# Allow sending mail between hosts on a LAN



## jwdevel (Oct 18, 2022)

I'm trying to set something up which in my mind is simple, but I'm having a hard time finding documentation or examples that make sense to me to accomplish it. Hopefully someone can point me in the right direction.

Quick background:

I have a few hosts on my network, which I trust.
I want to allow them to send mail between each other.

For instance, I have a server machine, a desktop, and a laptop. Call them A,B, and C.

I am *not* interested in general-purpose relay functionality. In fact, I don't even want to relay from A, through B, to C (for example). I only want to directly send mail from A to B or B to C, etc.

I am also *not* interested in forwarding or relaying anything outside my LAN. As far as these machines' mail is concerned, the Internet does not exist. In fact, if I can avoid using DNS, that would be my preference, too.

In my actual situation, it is complicated by the fact that some machines are running Debian, with Exim4, while other machines are running FreeBSD, with Sendmail. But for the purpose of this discussion, i'm fine with just assuming they're all running Sendmail. Once I get the basics figured out, I can worry about the different ways of configuring different mail servers.

So, here is more-or-less what I have in mind:

Each machine A,B,C already runs a mail server for local mail. I just want to allow them to talk to some immediate neighbors in their LAN. Since it's all trusted hosts on a private network, I imagine just using plain (E)SMTP on port 25 is fine.

In short, I want to compose mail on A that has "To: user@B" (or perhaps @B.lan.net, if I must).

I think basically, I am looking for some configuration which says "accept incoming connections on port 25, but reject anything not bound for a user on _this_ system".

Has anyone done something like that?
Or is there some reason this is a Bad Idea, which might explain my inability to find such examples on the web?


I can put entries in /etc/hosts as needed, which I *think* Sendmail will use in preference to DNS.
I could even use the square-brackets [host.name] notation, which I believe circumvents DNS lookups.


But my real stumbling block is how to configure Sendmail for that use-case, on a basic level.


There is etc/mail/relay-domains, and this gets me pretty far, but I believe this means the allowed domains/hosts/etc will be allowed arbitrarily relay through the Sendmail instance configured in this way? In my case, the hosts are trusted, so perhaps it is not worth worrying about. But ideally, I would only allow incoming mail to "myself", and not allow arbitrary relaying.

Likewise, the /etc/mail/access file only has a RELAY command, not some "accept for myself only" concept that I'm looking for.


----------



## Alain De Vos (Oct 18, 2022)

fyi,


			https://www.cloudflare.com/learning/dns/dns-records/dns-mx-record/


----------



## Jose (Oct 18, 2022)

What you want to accomplish would involve setting mydestination and mailbox_transport in Postfix. Unfortunately this appears to be the only major MTA you're not using


----------



## im (Oct 18, 2022)

If your hosts are ready to receive mail for their users (local or virtual)
then you can send mail as "user@xxx.xxx.xxx.xxx" where xxx is an IP address of target host.
Most known MTA's are ready to receive mail for local users and usually don't require any additional setup.
If you want to avoid DNS - you must disable any DNS-related examinations (sender, recipient, helo validation)


----------



## Alain De Vos (Oct 18, 2022)

If i'm correct you still need an mx-record in the dns.
Because the mx-record refers to a host-name, which refers to an ip-address. And on that ip-address the mail is delivered.


----------



## Jose (Oct 18, 2022)

Alain De Vos said:


> If i'm correct you still need an mx-record in the dns.
> Because the mx-record refers to a host-name, which refers to an ip-address. And on that ip-address the mail is delivered.


I don't think you do. This is an old-timey thing where email accounts only lived on some huge time-shared Unix host. Not used that often anymore, but jwdevel has hit upon the exact scenario where this is still useful.


----------



## covacat (Oct 18, 2022)

for sendmail you can put

```
hosta.local esmtp:hosta.local
hostb.local esmtp:hostb.local
```
 in /etc/mail/mailertable then cd /etc/mail && make maps
put hosta.local and hostb.local in /etc/hosts


----------



## jwdevel (Oct 18, 2022)

Ah, thank you for "mailertable" — I had seen it, but did not understand.

In truth, my setup is slightly more complicated. I use SMART_HOST as well on my main server. But I imagine "mailertable" takes precedence over that?

I suppose this would *not* prevent relaying from A, through B, to destination C?
(not a big issue, but trying to understand)


For reference, in Exim, it seemes to be the "relay_to_domains" and "relay_from_hosts" config items. Haven't tried it yet, though.


----------



## im (Oct 18, 2022)

Alain De Vos said:


> If i'm correct you still need an mx-record in the dns.
> Because the mx-record refers to a host-name, which refers to an ip-address. And on that ip-address the mail is delivered.


You don't need any MX records with addresses like user@IP.
Also, many MTA may use DNS record type "A" if no MX specified for the domain.


----------



## cy@ (Oct 18, 2022)

im said:


> You don't need any MX records with addresses like user@IP.
> Also, many MTA may use DNS record type "A" if no MX specified for the domain.


Setting up one's one internal-only DNS makes life so much easier. Not only that but it can be used as a DNS cache to the outside world.

Using Sendmail is more finicky than Postfix. I've been doing this for the last 20+ years, having finally retired Sendmail, internally except for one machine here, this spring. The machines send mail to each other and when I use any machine to send email outside of my network they forward through my gateway machine (which has been running Postfix for the last 15 years).

Given that FreeBSD will retire Sendmail in 14-CURRENT either this year or next it's probably a good idea to use dma, which will become the default MTA, or install one of the Postfix, Sendmail or Exim ports.

Also given that Sendmail has about 3% market share these days and is continually declining in market share, career-wise a person may want to focus on one of the others. However Exim, which has 60% of market share, has been plagued with a significant number of CVEs. Career-wise a person should learn it but IMO it's a security risk -- Exim is the new Sendmail.

P.S. The reason Exim is so popular is that it can handle more email than any of the others. It's designed for volume, though apparently not for security.


----------



## Alain De Vos (Oct 18, 2022)

I currenlty use opensmtpd with dovecot. It's an easy setup.


----------



## jwdevel (Oct 18, 2022)

> probably a good idea to use dma, which will become the default MTA

Ah, I had not heard of dma; it does seem handy. But seems like it does not handle *accepting* mail from others on a LAN. So I guess for that I still need a "real" MTA.

Yes, I know Sendmail has long been in decline; I still have a FreeBSD 11.x machine on ~15-year-old hardware that 12+ don't seem to support. Many things are stuck in the past  ( :

cy@
I am curious, since you mention you are doing something similar to what I'm aiming to do, and previously were using Sendmail: were you using a /etc/mail/mailertable approach, like covacat described above?


----------



## cy@ (Oct 19, 2022)

jwdevel,

I used mailertable as above when I used Sendmail. I now use transport with Postfix. Same idea.

Prior to mailertable being a thing I used:

R$* < @ $* .$m. > $*        $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3


----------

