On this page a basic introduction to email is given, followed
by a description of the Sendmail mail server and the Webmin module
for configuring it.
Introduction to Internet Email
When you use a mail client program like Outlook or Evolution to
send email, the program simply passed the message to a mail server
for delivery to the destination. This server (also known as the
MTA or Mail Transfer Agent) locates the correct system for the
destination address, connects to the MTA on that system and transmits
the message. When the other server receives the email, it checks
to make sure it is truly destined for this system and if so stores
it in a local mail file.
Later when the destination user checks his email, the file is
read by a program such as Elm, Pine or Usermin, or by a POP3 server.
Mail clients like Evolution and Outlook are usually run on a different
system to the mail server, and use the POP3 protocol to download
messages for local storage. Once the email has been retrieved
in this way, the delivery process is complete and it can be read
by a user.
Mail transfer agents use the SMTP (Simple Mail Transfer Protocol)
to send email to each other over the Internet. Clients also use
SMTP to send mail to servers for onward delivery. Very few MTAs
implement the POP3 protocol for mail retrieval - instead, they
simple write mail to a file which is read by a separate POP3 server
program. Chapter 15 explains how to enable a POP3 server on your
system, and chapter 33 explains the protocol in a little more
The mail server that a client contacts to send a message is usually
on its local network, at the ISP the client system is connected
to, or even the same system. Ideally, this first MTA will directly
contact the destination server, but this is not always the case.
The destination MTA may be down or unreachable, in which case
email will be sent to an alternate server instead. SMTP forwarding
rules or per-user mail forwarding settings may cause email messages
to be sent to other servers before it is finally delivered into
a mailbox file.
If you want your system to be able to receive email, you will need
to run a mail transfer agent program. This is only the first step
though - to run your own mail domain such as example.com
mail to firstname.lastname@example.org
is delivered to the mailbox foo
on your system, some network and DNS configuration is required.
Typically, your system will need a fixed IP address and a permanent
connection to the Internet. This means that running a proper
mail server on a system connected occasionally via dial-up is
For other servers on the Internet to know to send mail to your system,
appropriate DNS records must be created. Typically, an MX (Mail
Server) record is defined for the domain, like example.com
that has the hostname of your system as its value, like server.example.com
This tells other MTAs to connect to your system to deliver email
for the example.com
domain. If you are running your own DNS
server for the domain, chapter 30 explains in detail how to create
an MX record. Otherwise, you will have to tell whoever is hosting
the domain (for example your ISP) to add the correct record.
In fact, it is possible for any system to receive email addresses
to its full Internet hostname, such as email@example.com
As long as there is no MX record matching linuxbox.example.com
other mail servers will do a normal A (address) record lookup
for the hostname and connect directly to the system.
Sometimes, it does make sense to run a mail server even if you have
a dynamically assigned IP address or ephemeral Internet connection.
The Fetchmail program (covered in chapter 33) can be used to download
email using the POP3 protocol and deliver it to a local mailbox
on your system, which requires that an MTA be running. This local
mail server may never accept a direct SMTP connection from another
system on the Internet, but it can still deliver mail sent by programs
on your system to local mailboxes.
Occasionally it is useful (and even necessary) to run a mail server
that only deals with outgoing mail send by local client programs,
and not with delivering incoming messages. Instead of configuring
mail clients to use a remote MTA (such as the one at your ISP), you
can tell them to use your own system's mail server instead. It
will accept messages from local clients and try to deliver them
to their final destinations, or put them in a queue for later delivery.
Some programs that send email can only use a local mail server,
which they connect to by running the sendmail program.
Because almost all ISPs and companies run their own mail servers,
if you are happy to use an email address at your organization or
ISPs domain there is no need to run your own. Instead, you can simply
configure your Linux mail client like KMail or Evolution to download
mail from and send out email via another server. For most people
who just have a single email address and don't need to host their
own email domain, there is no need to set up a mail server.
The Sendmail Configuration module
Sendmail is the most popular MTA in use on the Internet today,
and has been since it was first developed. It is included as standard
with almost all variants of the Unix operating system, and works
the same on all of them. It has many useful features for routing
and processing email, such as aliases, domain routing and user-creatable
Sendmail has a one-to-one mapping between Unix users and mailboxes.
Each user has his own mail file, typically in the /var/mail or
/var/spool/mail directory. Each time a message is delivered
to a user, it is appended to the file with the same name as the user
in that directory, such as /var/mail/jcameron
has no concept of 'mail users' - if you want to create a new mailbox,
you will need to add a new Unix user as explained on UsersAndGroups
Sendmail can accept email in two different ways - either from
an SMTP connection, or by another program invoking the sendmail
command with the right parameters and feeding the email to it
as input. Either way, the message is either delivered to a local
user's mailbox or send to another system. As you would expect,
if the Sendmail server process is not running then it is impossible
for email to be sent to your system via SMTP. In addition, any queued
email will not be delivered.
Sendmail's primary configuration file is appropriately named
sendmail.cf, and is found in the /etc or /etc/mail directory.
In addition, there are separate text and DBM format files for
local domains, mail forwarding aliases, address mappings and
other features discussed later in this chapter. Almost all of
these additional files are actually in the Unix DBM database
format, but are built from a corresponding text file that the
system administrator (and Webmin) can edit. Sendmail only reads
the DBM files though, and re-checks them for every message received
so that any change to one of the databases files becomes immediately
To set up Sendmail using Webmin you will need to visit the Sendmail
Configuration module, which can be found under the Servers category.
Assuming you have the server installed, the module's main page
will look like the example shown below.
The Sendmail Configuration module
If the module cannot find the Sendmail server program or primary
configuration file on your system, an error message to that effect
will be displayed instead. Check your Linux distribution CD
or website for sendmail package, and install it using the Software
Packages module (covered on SoftwarePackages
). If other packages whose
names start with sendmail- are available (such as sendmail-cf
or sendmail-docs), install them as well.
