Situation:
We want to separate core mail from “higher-risk” mail (i.e. mail sent from application servers in a DMZ) on our sendmail servers. In the event that one of our DMZ servers for which we relay mail is compromised, we do not want our mail server placed on a DNS blacklist. Therefore, we will have separate IP addresses for core mail and “higher-risk” mail. In this example, the system has only one physical network interface, so we will create and enable a virtual interface for “higher-risk” mail.
To setup multiple instances we need to have multiple IP address. We can add the multiple IPs in the linux server by using multiple network cards or by creating network card aliases. Network Aliases can be created by using the following way
1. Copy ifcfg-eth0 to ifcfg-eth0:0 (cp ifcfg-eth0 ifcfg-eth0:0)
2. Modify ifcfg-eth0:0 accordingly and assign new IP address. We can modify to ifcfg-eth0:0 same as below
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0:0
BOOTPROTO=static
BROADCAST=172.16.31.255
IPADDR=172.16.23.168
GATEWAY=172.16.16.1
NETMASK=255.255.240.0
NETWORK=172.16.16.0
ONBOOT=yes
3. Then up the newly created the network aliases, we can up it by using this command
# ifup ifcfg-eth0:0
4. To down the network aliases use this command #ifdown ifcfg-eth0:0
5. To verify newly created network aliases we can use the following command
# /sbin/ifconfig
By default, the sendmail mail submission agent (MSA, used to submit mail on the local system to an MTA) attempts to connect to an MTA on the localhost (127.0.0.1) interface. The second line above binds the primary sendmail instance to the localhost interface in addition to its IP address. The MSA configuration file, submit.mc, could have instead been modified to use the MTA on the primary interface or the virtual interface.
1. create copy of main sendmail.mc file to new file mx2snalert.cf
2. Modify mx2snalert.mc accordingly and add the following line in the mx2snalert.mc
define(`QUEUE_DIR’,`/var/spool/mqueue/mx2snalert/q*’)dnl
define(`confPID_FILE’,`/var/run/sendmail_mx2snalert.pid’)dnl
define(`confDOMAIN_NAME’,`mx2.snalert.net’)dnl
CLIENT_OPTIONS(`Addr=172.16.23.168′)dnl
DAEMON_OPTIONS(`Addr=172.16.23.168′)dnl
3. Save the mx2snalert.mc after modification
4. Create mx2snalert.cf file by using mx2snalert.mc. We can convert the mx2snalert.mc to mx2snalert.cf file by using the following command
#m4 /etc/mail/mx2snalert.mc > /etc/mail/mx2snalert.cf
5. Before starting the new instance we need to create the individual queue for individual instance.
6. We can create the individual queue by using the following commands
#mkdir /var/spool/mqueue/mx2snalert/
# mkdir /var/spool/mqueue/mx2snalert/q{1,2,3,4,5,6,7,8}
# Change the ownership of mqueue folder.
#chown -R root:mail /var/spool/mqueue/
Also change the permission of the queue folder i.e. mqueue
#chmod –R 777 /var/spool/mqueue/
7. Reread the configuration file of the main sendmail instance.
# kill -HUP `head -1 /var/run/sendmail.pid`
8. Start the second sendmail instance.
# sendmail -L mx2snalert -C /etc/mail/ mx2snalert.cf -bd -q30m
9. We can check the status of the newly created instances by using following command
# netstat -an | grep 25
tcp 0 0 172.16.23.170:25 0.0.0.0:* LISTEN
tcp 0 0 172.16.23.169:25 0.0.0.0:* LISTEN
tcp 0 0 172.16.23.168:25 0.0.0.0:* LISTEN
tcp 0 0 172.16.23.167:25 0.0.0.0:* LISTEN
10. Now we can test new instance by sending test mail, we can send the mail by using telnet command
telnet 172.16.23.168 25
helo companydomain.net
mail from: adp@domain.com
rcpt to: mchauhan@onaxer.com
data
subject: Testing
message body
. (Enter dot to terminate the message body)
11. We can create multiple sendmail instances by using the above steps.
Thanks
Manoj Chauhan