« Can the paparazzi survive in a world of DRM? | Main | Six Degrees of Dean »

Configuring Sendmail on OS X 10.2 to use an SSH tunneled smarthost

After a couple days of using Mutt to read my mail, thanks to the constant crashing of Mail.app when presented with six years of email, I've recorded the steps I took to get sendmail communicating over an SSH tunnel to my actual host.

  1. Tips:

    • I've added a '\' where each of the long commands is wrapped, to indicate that it's all one line.
    • sendmail.mc and sendmail.cf are two distinct files. If you're not copy-pasting these instructions into your terminal, double-check these filenames before executing the commands.
    • At various points throughout I use the monikers such as relayhost.com to indicate the mail server through which you'll be relaying mail. Please replace these with the public hostname of your relay server.
    • It appears that 10.3 no longer uses sendmail; as such, these instructions are intended only for 10.2.

  2. Open a terminal and become a superuser.
        sudo -s
    
  3. Create a local copy of the generic sendmail.mc file.
        cp \
          /usr/share/sendmail/conf/cf/generic-darwin.mc \
          /etc/mail/sendmail.mc
    
  4. Add the following lines into /etc/mail/sendmail.mc, above the MAILER lines near the end of the file.
        define(`RELAY_MAILER_ARGS', `TCP $h 10025')
        define(`SMART_HOST',`relay:[127.0.0.1]')
        DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA, Family=inet')
        FEATURE(`accept_unresolvable_domains')dnl
    
  5. Backup the system-installed sendmail.cf.
        mv \
          /etc/mail/sendmail.cf \
          /etc/mail/sendmail.cf.dist
    
  6. Regenerate sendmail.cf from the modified sendmail.mc.
        m4 \
          /usr/share/sendmail/conf/m4/cf.m4 \
          /etc/mail/sendmail.mc \
        > /etc/mail/sendmail.cf
    
  7. Create a local copy of the generic submit.mc file.
        cp \
          /usr/share/sendmail/conf/cf/submit.mc \
          /etc/mail/submit.mc
    
  8. Add the following lines into /etc/mail/submit.mc, above the last two dnl lines near the end of the file.
        FEATURE(`masquerade_envelope')
        FEATURE(`allmasquerade')
        MASQUERADE_AS(`mail.relayhost.com')
        FEATURE(`accept_unresolvable_domains')dnl
    
  9. Backup the system-installed submit.cf.
        mv \
          /etc/mail/submit.cf \
          /etc/mail/submit.cf.dist
    
  10. Regenerate submit.cf from the modified submit.mc.
        m4 \
          /usr/share/sendmail/conf/m4/cf.m4 \
          /etc/mail/submit.mc \
        > /etc/mail/submit.cf
    
  11. Modify /System/Library/StartupItems/Sendmail/Sendmail, adding an "&" character after each of the two occurences of /usr/sbin/sendmail.
        /usr/sbin/sendmail -bd -q1h &
        /usr/sbin/sendmail -C /etc/mail/submit.cf -q1h &
    
  12. Strip group writability from certain system directories, to satisfy security checks.
  13.     chmod g-w /etc/mail /etc /
    
  14. Start sendmail; issues will be logged to /var/log/mail.log.
        /System/Library/StartupItems/Sendmail/Sendmail start
    
  15. Optionally, modify /etc/hostconfig to start sendmail on boot.
        MAILSERVER=-YES-
    
If everything worked out properly, you now have sendmail listening at 127.0.0.1, port 25. Messages received for delivery will be queued until an SSH tunnel is available on port 10025. Follow these steps to send the queued mail:
  1. Open the SSH tunnel to your smarthost.
        ssh \
          -f -N -L 10025:mail.relayhost.com:25 \
          username@relayhost.com &
    
  2. Instruct sendmail to send the queued mail, if any.
        sudo sendmail -q
    

Update: Changes need to be made to submit.cf to rewrite the envelope sender to something acceptable on the public Internet. Added several steps.

Notes: My original plan was to instruct sendmail to authenticate to the smarthost, but OS X 10.2.8's sendmail doesn't have the -DSASL switch enabled.

Link: "relaying to a smarthost on a different port".

Thanks: Mark helped tremendously in improving these directions for other people.

Comments

The comments to this entry are closed.

My Photo

Recent Posts

Powered by TypePad

Locals

Legal

Metadata

  • Antispam
  • Cloudmark
  • Shadows
  • Styles
  • You were here
  • floating atoll

Google

  • Search


    Google

  • Ads