This error can also occur in the unlikely event that you have installed
Sendmail or its configuration file in a different location to
the one the module expects. By default, it assumes that you will
use the packages that come with your operating system, but these
are often out of date. For this reason, you may have compiled and
install the latest version in a different directory. If so, see
the Configuring the Sendmail Configuration module
below for instructions on how to change the program and configuration
Sendmail has gone through many different releases over the years,
and in that time its primary configuration file (usually found
at /etc/sendmail.cf) has changed. If you are running a very old
version or using an old configuration file, the module's main
page will display an error message indicating that the file format
is not supported. Configurations older than version 7 trigger
this error, but fortunately they are rarely found on modern Unix
If no error message appears on the main page, the table of icons
shown in in the image above will be displayed. Each can be clicked on
to access one of Sendmail's features, such as mail aliasing,
domain routing or the mail queue. The rest of this chapter explains
how to use the pages and forms under each of the icons. Next to the
name of each icon (such as Address Mapping
) is the internal
name of the Sendmail configuration feature in brackets that
it controls, such as virtuser. These names are mostly useful
to experienced administrators who want to know how the icons
in the module relate to actual configuration files and directives.
Some of the icons when clicked on may display a message like *Your
Sendmail configuration does not have the address mapping (virtuser)
feature enabled*. On many operating systems, the primary Sendmail
configuration file does not have all the available features
activated by default. To make the chosen icon's pages available,
follow the instructions in the *Adding Sendmail features with
M4* section later in this chapter.
If the Sendmail server process is running, a button labelled
will appear the bottom of the main page. As its
name suggests, clicking on this button will shut down the server
so that your system no longer accepts SMTP connections, and no
longer scans the mail queue. Conversely, when Sendmail is not
running a Start Sendmail
button will appear instead, which
can be used to start the server process.
If you want Sendmail to run all the time, use the Bootup and Shutdown
module (covered on BootupAndShutdown
) to have its server process started
at boot time. Most packages will include an action script that
can be enabled, and may even be enabled by default. Otherwise,
you will need to create an action that runs the command /usr/sbin/sendmail
-bd -q30m at boot time.
Editing local domains and domain masquerading
When Sendmail receives an email message via an SMTP connection,
it needs to work out if it should be delivered locally or forwarded
to another server. This is done by looking at the message's To
address, specifically the domain part after the @. The domain
is compared a list of local domains, and if a match is found the
email is delivered to the mailbox of the user whose name is to the
left of the @ in the To address. Or if no such user exists, a bounce
message is generated and sent back to the original sender.
If the domain is not local, Sendmail will look up the mail server
for the domain and attempt to connect to it in order to transfer
the message. This is what usually happens when a client on the
same network connects to send out email. However, a problem will
occur if Sendmail attempts to connect back to itself, which can
happen if the DNS says that it is the mail server for a domain which
is not on its local domains list. If this happens, a bounce message
will be sent back to the sender, containing text like mail loops
back to me.
By default, this local domains list contains only the full hostname
of your system, such as server.example.com
. If you are setting
up a server to receive email from the Internet for some domain
), it will need to be added to the list. The
steps to do this are :
- On the module's main page, click on the Local Domains icon. A page containing a text box in which all current local domains are listed will be displayed.
- Add as many extra domain or hostnames to the list as you like, one per line. It is quite possible for a server to accept mail for several domains, especially if it is going to be used for virtual hosting. As the introduction explains, mail will only be send to your system in the first place if an appropriate MX DNS record exists for each domain.
- Click the Save button at the bottom of the page to make them active.
Sendmail will always accept for local delivery email messages
in which the To address does not contain a domain, just a username.
These are often sent by programs running on the system itself,
such as the Cron daemon or the mail command.
The flip side of the local domains list is domain masquerading.
This Sendmail feature allows you to set the domain that is added
to email send out from your system when none is specified, such
as by the mail command. It is also possible to have Sendmail modify
the From address domains of messages received via SMTP, such
as those send by mail clients.
To set up domain masquerading, the steps to follow are :
- On the module's main page, click on the Domain Masquerading icon.
- Fill in the Masquerade as domain field with the name of the domain that should be appended to outgoing From addresses that lack one, such as example.com. If the field is left blank, no domain modification will be done by Sendmail.
- To have Sendmail re-write the From addresses of messages from other domains, fill in the Domains to be masqueraded field. This can be useful if some of the mail clients that send out messages via your server insist on using the wrong domain.
- Click the Save button to make masquerading active.
On most mail servers, you do not need to bother configuring masquerading
as all mail is sent by client programs using SMTP. All mail clients
allow the user to specify a complete From address, which should
include the correct domain.
Managing email aliases
A mail alias specifies that email received by your server for
a particular mailbox should be forwarded to a different destination
instead. That destination can be another email address, a file
of addresses, a local file or even the input to a program. They
can be useful for setting up pseudo mailboxes that actually send
email to a real person, such as firstname.lastname@example.org
An alias can have the same name as a Unix user, in which case it will
intercept all mail to that user and forward it to a different destination
On most operating systems, Sendmail has several aliases defined
by default for system users like bin, nobody and uucp, all of which
forward mail to root. There will also be a postmaster alias, which
every mail server must have, and which should forward messages
to someone responsible for the mail server. Typically, this
will be the root user as well.
To create a mail alias of your own using Webmin, the steps to follow
- On the module's main page, click on the Mail Aliases icon. You will be taken to a page listing all existing aliases and their destinations, with a form at the top for adding a new one. The screenshot below shows an example.
- In the Address field of the Create Alias form, enter the user or mailbox name for this alias (the part of the address to the left of the @). If your server hosts multiple domains, the alias will forward email sent to the entered name at any of those domains. For example, if your server accepts mail for foo.com and bar.com, then an alias called sales will forward email to both email@example.com and firstname.lastname@example.org. If you want to be able to forward the same mailbox name at multiple domains differently, see the section below titled Managing virtual address mappings.
