Configuring Sendmail on OS X 10.2 to use an SSH tunneled smarthost
After a couple days of using Mutt to read my mail, thanks to the constant crashing of Mail.app when presented with six years of email, I've recorded the steps I took to get sendmail communicating over an SSH tunnel to my actual host.
-
Tips:
- I've added a '\' where each of the long commands is wrapped, to indicate that it's all one line.
- sendmail.mc and sendmail.cf are two distinct files. If you're not copy-pasting these instructions into your terminal, double-check these filenames before executing the commands.
- At various points throughout I use the monikers such as relayhost.com to indicate the mail server through which you'll be relaying mail. Please replace these with the public hostname of your relay server.
- It appears that 10.3 no longer uses sendmail; as such, these instructions are intended only for 10.2.
- Open a terminal and become a superuser.
sudo -s - Create a local copy of the generic sendmail.mc file.
cp \ /usr/share/sendmail/conf/cf/generic-darwin.mc \ /etc/mail/sendmail.mc - Add the following lines into /etc/mail/sendmail.mc, above the MAILER lines near the end of the file.
define(`RELAY_MAILER_ARGS', `TCP $h 10025') define(`SMART_HOST',`relay:[127.0.0.1]') DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA, Family=inet') FEATURE(`accept_unresolvable_domains')dnl - Backup the system-installed sendmail.cf.
mv \ /etc/mail/sendmail.cf \ /etc/mail/sendmail.cf.dist - Regenerate sendmail.cf from the modified sendmail.mc.
m4 \ /usr/share/sendmail/conf/m4/cf.m4 \ /etc/mail/sendmail.mc \ > /etc/mail/sendmail.cf - Create a local copy of the generic submit.mc file.
cp \ /usr/share/sendmail/conf/cf/submit.mc \ /etc/mail/submit.mc - Add the following lines into /etc/mail/submit.mc, above the last two dnl lines near the end of the file.
FEATURE(`masquerade_envelope') FEATURE(`allmasquerade') MASQUERADE_AS(`mail.relayhost.com') FEATURE(`accept_unresolvable_domains')dnl - Backup the system-installed submit.cf.
mv \ /etc/mail/submit.cf \ /etc/mail/submit.cf.dist - Regenerate submit.cf from the modified submit.mc.
m4 \ /usr/share/sendmail/conf/m4/cf.m4 \ /etc/mail/submit.mc \ > /etc/mail/submit.cf - Modify /System/Library/StartupItems/Sendmail/Sendmail, adding an "&" character after each of the two occurences of /usr/sbin/sendmail.
/usr/sbin/sendmail -bd -q1h & /usr/sbin/sendmail -C /etc/mail/submit.cf -q1h & - Strip group writability from certain system directories, to satisfy security checks.
- Start sendmail; issues will be logged to /var/log/mail.log.
/System/Library/StartupItems/Sendmail/Sendmail start - Optionally, modify /etc/hostconfig to start sendmail on boot.
MAILSERVER=-YES-
chmod g-w /etc/mail /etc /
- Open the SSH tunnel to your smarthost.
ssh \ -f -N -L 10025:mail.relayhost.com:25 \ username@relayhost.com & - Instruct sendmail to send the queued mail, if any.
sudo sendmail -q
Update: Changes need to be made to submit.cf to rewrite the envelope sender to something acceptable on the public Internet. Added several steps.
Notes: My original plan was to instruct sendmail to authenticate to the smarthost, but OS X 10.2.8's sendmail doesn't have the -DSASL switch enabled.
Link: "relaying to a smarthost on a different port".
Thanks: Mark helped tremendously in improving these directions for other people.
Comments