Ping a Specific Port

Question

Major Productions

Asked: 2019-07-26 11:09:25 +0800 CST2019-07-26 11:09:25 +0800 CST 2019-07-26 11:09:25 +0800 CST

Linode (Debian) box with multiple web apps - is it possible to send emails from multiple domains via sendmail?

772

I have a Linode instance in which I'm going to host several small-ish LEMP apps. Each of these apps need to send emails to users (mostly for account registration... forums/comments and whatnot). I'd like to be able to just use sendmail to accomplish this as it's already installed on the system. Is that possible? I'm not expecting a lot of traffic/email use, so I'm using Google's SMTP server:

The idea is that sendmail will be a null client - it can send mail out (and I already get system notifications (OSSEC, Fail2ban) from it), but not receive incoming mail. Any app contact form/mechanism sends a message to the owner of the app itself, whereby they can then communicate directly with them via their own email. I have a few questions, however:

Is it possible to configure things so that each app has its own outgoing email address/identity? I've separated each app into its own linux user without sudo access. So (fictional names), Bob's Widget Emporium is its own separate user, as is Sally's Awesome Political Views. Each app has its own domain record(s) through Linode's cloud DNS manager due to virtual hosting.
What do I need to do to not have these emails considered spam? And would this configuration be done at the centralized box level, or per account?
What do I need to do to block incoming emails from external sources? My iptables are the following -

ipv4:

$ sudo iptables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 8887  909K f2b-ssh    tcp  --  any    any     anywhere             anywhere             multiport dports ssh
 1282  128K ACCEPT     all  --  lo     any     anywhere             anywhere            
    0     0 REJECT     all  --  !lo    any     127.0.0.0/8          anywhere             reject-with icmp-port-unreachable
  162  5770 ACCEPT     icmp --  any    any     anywhere             anywhere             state NEW icmp echo-request
  668 38256 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh state NEW
  355 19004 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http state NEW
  424 22736 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:https state NEW
48568 4098K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
 6996  368K LOG        all  --  any    any     anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables_INPUT_denied: "
 7413  388K REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables_FORWARD_denied: "
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain f2b-ssh (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 8531  881K RETURN     all  --  any    any     anywhere             anywhere

ipv6:

sudo ip6tables -vL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all      lo     any     anywhere             anywhere            
    0     0 REJECT     all      !lo    any     localhost            anywhere             reject-with icmp6-port-unreachable
67580 6991K ACCEPT     ipv6-icmp    any    any     anywhere             anywhere            
   31  2480 ACCEPT     tcp      any    any     anywhere             anywhere             tcp dpt:http state NEW
   33  2640 ACCEPT     tcp      any    any     anywhere             anywhere             tcp dpt:https state NEW
10922   50M ACCEPT     all      any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    4  2956 LOG        all      any    any     anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "ip6tables_INPUT_denied: "
    4  2956 REJECT     all      any    any     anywhere             anywhere             reject-with icmp6-port-unreachable

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        all      any    any     anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "ip6tables_FORWARD_denied: "
    0     0 REJECT     all      any    any     anywhere             anywhere             reject-with icmp6-port-unreachable

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Given my instance can send emails out, I'm guessing it can currently receive them as well.

So, is it possible to do all this with just sendmail, and if so, how would I configure things? Or, if this is too broad a question, please let me know and I'll split it.

1 Answers

Voted

Mark Wagner · Answer 1 · 2019-07-26T13:45:04+08:00

Yes. Some apps support specifying the "from" address. Otherwise you can make use of sendmail's genericstable feature, which

will cause unqualified addresses (i.e., without a domain) and addresses with a domain listed in class {G} to be looked up in a map and turned into another (“generic”) form, which can change both the domain name and the user name.

Example:

FEATURE(masquerade_envelope)
FEATURE(genericstable, `hash -o /etc/mail/genericstable')
GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain')

In /etc/mail/genericstable

bob [email protected]
sally [email protected]

You need to have forward and reverse DNS of the mailserver match. You need to set up SPF for the domains that you will be using. If the IP appears in http://www.anti-abuse.org/multi-rbl-check/ you need to get a different IP. (Consider using a managed mail service. Running a mail server is annoying due to spammers ruining everything. However, since you are using sendmail you must like pain.)
sendmail by default only listens on localhost so you don't need to do anything. If you've configured to listen on all interfaces then undo that.

Linode (Debian) box with multiple web apps - is it possible to send emails from multiple domains via sendmail?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?