- Assuming you actually want this alias to be used by Sendmail, leave the Enabled? field set to Yes. Changing it to No will cause the alias to be ignored. This field can be use when editing an alias to temporarily disable rather than totally deleting it.
- The Alias to field determines where email to this alias will be sent. The following options are available from the menu :
- <None> Nothing at all will be done with received email. It makes no sense to select this option when creating a new alias.
- Email address Email will be forwarded to the user or address entered into the adjacent field. Be careful not to set up a forwarding loop by sending email back to the alias's address again! If you are creating an alias that has the same name as a Unix user and really do want email to be delivered to his mailbox as well as some other destinations, enter the username preceded by a backslash (like \jcameron) into this field. The backslash tells Sendmail to bypass alias checking.
- Addresses in file Email to the alias will be sent to all the addresses in the text file whose file path is entered into the adjacent text field. Each address must be on a separate line. This option can be useful for creating a simple mailing list, and aliases of this type are used by the Majordomo list manager (covered on MajordomoListManager).
- Write to file The full text including all headers of email received by the alias will be appended to the file whose path is entered into the text box.
- Feed to program The program whose path and parameters are entered into the text box will be run, and the full text including all headers of email received by the alias will be fed to it as input. This kind of alias is most useful to programmers who want to perform their own custom processing or filtering of email messages. The program is usually run as the Unix user daemon, not root or the user with the same name as the alias.
- Autoreply from file When email is sent to the alias, the contents of the file specified in the adjacent text box will be sent back to the original sender. See the Creating autoreply aliases section below for more information on using aliases of this type.
- Apply filter file Email sent to the alias will be processed according to the rules in the filter file entered into the text box, which can forward to different destinations depending on the message contents. See the Creating filter aliases section later in the chapter for more details. It is possible for an alias to have multiple destinations. To add more than one, you will need to re-edit this alias after saving it and fill in the row with <None> selected at the bottom of the Alias to table.
- Click Save to have the alias added to the list, and immediately made active.
The mail aliases list
As is usual in Webmin, you can edit an existing alias by clicking
on its name in the list on the Mail Aliases page. This will bring
up an editing form that contains all the same fields as the creation
form, but has Save
buttons at the bottom instead.
The first of these will update the alias with any changes that
you have made, while the second will permanently delete it.
If a Unix user has a file named .forward in its home directory,
email that would normally be delivered to its mail file will be
sent to the addresses listed in the .forward file instead. In
many ways, these files are equivalent to aliases that can be created
by individual users instead of by the system administrator.
It is even possible for a .forward file to contain entries that
tell Sendmail to send email to a list of addresses in another file,
feed it to a program as input, or append it to a file.
This module does not support the editing of .forward files though.
However, Usermin (covered on UserminConfiguration
) does allow normal users
to edit their own forwarding files using a web-based interface
almost identical to the one described in this section.
In the early days of the Internet, mail servers could safely deliver
mail to local domains and forward all other email to another MTA,
regardless of its source. Today, allowing your server to forward
any email that it receives is an invitation to spammers to use
your system as a relay. A well configured server should only accept
email for non-local domains from trusted client hosts, such
as those on the company network or home LAN. Email sent to local
domains is safe, and can be accepted from anywhere.
If Sendmail on your system is an open relay (one that accepts non-local
email from anywhere), people sending out millions of spam email
messages can use it to cover their tracks. Even if you are running
a small mail server for a tiny company that you think no spammer
will ever know about, it is still a very bad idea to leave your system
open to relaying.
For this reason, the Sendmail packages that come with modern
Linux distributions are configured by default to prevent the
server accepting non-local email from anywhere except the same
system. If you are setting up a mail server for a company or for
your home LAN, you will need to allow other hosts to relay mail
as well :
- On the module's main page, click on the Relay Domains icon to bring up a form for entering relay networks and domains.
- In the Domains to which relaying is allowed field, add the address of the network that you want to allow clients to relay from. It should be entered without any trailing zeros, for example 192.168.1. More than one network can be entered, as can specific IP addresses. You can also enter domain names like foo.com that Sendmail will allow relaying to. Any received email message (no matter what its source) that is destined for a specified domain will be delivered to the appropriate server. This can be useful if your system is a mail gateway for other domains that cannot be reached directly by the rest of the Internet, as explained in the Configuring domain routing section.
- Click the Save button to activate the new relay domains list.
One side effect of Sendmail's relaying restrictions is that
there is no way to use your system as a server for outgoing email
when you are connecting from an un-trusted network - in fact,
that is the whole point. Sometimes though it can be annoying,
for example if you dial into many different ISPs and don't want
to re-configure your mail client to use a different outgoing
mail server for each one. In an ideal world, it would be possible
to use your own mail server for outgoing email no matter where
you are connecting from, but this is normally impossible without
turning off relay restrictions altogether.
The best solution to this problem is SMTP authentication, in
which clients login to Sendmail before relaying email. Unfortunately,
Webmin doesn't yet have any easy way of setting this up.
Another solution involves trusting clients that make a POP3
connection before SMTP, which most mail client programs do.
However, this requires co-operation between the POP3 server
and Sendmail, which are usually unrelated programs. At the time
of writing, Webmin does not support its configuration either.
Managing virtual address mappings
Address mappings are similar to aliases, except that they apply
only to email sent to a specific user and domain, rather than to
a user at any domain as aliases do. Another difference is that
address mappings can only forward email to a single address,
rather than to a program, file or list of addresses. However,
this limitation can be overcome by combining both mappings and
You can use address mappings to have email to email@example.com
sent to different final destinations,
even though both domains are hosted by your server. This is particularly
useful if you manage a large number of email domains for different
customers, many of whom want to have similar addresses (such
) in their domains.
