Mail

Outgoing mail
Incoming mail
fetchmail
sendmail
procmail
IMAP server

Outgoing mail

Mail gets from the laptop (nettle/rocket) to the outside world through the following sequence of steps:

The email client (e.g. Thunderbird) on the laptop connects to a "local SMTP server" (see below) and transfers the email to it.
The local SMTP server does a DNS lookup of the domain part of the email recipient to find the remote SMTP server for that domain. For example, if the email is addressed to timufea@fastmail.co.uk, the local SMTP server will do a DNS lookup of fastmail.co.uk to find which SMTP server handles mail for that domain.
The local SMTP server connects to the remote SMTP server and transfers the email to it.
The remote SMTP server may hand the email on to yet another SMTP server, or it may hand it to a local delivery agent, which will put it the recipient's mailbox.

Note that the local SMTP server is acting both as a server (to Thunderbird) and as a client (to the remote SMTP server). It's possible to have a whole chain of SMTP servers relaying mail in this way before it reaches its final destination.

There are three main possibilities for what we may use as the "local SMTP server":

sendmail running on the laptop
sendmail running on sage
an ISP's SMTP server (e.g. mailhost.zen.co.uk at Zen Internet)

Using sendmail on the laptop is the simplest method, and the one that is most independent of other machines.

The disadvantage of using sendmail on the laptop is that outgoing mail (from any of our machines) appears to come from our fixed IP address (82.71.13.216). This IP address maps (under reverse DNS) to sage.wingpath.co.uk. But sendmail introduces itself (using the SMTP HELO command) to the remote SMTP server as rocket.wingpath.private (say). Some remote SMTP servers will not accept mail unless the sender's HELO and reverse-DNS hostnames match, and so will reject mail coming directly from the laptops.

You can use either of the other alternatives to get around this problem. Alternatively, you can upgrade to sendmail 8.14.0 or later and configure the HELO name (see below for how to do this).

Incoming mail

Mail from the outside world ends up in IMAP mailboxes on sage through the following sequence of steps:

Someone sends an email, which ends up in a mailbox at one the the sites where we have email accounts (e.g. the wingpath.co.uk website, fastmail.co.uk). These sites have POP3 or IMAP servers that allow us to access the emails remotely.
fetchmail polls external POP3 and IMAP mail servers, downloads any mail that it finds, and passes it to sendmail.
sendmail passes the mail to procmail.
procmail calls SpamAssassin to test whether the mail is spam, and then it passes to the IMAP server.

All these processes (fetchmail, sendmail, procmail, and the IMAP server) run on sage.

The email client (Thunderbird/Mozilla) on the laptop connects to the IMAP server on sage to fetch and display emails.

It is now also possible for an SMTP client to connect directly to sendmail on sage, instead of going via the wingpath.co.uk website. Only steps 3 and 4 occur when this is done. This works for email domains (such as wingpath.co.uk) for which sage is the primary mail server. Several configuration changes were needed to enable this - see Allowing direct mail to sage below.

fetchmail

fetchmail is provided in the Slackware distribution.

fetchmail is configured using the file /etc/fetchmailrc. This mainly lists the mail servers to be polled, the usernames & passwords on each server, and the corresponding usernames on sage. See the manual page for (full!) details. Since the file contains passwords, it should be readable only by root.

fetchmail is started from /etc/rc.d/rc.local.

sendmail

sendmail is an "SMTP server" - essentially an email router, but with lots of bells and whistles added.

sendmail is provided in the Slackware distribution, and is pre-configured to handle both outgoing and incoming mail. Incoming mail is, by default, delivered to local mailboxes (i.e. ordinary files in the local filing system).

Configuration of sendmail is notoriously complicated - full details are on the sendmail website. The following describes the little that I have done on nettle and sage.

