crt’)
define(`confSERVER_CERT’,`/usr/share/ssl/certs/sendmail.pem’)
define(`confSERVER_KEY’,`/usr/share/ssl/certs/sendmail.pem’)
Add DAEMON_OPTIONS to make sendmail listen on port 465
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA’)dnl
DAEMON_OPTIONS(`Port=smtps, Name=SSLMTA, M=s’)dnl
Rebuild sendmail conf file
m4 /usr/lib/opcenter/sendmail/install/sendmail.mc > /etc/mail/sendmail.cf
Restart sendmail
/sbin/service sendmail restart
You can check if sendmail is listening on 465 port by issuing command
Reference: http://parallels.com
Securing Sendmail
Note that it is recommended to use Postfix over Sendmail for various security reasons.
On newer Linux systems Sendmail is configured to run in the background for local mail delivery and not to accept incoming network connections. If your server is not a mail or relay server, then it is important that Sendmail is not accepting incoming network connections from any host other than the local server.
The default sendmail.cf configuration file on RedHat does not allow Sendmail to accept incoming network connections. The following setting in /etc/mail/sendmail.cf tells Sendmail not to accept incoming network connections from servers other than the local node:
DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
If that’s not the case on your system, you can change it by setting or uncommenting the DAEMON_OPTIONS parameter in the /etc/mail/sendmail.mc file.
Uncomment the DAEMON_OPTIONS line in /etc/mail/sendmail.mc to read:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl
Then run:
# mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.old
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /etc/init.d/sendmail restart
To verify whether Sendmail is still listening for incoming network request, you can run one of the following commands from another node (make sure that you have permissions to probe a machine):
# nmap -sT -p 25 [ip address]
# telnet [ip address] 25
Unable to enable sendmail in Virtuzzo Power Panel (VZPP)
The exact issue :
Unable to enable sendmail using “Virtuzzo -> system services -> xinetd (tab) -> sendmail” section.
This is mainly occurring due to one entry /etc/xinetd.d/sendmail file. In order to fix this issue, do the following:
Modify :
service smtp
{
disable=yes
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
server = /usr/sbin/sendmail
server_args = -bs -Am
nice = 5
instances = 10
}
Modify it to :
service smtp
{
disable=no
socket_type = stream
protocol = tcp
wait = no
user = root
group = root
server = /usr/sbin/sendmail
server_args = -bs -Am
nice = 5
instances = 10
}
restart the xinetd using:
/etc/init.d/xinetd restart
Verify the sendmail status using “Virtuzzo -> system services -> xinetd (tab) -> sendmail”. You can see that the status of sendmail now changed to “enabled”.
Enable Sendmail in FreeBSD
This can be enabled in the rc.conf file at ‘/etc/rc.conf’.
Check for the following variable “sendmail_enable”.
If set to “NO”, specifies sendmail to only listen on localhost.
Checking netstat result.
$ netstat -na |grep LIST | grep 25
tcp4 0 0 127.0.0.1.25 *.* LISTEN
If set to “YES”, allows remote connections.
If set to “NONE”, disables the sendmail daemon.
Flush mail queue in sendmail
To flush the mail queue manually in sendmail servers, use
$ /usr/sbin/sendmail -q -v
Better way
Make a backup of the existing queue directory.
Create the ‘mqueue’ directory with the same permissions and ownership. Then, type in
$ /usr/sbin/sendmail -q -v -OQueueDirectory=/var/spool/mqueue.bak
You can use the same command to flush any sendmail queue as some servers have multiple queue setup like mqueue, mqueue.site, clientmqueue, q1, q2 etc.