Address mappings can also be used to redirect all email to a particular
domain to the same users at a different domain, so that for example
mail to firstname.lastname@example.org
will be sent to email@example.com
respectively. Better still, you can have
all email to any address at a domain sent to a single other address,
which is useful for POP3 mail client Fetchmail as chapter 33 explains.
To create a new address mapping, the steps to follow are :
- On the module's main page, click on the Address Mappings icon. A page listing all existing mappings will be displayed, with a form at the top labelled Create Mapping for adding a new one.
- If you want to create a mapping for email to just a single address, select Address in the Mail for field, and enter the address into the adjacent text box. Unlike an alias, it must be entered in full like firstname.lastname@example.org. If you are creating a mapping for all email to a domain, select the Domain option and enter the complete domain or hostname into the text field next to it, such as example.com. Either way, the domain in the address or the entered domain must appear in Sendmail's list of local domains, explained in the Editing local domains section earlier in this chapter.
- If the destination of the mapping is a single address, in the Send to field select Address and fill in the text box next to it with either a complete address (like email@example.com) or a mailbox name (like just jcameron). If Domain was selected for the Mail for field, you are allowed to select the Domain option for this field as well. If so, you must enter a domain name (like foo.com) into the adjacent text box to which all email send to the original domain will be forwarded. The final Return error option in the Send to field can be selected if you want a specific error message to be returned to senders instead. If chosen, an error type must be selected from the menu next to it, and a more detailed error message entered into the text box. This option can be useful for sending back bounce messages explaining why a particular address or entire domain is no longer reachable.
- Click the Create button to add the address mapping to the list of those shown below the form. It will be made immediately active.
As with aliases, you can edit or delete existing mappings by clicking
on their addresses in the list. This will bring up a form identical
to the one used for creating a mapping, but with Save
buttons at the bottom.
If a mapping exists for both a domain and an address in that domain,
Sendmail will use the second for email to that specific address,
and the first for email to any other mailbox in the domain. In effect,
more specific address mappings take precedence over those that
are more general. Their ordering in the list on the Address Mappings
page does not matter at all.
If you want to create a mapping that forwards email to a program,
file or list of addresses, you will need to create an alias as well.
The address mapping will send email to the alias, and then the
alias will forward it on to the real destination. Typically the
alias should name a name that is related to the address mapping,
such as jcameron-example-com
for mapping for the virtual
On a system with many domains and users, it is quite likely that
two people will want to have the same mailbox name in different
domains, such as firstname.lastname@example.org
Sendmail ultimately only delivers email to Unix users' mail
files, and two Unix users cannot have the same name, this can be
a problem. The usual solution is to create users named like bob-foo
, and set up appropriate address mappings to forward
email to them. The only down side is that the users will need to
login to the POP3 server as bob-foo
Configuring domain routing
Sendmail's domain routing feature can be used to forward all
email to a particular domain to a different server. It is most
useful if the DNS is set up to send email for some domain to your
system, which should then be forward to another MTA that is unreachable
by the rest of the Internet. Routing can also be used to override
the normal method by which Sendmail works out which host to send
email to, which can be handy on networks in which connectivity
is incomplete or some DNS information is not available to all
To add a new domain routing rule, follow the steps below :
- On the main page of the module, click on the Domain Routing icon. A page listing existing routings (if any) will be displayed, above which is a form for adding a new one.
- To have email to just a specific domain or host routed elsewhere, select the Host option in the Mail for field and enter the domain or hostname into the adjacent field. Alternately, if you want email for all hosts within a domain to be routed, select Domain instead and enter the domain name into its field. A routing of this kind for the domain example.com will not effect email send to an address in the domain (like email@example.com), but only email to addresses on hosts under the domain (like firstname.lastname@example.org). Normally, this is not what you want. Any domain or hostname that you enter must be on the list that Sendmail allows relaying for, as explained in the Configuring relaying section earlier in this chapter.
- From the Delivery menu, select SMTP. This field tells Sendmail which protocol to use when routing email for the domain. Most of the other options are useless, as they relate to UUCP which is hardly used anymore.
- In the Send to field, enter the hostname of the system to which mail should be forwarded. The Ignore MX for SMTP delivery box should be checked as well, so that Sendmail always delivers directly to this host instead of trying another DNS lookup to determine the correct destination.
- Hit the Create button to add and active the new domain routing. You should test it to make sure it is really working, as small mistakes (such as selecting Domain instead of Host) can prevent a route from working.
As on other similar pages in the module, an existing routing rule
can be edited or deleted by clicking on its domain name in the list
on the Domain Routing page. There is no way to temporarily disabling
a rule though, as there is with aliases.
Sendmail can also be configured to forward all non-local email
to a specific server, rather than just email to particular domains.
This is useful if your company or ISP has a central mail server
that you want to hand off email to, rather than having your system
connect to the real destination server. The next section explains
how to set this up.
Editing global Sendmail options
The global options control such things as the maximum message
size, number of days to retry email, load average limits and outgoing
mail server. The steps below explain how to edit some of the most
useful ones :
- On the module's main page, click on the Sendmail Options icon. A form for editing global options (shown below) will be displayed.
- When the Send outgoing mail via host field is set to Deliver directly, Sendmail will lookup the correct mail server for non-local messages and connect to it to deliver email. However, if you select the second option and enter a hostname into the text box, all messages except those for local users will be send to that host instead. Typically, this will be a central mail server at your ISP or on your company's network. If a domain routing rule exists for an address, it will take precedence over any server set using in this field.
