Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 960
  • Last Modified:

Native sendmail.cf for Solaris

Greetings sendmail gods:

UPDATED:
I have bit the bullet and changed the hostname to
mailman.batman.com and installed a modified copy of
the subsidiary.cf file as sendmail.cf.

Everything works fine except when LOCAL UNIX USERS
send email. The mail is reported to come from
"user@mailman.batman.com", not "user@batman.com".

I will award "500" points to anyone who can help me solve this.

**********************************************
Original Message:

I have a system that is configured with Native Solaris mail (110615-04). My problem:
I have a TLD (Top Level Domain), eg

batman.com

mail works fine in and out.
the problem is due to the fact that the system name is "batman.com".

by default (and a bloody stupid one too) sendmail allows relaying to subdomain traffic (ie .COM) - which is clearly undesirable.

The question:

without changing the hostname, how do i get relaying to stop for the .com domain?

I would also prefer not to muck about with m4 - hacking the sendmail.cf is preferred.

(the cf file is based on "main.cf")

0
festive
Asked:
festive
  • 10
  • 9
1 Solution
 
samriCommented:
There is some writeups on the following page:

http://www.sendmail.org/%7Eca/email/check.html#check_rcpt

http://www.sendmail.org/~ca/email/chk-relay-map.html

I hope this is applicable to you scenario.  

Good luck.
0
 
samriCommented:
0
 
festiveAuthor Commented:
read the URL's - not really what I was looking for:
I need to just remove relay capability from ".com"
when I start sendmail with a -d flag it lists .com as a subdomain - is there a way to override this behaviour.

ie how can we TELL sendmail that the host is actually "mail.batman.com" and that we accept mail for "users@batman.com" but not "users@spammer.com"

I had all of this working fine before the domain changed to a TLD (ie .com)

0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
samriCommented:
Take a look at this link.  Apology, I do not have access to Solaris box to take a peek.

http://www.kempston.net/solaris/configsendmail.html

There a link at Sendmail's website that might be related: http://www.sendmail.org/vendor/sun/

If I can recall, toward the top of the config file, there is a keyword, something that talks about "if the machine cannot identify it's dns domain".  I do not have the reference off hand.

"The $m macro contains the name of the parent domain. "
0
 
samriCommented:
OK. got it from this site: http://www.cisco.com/univercd/cc/td/doc/product/voice/uone/srvprov/r43s/infrastr/appxb.htm


# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
 

Maybe you might want to change it to
-------
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
Djbatman.com
0
 
festiveAuthor Commented:
ok - I have bit the bullet and changed my fqdn
to mailhost.batman.com

I can receive mail for the domain ok and when sending through the system (as an authorised relay) it works.

the problem (hopefully the last) is that from the UNIX
system (ie the mailhost) if messages are sent out -
they are incorrectly addressed (ie they appear to come
from "user@mailhost.batman.com"

how do I get sendmail to strip off the "mailhost" (or hostname) bit and correctly send mail.

(whilst leaving the relay bits and others ok).
0
 
samriCommented:
You can use DM (Domain Masquerading).

Look for DM keyword;
----
# who I masquerade as (null for no masquerading) (see also $=M)
DM

And change it to:
----
# who I masquerade as (null for no masquerading) (see also $=M)
DMbatman.com

and restart sendmail.
0
 
festiveAuthor Commented:
I already had this set to batman.com

- no luck.
still being addressed as from "user@mailhost.batman.com"
0
 
samriCommented:
This is strange, I've tested on my machine Rh7.2 sendmail 8.11.6.   Suppose the version/platform is different, but that should not be affecting the DM.

Try adding these, and rememeber to hash out (#) the exisingting DM, or C{M}, if there is any.

----
DMbatman.com
C{M}batman.com

And restart sendmail:

/etc/init.d/sendmail stop
/etc/init.d/sendmail start

0
 
festiveAuthor Commented:
Tried - same result.

it only happens on the local mailserver
ie it is not hiding it's local hostname :-(

why is the local host name being picked up?
running sendmail -d gives:

System Identity after readcf
short domain name $w = mailhost
canonical domain name $j = mailhost.batman.com
subdomain name $m = batman.com
node name $k = mailhost

hence anything that goes out from the local host
is being addressed as coming from: $j or $k$m

There is an entry within Ruleset 96 that states:
"Handle special cases for local names"
and contains:
R$* < @ localhost . $m > $*      $: $1 < @ $j . > $2  local domain

This is the last bit that I need to get working..
0
 
samriCommented:
which user did you test your mail.  Normall, root would  not have their masqueraded.  Try to send mail using other login.

Notice this option:
C{E}root
0
 
festiveAuthor Commented:
tried it as an untrusted / unlisted user...
same deal.
0
 
samriCommented:
Hmm...

Either we are stucked... or we had to wait for other "experts".

Personally, at this point, I would just do an "init 6" (reboot) and see if anything good comes out.  -- if you can afford to restart the machine.  I knew, this is too radical, but who knows.
0
 
festiveAuthor Commented:
I will double the points (ie to 500) for anyone who has done this on Solaris 8 and can share this little secret:
ie

how to hide the local user@machine.domain for local UNIX users behind user@domain.

Note: All other users work fine: sendmail.cf file is based on subsidiary.cf

This is really irritating and the last bit i need to do to fix the problem.
0
 
samriCommented:
The following page might be useful:
http://www.kempston.net/solaris/configsendmail.html

Jump to this section:
"If you have several email addresses:"
0
 
festiveAuthor Commented:
I just hate to answer my own questions - but this may be useful to any poor unfortunates that have to do this themselves:

The biggest problem is that all of the resources are either out of date or for generic sendmail.

Solaris Sendmail appears very different.

To Recap:

**********************************************************
Telling your Solaris Sendmail Server to hide it's actual
hostname.
**********************************************************

eg you have a server called mailhost.mydomain.com
and your mail addresses are address@mydomain.com
and when you send email from the local UNIX system
it goes out addressed as from user@mailhost.mydomain.com
and you want it to be user@mydomain.com

Here is what you do:

ensure that your hostnames are correct:
you can check this with: sendmail -d
this will display the host, dns and node names etc

edit your /etc/mail/sendmail.cf file as usual.
locate the line "SEnvFromSMTP=11"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

likewise - locate the line "SHdrFromSMTP=31"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

restart sendmail and voila - all is well.
0
 
festiveAuthor Commented:
Even though you did not resolve the problem
you were the only one willing to risk life
and limb delving into the bowels of sendmail.

I appreciate your input.

Maybe I will see you in the Solaris Forum :-)

Thanks
Festive
0
 
samriCommented:
festive,

I just came back from a two days gateway (weekend).

The information is certainly very new to me.  I knew that Sun's version on Sendmail (and most other products) are a bit "tuned-up" to Sun's specific.

Anyhow, it is very useful.  Perhaps you might want to share with us the URL maybe.

In most scenario, the DM option should have done the work.

Anyway, I certainly would appreciate the pts (even though I don't feel 100% entitled to it).  For appreciatin: Gracias.


cheers.
0
 
festiveAuthor Commented:
There was no URL - that is the problem :-(
I have found this by scouring the web.
all of the existing stuff at kempston and sunsolve
are for the older versions.

if ever you need help with this - I am a wizard now
(although it was a close call!)
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now