The main sendmail configuration file is /etc/mail/sendmail.cf, but this shouldn't be edited directly (not that you would be tempted to, since it is totally incomprehensible). You should instead edit the file /usr/share/sendmail/cf/cf/sendmail.mc (which is only slightly more comprehensible), and then generate /etc/mail/sendmail.cf from it using the following procedure:

su -

cd /usr/share/sendmail/cf/cf

vim sendmail.mc

m4 sendmail.mc >sendmail.cf

cp sendmail.cf /etc/mail

/etc/rc.d/rc.sendmail restart

If sendmail.mc doesn't exist, make a copy of sendmail-slackware.mc and use that.

I have made the following changes to the sendmail configuration on nettle:

The line:

FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl

in sendmail.mc has been changed to:

FEATURE(`local_procmail',`',`procmail -t -Y -m USER=$u /etc/procmailrc')dnl

to stop procmail delivering to local mailboxes on nettle, and instead act simply as a filter using rules from /etc/procmailrc. I did this so that I could re-direct mail arriving at nettle to the IMAP server on sage instead. See procmail below for how the re-direction was configured.

The line:

define(`confHELO_NAME', `sage.wingpath.co.uk')dnl

has been added immediately after the other define lines. This tells sendmail to identify itself to the remote SMTP server (using the HELO command) as sage.wingpath.co.uk instead of nettle.wingpath.private. This is needed because outgoing mail appears to come from our fixed IP address (82.71.13.216), which maps (under reverse DNS) to sage.wingpath.co.uk. Some SMTP servers will not accept mail unless the sender's HELO and reverse-DNS hostnames match.

Note that you need sendmail 8.14.0 or later for this to work.

On sage, I have made the confHELO_NAME change, and also the following:

The line:

FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl

has been changed to:

FEATURE(`local_procmail',`',`procmail -t -Y -m USER=$u /etc/procmailrc')dnl

to stop procmail delivering to local mailboxes on sage, and instead act simply as a filter using rules from /etc/procmailrc. This was done so that mail could be filtered using SpamAssassin and then sent to the IMAP server. See procmail below for how this was configured.

The accept_unresolvable_domains, nocanonify and accept_unqualified_senders features have been enabled (uncommented). These were all found to be needed to stop sendmail rejecting mail, which fetchmail then tried to deliver again, thus producing an infinite loop.

There are also several other sendmail configuration files in /etc/mail. If you edit any of these files, you have to run make in the /etc/mail directory afterwards.

procmail

IMAP server

Allowing direct mail to sage

It is now also possible for an SMTP client to connect directly to sendmail on sage, instead of going via the wingpath.co.uk website. The DNS configuration (both on vps.wingpath.co.uk, our primary DNS server, and on sage) has been modified to make sage our primary mail host - this involved adding MX entries.

The firewall setup on fennel had to be modified to forward SMTP connection requests to sage. This was done by adding a rule in "Firewall Rules->Inbound services".

Several configuration changes were needed on sage:

The PERMIT line in the /etc/rc.d/rc.firewall script was edited to include 25/tcp, and then the rc.firewall script was executed. This allows connections to port 25 (i.e. the SMTP port) through sage's firewall.
The following lines were added to /etc/mail/local-host-names:
      sage.wingpath.co.uk
      wingpath.co.uk
      wingpath.com
This tells sendmail that any mail arriving for these "host-names" should be delivered locally (i.e. to sage).
The following lines were added to /etc/mail/aliases:
        frank:          fog
        sales:          fog
        support:        fog
        webadmin:       fog
        wingpath:       fog
        accounts:       fog
        f.ogorman:      fog
        fogorman:       fog
        frank.ogorman: fog
        cromo:          monica
        m.croucher:     monica
        mcroucher:      monica
        monica.croucher:monica
        monika:         monica
and then make was executed in the directory /etc/mail. This tells sendmail which mailbox to deliver mail to (e.g. mail for username frank@sage.wingpath.co.uk is delivered to the fog mailbox). Note that sendmail rejects mail to unknown usernames.
The line "sendmail: ALL" was added to the file /etc/hosts.allow. This file is one of the "TCP wrappers" configuration files used primarily by inetd - but it seems to be used by sendmail too. The line was added to allow any host connect to sendmail.
The command "/etc/rc.d/rc.sendmail restart" was executed to get sendmail to re-read its configuration files.