- The Delivery mode field controls how Sendmail processes incoming messages. The available options are : Background or Default *In this mode, email is immediately accepted from clients and then delivered to the destination by a separate background process. This is usually what you want. *Queue only or *Deferred *When one of these modes is chosen, Sendmail will simply add incoming messages to its mail queue. Only when the queue is explicitly flushed will they be send to their destinations. This can be useful if your system is not always connected to the Internet, or if you want explicit control over when the server sends out messages. When a message is received in either of these modes, Sendmail performs no validation of the source or destination address, which would otherwise cause problems if your system is disconnected from the network. *Interactive *This mode is similar to Background, except that email is delivered by the same process that accepts it from the client. This means that clients must wait until Sendmail has transferred their messages to the next or destination server, which may take some time. However, it cuts down the number of processes that Sendmail needs to start.
- The SMTP port options field can be used to set the TCP ports that Sendmail listens on for SMTP connections. The actual value that can be entered can be quite complex, but if you want your system to accept connections from anywhere on the standard SMTP port you should enter just Name=MTA. On some operating systems this is not the default, and Sendmail only accepts connections from localhost.
- The Max load average for sending field can be used to set a load average above which Sendmail will not send out messages. The load average is a rough estimate of the number of processes running on your system at a moment in time, as explained in chapter 11. This option and the next are useful for limiting the amount of CPU time that Sendmail can use up on your system, although the latter is more useful. If Default is selected, the server will continue to process the mail queue and send messages no matter what the load average is.
- To set a load average above which Sendmail will no longer accept new messages, enter a value for the Max load average for receiving field. When this level is reached, the server will close the SMTP port until the load drops back below it again. Typically, whatever you enter should be lower than the limit set for the Max load average for sending field, so that the mail queue is still processed even when the load is high. When Default is selected, Sendmail will accept new connections regardless of the load average.
- The Time before giving up field specifies the amount of time that Sendmail will attempt to send an email to an un-contactable remote server for before returning a bounce message to the sender. The value you enter must be a number followed by d for days or h for hours. It should only be changed if your system is likely to be disconnected from the Internet for longer than the default of 5 days, and you don't want messages in the queue to bounce.
- The similar Time before sending warning field specifies the time that Sendmail will hold a message in the queue for before sending a warning to the original sender. If your system is a secondary mail server for some domain or is often disconnected from the network, it should be increased to the same time as the previous field.
- To change the address that Sendmail sends fatal or double-bounced messages to, enter a new address in the Send error messages to field. When Postmaster is selected, they will be sent to the Postmaster mailbox instead, which is usually an alias for root.
- To limit the amount of disk space that Sendmail will use up for queued messages, fill in the Min free disk space field. If the number of free blocks drops below this level, new incoming messages will no longer be accepted. The exact size of a block depends on the type of filesystem in use, but they are typically
- kB or 512 bytes in size.
- To stop large messages being sent via your mail server, fill in the Max message size field. Any email larger than the number of bytes entered will be rejected when it is received. If you have a slow network connection and un-trusted client users, this option can be useful to save on bandwidth.
- Finally, click Save and Apply to save the new global options. Webmin will automatically re-start Sendmail for you to activate them.
The Sendmail options page
Viewing the mail queue
When Sendmail receives a message, it is placed into the mail queue.
If it can be send to its destination immediately, then it will
be removed from the queue almost at once - however, if some temporary
error occurs when sending then it will remain queued for later
processing. The Sendmail server process makes periodic checks
of messages in the queue, re-trying each one at longer and longer
intervals. Finally after a message has been in the queue for too
long (usually 5 days), it will be removed and a bounce email sent
back to the original sender.
Most messages that are in the queue for a long time are there because
the destination mail server is down or unreachable. Another
common cause is a temporary error reported by the remote MTA,
such as a lack of disk space. Webmin allows you to view messages
in the queue and even delete them by following these steps :
- On the module's main page, click on the Mail Queue icon to go to a page listing the details of queued messages. The number of emails in the queue is displayed below the icon, so that you can see how long it is at a glance.
- On the mail queue page the ID, sender, destination, subject and size of all queued messages are displayed in a table. In the final column is the current status, which indicates what Sendmail is trying to do with the message at the moment. Sending will appear when Sendmail is trying to connect to the remote server, and Deferred will be shown along with a reason when a connection has been tried and failed. If the queue contains more than 20 messages, only the first 20 will be displayed. To page through the rest, use the left and right arrow buttons that appear above the list.
- To view the actual contents of an email, click on its ID in the queue listing. All headers, the text body and any attachments will be displayed. To view an attachment, just click on its icon. To remove just this message from the queue, hit the Delete button at the bottom of the page. If the email is locked because it is currently being sent, Webmin will display an error message along with a button labelled Force deletion anyway that you can click to override the lock. This may cause the message to be only partially sent though, and so is not recommended.
- To remove multiple messages from the queue, first select them using checkboxes next to their IDs and the Select all and Invert selection links on the queue list page. Then click the Delete selected messages button to get rid of those that you have chosen. To override any locks on the selected emails, check the Even if locked box first. After you hit the Delete button, a page listing the ID and deletion result of each chosen message will be displayed. Deletion can fail if the message is no longer in the queue, or if it is currently locked.
Even though Sendmail will re-try messages in the queue automatically,
you can force it to attempt delivery of all queued messages immediately
using Webmin. This can be useful if you have a dial-up Internet
connection and have queued up several emails while disconnected.
The steps to flush the queue are :
- On the module's main page, click on the Mail Queue icon to bring a list of queued messages.
- As long as the queue is not empty, a button labelled Flush Mail Queue will be visible at the bottom of the page. Click it begin immediate processing of all waiting messages.
- A page showing the output from Sendmail as it attempts to deliver queued email will be displayed. If you have a large queue containing messages for down remote servers, it may take a long time to completely appear.
Reading users' email
As the introduction explains, Sendmail stores messages received
by users in files in the /var/mail or /var/spool/mail directory.
These are read and emptied by the POP3 server, command-line mail
clients like pine or elm, or web-based mail clients like Usermin.
However, this Webmin module can also act as a simple mail client,
allowing you the system administrator to read any user's email.
