« Official Publication Date of Pro MySQL | Main | MySQL 5.0.10 beta Fixes Significant Trigger Issues »

July 26, 2005

Getting to Know Sendmail

To date, I've always been fortunate enough to have a pre-installed and working version of Sendmail already running on a machine, or have had access to an expert who can do some Sendmail magic and just make it work.

This time around with the kruckenberg server rebuild, Pete spent a great deal of time getting a new machine set up (RAID 5 across 4 10,000 RPM 36G drives) and Gentoo bootstrapped and installed. After spending an entire Saturday working on that he was ready to have someone else pitch in.

In my mind, the most important (dare I say critical?) thing was having mail back up so people weren't getting bounces and the other family members could function. The four main tasks were:

- Sendmail processing incoming mail
- Sendmail processing outbound mail (local and relay)
- secure imap
- Web-based mail client over SSL (Squirrel Mail)

The truth is that I've done some tweaking with Sendmail but never where I was starting from scratch. I had the files from /etc/mail on the old server, which aleviated a good deal of the setup work. I ran into a few glitches where the new version of Sendmail didn't like what was in the old sendmail.cf which led to some changes in sendmail.mc. Nothing major there.

Once I thought I had Sendmail up and I watched /var/log/messages and saw lots of mail coming in but none of it was getting to /ver/spool/mail/mike. I scratched my head for a long time on this one until I realized that it was the local mail delivery through procmail that was the problem. /etc/procmailrc was configured to deliver to /home/.maildir. I changed it to DEFAULT=/var/spool/mail/$LOGNAME and immediately started seeing the mail going onto the mbox files.

Outbound messages worked just fine without any additional adjustments or complications.

Getting secure IMAP (or IMAPS) set up took me a long time, not because it was difficult but because I didn't heed the obvious. In theory all you need to do is change one line in /etc/xinetd.d/imaps to disable = no. After a lot of playing with the configuration options I decided to replace the pre-installed (on Gentoo Linux) .pem file with one I generated myself. This solved the IMAPS SSL connection failures immediately. It made me wonder why there is a pre-installed imapd.pem in /etc/ssl/certs/. If one hadn't been there I would have generated one myself and had IMAPS up and running much sooner.

With mail going in and out and IAMPS running, the next step was Apache, SSL and the web-based mail client. All fairly straightforward, I hadn't set up Squirrel Mail before but there's really not much more than untarring, putting the code in the right place, adding a few directives to the Apache config and changing a few items in the Squirrel Mail config file.

Mail delivered succesfully for several days and then last Friday I noticed that after 10:30 I wasn't seeing any mail. By 6pm, after taking some time to look around I noticed that mqueue showed ~1000 messages and many of them were on hold waiting for domain lookup. Lo and behold there was an issue with the nameservers. I changed a few of the nameserver addresses in /etc/resolv.conf, made sure we were getting lookups by issueing few server pings, restarted Sendmail and then watched as the mail queue started emptying.

Mail has been working fine ever since. Getting everything up and running, and then troubleshooting issues has been a nice experience. While frustrating at times, it feels good to have a better understanding of a major part of the system that previously has been a mystery.

At some point I'd like to get up to speed on bind. I've done DNS administration through a GUI, but haven't really looked under the hood at what's going on.

Posted by mike at July 26, 2005 7:48 AM