Sendmail can send emails on behalf of any user on your system, not just local ones, by acting as a smart host to another mail server.
Let’s say you’ve got a web application that needs to send out notifications, like password resets or order confirmations. Instead of building out a whole mail sending infrastructure, you can configure Sendmail on your server to act as a relay. This means your application talks to Sendmail, and Sendmail, in turn, talks to your actual mail provider (like Gmail, SendGrid, or another internal mail server) to get the email delivered.
Here’s how we’ll set it up. We’ll configure Sendmail to forward all outgoing mail to a smarthost.
First, ensure Sendmail is installed. On most Linux systems, this is straightforward:
sudo apt update && sudo apt install sendmail sendmail-cf m4 # Debian/Ubuntu
sudo yum install sendmail sendmail-cf m4 # RHEL/CentOS
The core of Sendmail’s configuration lies in its sendmail.mc file, which is a macro file processed by m4 to generate the final sendmail.cf. We’ll be editing sendmail.mc. The location varies, but it’s commonly found at /etc/mail/sendmail.mc.
You’ll need to make a backup before you start editing:
sudo cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.bak
Now, let’s open the file for editing:
sudo nano /etc/mail/sendmail.mc
We need to tell Sendmail about our smarthost. Find the section that looks like it’s defining mailer configurations. You’ll want to add or uncomment lines that define your smarthost. The crucial directive is SMART_HOST.
Here’s what you’ll likely add or modify. Replace smtp.example.com with your actual smarthost’s hostname and 587 with its corresponding port. If your smarthost requires authentication, we’ll address that next.
dnl define(`SMART_HOST', `smtp.example.com')dnl
dnl define(`SMART_HOST', `smtp:[smtp.example.com]:587')dnl
The square brackets around smtp.example.com are important. They tell Sendmail to not perform MX lookups for this hostname, ensuring it connects directly to the specified server. If your smarthost uses a non-standard port, like 587 for submission, you must specify it in the [hostname]:port format.
If your smarthost requires authentication (most do for security), you’ll need to set up a authinfo file. First, create a file named authinfo in /etc/mail/.
sudo nano /etc/mail/authinfo
Inside this file, you’ll add a line in the following format:
AuthInfo:smtp.example.com:587 "U:your_username" "P:your_password" "M:LOGIN PLAIN"
Replace smtp.example.com:587 with your smarthost and port, your_username with your email account username, and your_password with your email account password. M:LOGIN PLAIN specifies the authentication mechanisms Sendmail should try.
After saving authinfo, you need to process it into a database file that Sendmail can read:
sudo makemap hash /etc/mail/authinfo < /etc/mail/authinfo
This creates /etc/mail/authinfo.db. Ensure its permissions are secure, as it contains credentials:
sudo chmod 600 /etc/mail/authinfo /etc/mail/authinfo.db
Now, back in your sendmail.mc file, you need to enable the authentication mechanisms. Find or add the following lines:
define(`SMART_HOST', `smtp:[smtp.example.com]:587')dnl
define(`RELAY_MAILER_ARGS', `TCP $h $p -oem -a')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h $p -oem -a -A')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo', `hash -o /etc/mail/authinfo.db')dnl
The RELAY_MAILER_ARGS and ESMTP_MAILER_ARGS with the -A flag tell Sendmail to use authentication. The confAUTH_MECHANISMS line lists the methods Sendmail will attempt, ensuring it matches what your smarthost expects. The FEATURE('authinfo') line tells Sendmail where to find the credentials.
After modifying sendmail.mc, you need to generate the sendmail.cf file. Navigate to the /etc/mail/ directory and run m4:
cd /etc/mail/
sudo m4 sendmail.mc > sendmail.cf
Finally, restart Sendmail to apply the changes:
sudo systemctl restart sendmail
To test, you can try sending a simple email from the command line:
echo "This is a test email." | mail -s "Sendmail Test" your_recipient@example.com
Check your recipient’s inbox and your smarthost’s logs (if accessible) to confirm delivery. If you encounter issues, the most common next step is to examine Sendmail’s mail queue (mailq) and logs (often found in /var/log/mail.log or /var/log/maillog). The specific error messages there will guide you toward issues like incorrect authentication credentials, firewall blocks on the smarthost port, or DNS resolution problems for your smarthost.
The next hurdle you’ll likely face is handling delivery failures gracefully, ensuring your application is notified when an email cannot be sent.