This feature is useful for deleting large messages is user mailboxes
that would otherwise take a long time to download over a dialup
POP3 connection. It also allows you to read email for system users
such as root without needing to telnet in or run a separate mail
client. More controversially, on a multi-user system you can
even invade people's privacy by reading their personal email
- assuming they have not downloaded and deleted it via POP3 yet.
The steps to check the contents of a user's mailbox are :
- On the module's main page, click on the User Mailboxes icon. A page listing all of the users on your system and the sizes of their mailboxes will be displayed, unless you have more than 200 users. In that case, a small form for entering a username will appear instead.
- Click on the name of a user to bring up a list of messages in his mailbox, an example of which is shown in Figure 37-4. By default, the most recent messages are shown first, even though they are actually at the end of the actual mail file. If the mailbox contains more than 20 emails, only the first 20 will be displayed. To page though the rest, use the left and right arrow buttons above the list.
- To view an actual message, click on the sender's name in the From column. A page showing the important headers, body text and attachments will appear. Click on an attachment icon to view it, assuming that the data type is supported by your browser or some external program. To remove just this email from the user's mailbox, click the Delete button at the bottom of the page. This can take quite some time if the mailbox is extremely large (over 10 MB) or contains lots of messages, as Webmin needs to re-write the entire mail file.
- To delete multiple messages, first select them using the checkboxes and Select all and Invert selection links on the mail list page. Then click the Delete button above or below the list - once again, this can take a while for large mailboxes.
- To search the user's mailbox for messages matching some criteria, use the Find messages where form below the list. The following types of search can be selected from the menu : From: matches,
- matches, To: matches or Cc: matches Finds messages in which the From, Subject, To or Cc field contains the text entered into the adjacent text box. The comparison is case-insensitive, but regular expression characters cannot be used. Date: matches Finds messages in which the sending date header contains the entered text. This header will not be converted to local format, so whatever you enter must match the date format used by the sender. Body matches Finds messages whose body contains the entered text. The body includes all attachments in their un-encoded form, not just the text that is shown when you read an email. Size is greater than Finds messages whose total size is greater than the number of bytes entered into the adjacent field. For each of the above search types, an inverse type is also available, such as From: doesn't match or Size is less than. After choosing your search type and entering text to match, hit the Search button. A page listing all matching messages will be displayed, from which you can view the contents of emails or select some or all to delete, just like in the normal mail list.
The contents of a user's mailbox
The mail reading section of the module actually allows you to
compose new messages and reply to or forward existing ones. In
fact, it can be used as a full-featured email client, although
it is not the best program for the job. The default From address
for sent messages is determined from the mailbox user's name
and the system hostname, but this can be changed on the module
access control page on a per-Webmin user basis. It is even possible
to create Webmin users who can use this module to read only their
own mailbox and send email from only their address. However,
you should really use a program like Usermin if you want to give
the same mail-reading web interface to a large number of users
on your system.
By default, the module assumes that that mail for each user will
be stored in a file with the user's name in the /var/mail or /var/spool/mail
directory. It is possible to configure Sendmail to use a different
file path instead though, such as the mbox file in each user's
home directory. If this is the case on your system, you will need
to re-configure the module, as explained in the section *Configuring
the Sendmail Configuration module*. Otherwise all the mailbox
will show up empty, because Webmin is looking in the wrong place
Adding Sendmail features with M4
The primary Sendmail configuration file sendmail.cf is extremely
complex, and almost impossible to edit manually. Fortunately,
it is usually built from a series of M4 macro files that are much
simpler and can be modified using this module or by manual editing.
M4, for those who have not heard of it before, is a program that
parses text files and expands macros in them. These macros can
include other text files, define variables and functions or
exclude text based on certain conditions. M4 is very similar
to the pre-processor used by the C programming language which
handles #include and #define statements. Fortunately, this
module hides most of the complex details from you.
Often, the default Sendmail configuration that comes with your
operating system will not have some features enabled, such as
address mapping or domain routing. Webmin can detect this, and
will display an error message if you try to use a module page for
a Sendmail feature that is not enabled in the primary configuration
file. To turn on a missing feature, an entry must be added to the
primary M4 configuration file, from which sendmail.cf is re-built.
Then Sendmail will be able to use it, and this module will be able
to configure it.
Before you can manage your Sendmail M4 configuration, this module
must know where to find the M4 files. To check if it has the correct
paths and to set them if not, follow these steps :
- On the module's main page, click on the Sendmail M4 Configuration icon.
- If an error message like The Sendmail M4 configuration file /etc/sendmail.mc was not found or The locations of the Sendmail M4 base directory and M4 config* files have not been set* is displayed, then module cannot find the M4 files. However, if a table of entries from the file is displayed instead then everything is configured OK and you can skip the rest of these steps.
- If you are running Linux, check your distribution CD or website to make sure that all the packages whose names start with sendmail are installed. Sometimes the M4 files are in a separate package named something like sendmail-cf. If you do find and install such as package, go back to step 1 and check again to see if the module has found the configuration files.
- If you are using the Sendmail package that came with your version of Unix and cannot find any M4 files on your system, then this feature of the module cannot be used. This is unfortunately the case on some operating systems.
Once the Sendmail M4 Configuration page displays the contents
of your primary M4 file, you can use it to add new features such
as address mapping or domain routing. The page can in fact be used
to modify any of the M4 macros in the file, but unless you are any
experienced Sendmail administrator it is best to stick to these
instructions for adding features :
- From the menu next to the Add new entry of type button at the bottom of the page, select Feature and then hit the button to go to the feature creation form.
- Select the one that you want to add from the Feature menu. The most commonly used features have names next to them in brackets that correspond to their icons on the module's main page.
- In the Parameters field, enter hash -o followed by the path that should be used for the feature's text and DBM files. For example, if adding a virtusertable feature you should enter hash -o /etc/mail/virtusertable (assuming your system has an /etc/mail directory).
- Login to your system as root via SSH, telnet or at the console and create the empty text file with a command like touch /etc/mail/virtusertable. Naturally, this is not necessary if it already exists.
- Click the Create button to update the M4 file and be returned to the previous page.
- At the very bottom of the M4 file contents list, click the Rebuild Sendmail Configuration button. A confirmation page showing the exact changes that will be made to your sendmail.cf file will be displayed - typically they will be limited to directives for the new feature. If the confirmation form indicates that a huge number of lines are going to be changed, it is likely that the M4 file being edited was not originally used to built your current sendmail.cf file, and so should not be used in future.
- To go ahead and use the newly rebuilt Sendmail configuration, click the Yes, replace it now button. Your sendmail.cf file will be updated and the server process re-started to immediately activate it.
- Go back to the module's main page, and click on the icon for the feature that you have just enabled. You will not be able to add and edit address mappings or whatever it was that you added support for.
As you can see from looking at the existing M4 file entries, editing
or adding to it can still be quite complex. For this reason, the
book does not cover all of the possible features or other macro
types that you can add. However, for most people the defaults
will work just fine - at most, all you should need to do is add a feature
or two as explained above. If you want to learn more about editing
the M4 configuration, you should buy a book dedicated to Sendmail
One problem with using the M4 page to re-build your Sendmail configuration
is that any changes that have been made directly to sendmail.cf
will be overwritten. The module's Sendmail Options page unfortunately
does precisely this, so if you follow the instructions above
to add a new feature any changes made on that page will be lost!
The only real solution is to edit the entries in the M4 file that
correspond to those on the Sendmail Options page - for example,
the Send outgoing mail via host
field is set by the SMART_HOST
Creating autoreply aliases
The Sendmail Configuration module lets you easily create an
alias that triggers an automatic reply to anyone who sends email
to it. When you do this, Webmin creates a simple script that is
run from the alias and receives the contents of email sent to it
as input, just like a command specified using the Feed to program
To set up an autoreply alias, follow these steps :
- On the module's main page, click on the Mail Aliases icon.
- In the Create Alias form, enter a name for the alias and select Autoreply from file from the type menu. The name can be that of an existing Unix user if you want to set up an automatic reply to any message send to him, for example if he is on holidays.
- In the field next to the type menu, enter the path to a file that will contain the autoreply message, such as /home/someuser/autoreply.txt. The file does not have to exist yet.
- Click the Create button to add the alias, and then click on its name in the list to edit again.
- Follow the Edit link next to the autoreply filename field. This will bring up a page containing a large text box for entering the contents of the reply message.
- After entering the text that you want sent back to any sender, click Save at the bottom of the page. The autoreply alias is now fully active.
The reply text can contain several special macros that start
with $, such as $SUBJECT, $TO, $FROM, $DATE and $BODY. When the
reply is sent, these will be replaced with the original message's
subject, destination address, sender address, sending date
or body respectively. Be careful using the $BODY macro though,
as it will be replaced with the entire un-encoded contents of
the email being replied to.
You can also add to or override the headers used in the reply message
by starting the autoreply text with one or more lines in standard
SMTP header format, followed by a blank line. For example, to
set the subject of the automatic reply you could enter _Subject:
This is an automatic reply_ at the top of the text box, with an empty
line after it.
One problem with Webmin's autoreply script is its inability
to reliably determine the From address to use when sending the
reply. Normally this is just taken from the To address of the original
message, but this is not possible when replying to a message that
was sent to multiple people. Even though the code attempts to
find the right address automatically, it can sometimes get the
wrong one and send an automatic reply that appears to be from the
wrong person. For this reason, you should include a header line
like From: Jamie Cameron <email@example.com>
at the top
of your reply text to set the correct address.
If you are setting up an automatic reply alias for a Unix user,
it is usually a good idea to have a copy of all email sent to the user
stored in his mailbox as well. To do this, re-edit the alias and
select Email address from the second type menu. Then enter the
user's name preceded by a backslash into the text field next to
it (like \jcameron
) and hit Save
Creating filter aliases
Sendmail aliases normally forward email messages to their destinations
regardless of their content. However, it is possible to use this
Webmin module to create an alias that forwards to different addresses
or files depending on the headers or body of a message send to it.
When you create an alias like this, the module internally creates
a script that is passed the contents of email to the alias as input,
just like a command specified using the Feed to program
A filter consists of a series of rules, each of which has a condition
and action. The condition specifies a header to check and text
to check if the header contains, while the action specifies an
address to forward to or a file to append the message to. When a
message is received by the filter, it is checked against the rules
in order until one that matches is found and its action performed.
At the end of the list is a default action, which determines where
to forward email that does not match any of the conditions.
Compared to other mail filtering or classification programs
like Procmail and SpamAssassin?
, Webmin's filters are limited
in their functionality and flexibility. However, they are easy
to create and require no additional software. To create one,
the steps to follow are :
- On the module's main page, click on the Mail Aliases icon.
- In the Create Alias form, enter a name for the alias and select Apply filter file from the type menu. The alias name can be that of an existing Unix user if you want to filter his email before delivery.
- In the field next to the type menu, enter the path to a file that will contain the filter rules, such as /home/someuser/filter.rules. Because the file format is fairly complex, you should not enter the name of any existing file unless it was created by following these same steps.
- Click the Create button to add the alias, and then click on its name in the list to edit again.
- Follow the Edit link next to the filter rules file field. This will take you to the form shown in Figure 37-5, which contains a table of empty rows for entering new rules and a text field for the default action address.
- In the first row, select the header that you want to filter on from the menu next to If the. Or to check the entire un-decoded email body, select body from the list instead. To have the action performed if some text is found in the header or body, select matches from the second menu. Alternately, to perform the action only when some text is not found, choose doesn't match instead. In the field next to this menu, enter the text that the filter should check the header or body for. The comparison will always be case-insensitive, and Perl regular expression characters like [, ., + and * can be used. In the then forward to field, enter the email address or mailbox name to which messages matching the condition that you specified will be sent. It is also possible to enter an absolute file path like /home/someuser/mail/somefolder to which email will be appended instead. This could be another user's mail file, or a mail folder - however, it must be writable by the Unix user daemon that Sendmail runs as.
- To enter another rule, fill in the second blank row by repeating the instructions in the previous step again. Only five empty rows are displayed, but you can create more than five rules by saving and re-editing the filter file.
- In the Otherwise forward to field at the bottom of the table, enter an address or filename to which messages that do no match any of the rules will be sent or appended. If this is left blank, unmatched email will be thrown away!
- Finally, click the Save button to activate the new filter rules. To make sure they are really working, you should send a few text messages to the alias and check that they are delivered correctly.
The filter creation form
To have email forwarded to multiple addresses by a single rule
or the default action, just enter them separated by commas into
one of the forward to
fields. Or enter the name of another alias
as the destination, which can then send messages to multiple
files, addresses and/or programs.
When creating a filter alias with the same name as a Unix user,
it is often useful to specify that messages matching some rule
be delivered to the user's normal mailbox. However, just entering
the user's name as the destination would be a big mistake, as this
would trigger an endless loop through the filter! Instead, you
should prepend a backslash to the username, like \jcameron
As with aliases, this tells Sendmail to ignore any aliases for
Because it can often be difficult to work out what a filter alias
is doing and why it is doing it, the filter script creates a log
file in the same directory as the rules file. The log has the same
name as the filter file, but with .log appended. Every message
received by the alias and delivered to some destination by the
filter causes a line to be added to the log, containing the date,
time, sender, destination and rule matched. The log file will
only be created if the directory or log itself is writable by the
daemon user though.
Module access control
The Sendmail Configuration module probably has the most powerful
access control features of any module in Webmin. You can use them
to limit the aliases and virtual addresses a Webmin user can edit,
or restrict him to reading only the mailboxes of certain Unix
users. These features are most useful in a virtual hosting environment,
where customers own email domains and the user accounts. On this
kind of system, you can create one Webmin user per customer who
can only manage the address mappings, aliases and mailboxes
for his own domains, while not being able to use other features
of the module or touch other customers' information.
Once you have created a Webmin user who has access to the module
(as explained in WebminUsers
), follow these steps to restrict
what he can do :
- In the Webmin Users module, click on Sendmail Configuration next to the name of the user that you want to restrict.
- Change the Can edit module configuration? field to No, so that he cannot modify paths to Sendmail programs and files.
- Set all of the Yes/No fields in the second section to No, which will prevent the user from seeing most of the module's icons.
- Select No from the Can manage mail queue? menu, or View only if you just want the module user to be able to see the contents of the queue. Selecting Yes would be a bad idea, as it would allow him to delete queued email belonging to other domains.
- For the Address mappings this user can edit field, select the Matching option and enter a Perl regular expression for allowable mapping sources into the text field next to it. For example, to let him create and edit mappings in the domains foo.com and example.com, you should enter (@firstname.lastname@example.org)$.
- It is safe to select all of the checkboxes in the Address mapping types this user can edit field.
- To limit the number of mappings that the user can create, select the second radio button in the Maximum number of address mappings field and enter a number into the box next to it. This can be useful for preventing a single customer from more address mappings than he has paid for.
- In the Aliases this user can edit field, select Matching and enter a regular expression that only lets him modify or create aliases starting with the customer's domain names. For example, if the user owns the domains foo.com and example.com you should enter ^(foo|example)- to limit him to aliases like foo-jcameron or example-fred. This naming convention ensures that users cannot step on each others' aliases.
- In the Alias types this user can edit field, de-select the checkboxes for types of aliases that the Webmin user should not be allowed to create. Good candidates to deny access to are Write to file, Feed to program, Autoreply and Filter file, as they use the permissions of the Sendmail daemon user and thus may be a security risk.
- To limit the number of aliases that the customer can create, select the second radio button in the Maximum number of aliases field and enter the maximum into the box next to it.
- To stop the Webmin user creating aliases that run programs, append to files or use address files outside a certain directory, enter it into the Limit files and program to directory field. Unfortunately, this can be subverted by the clever use of symbolic links and so is not a very strong security measure.
- In the Outgoing addresses this user can edit field, select Matching and enter the same regular expression as in the Address mappings this user can edit field. This will limit the user to re-writing addresses for only his own domains. Or to prevent the editing of outgoing addresses at all, select None - in most cases, there is no need for a Sendmail administrator to edit them anyway.
- In the Users whose mail can be read field, select one of the last five options to limit the customer to only those Unix users who belong to him. If he has been given limited access to the Users and Groups module as well, then you should allow him to read the email of the same users that he can create an edit in that module.
- Leave the rest of the fields on the form set to their defaults - they are only really useful if you are setting up the module as a web- based mail reading interface. Although this is possible, there are much better alternatives such as Usermin (covered on UserminConfiguration).
- Click the Save button to make the restrictions for the user active.
Even though it is possible to configure this module to limit a
user to certain domains, the module's interface is not particularly
friendly compared to products like Plesk or Cpanel. These are
web-based virtual server management interfaces that have been
designed from the ground up for that purpose, unlike Webmin which
was design to allow the management of everything on a system.
Configuring the Sendmail Configuration module
The Module Config
link on the main page takes you to a form seen
in many other modules for editing settings that apply to the operation
of the module itself. Those listed under Configurable options
relate to its user interface, while those under System configuration
define the paths to the Sendmail programs and files.
Settings in the latter group do not usually need to be changed,
as by default they are set to match the Sendmail package supplied
with your operating system. However, if you have compiled and
installed the MTA yourself from the source code, then it is quite
possible that they will be incorrect.