Solved

Native sendmail.cf for Solaris

Posted on 2002-04-23
19
935 Views
Last Modified: 2013-12-17
Greetings sendmail gods:

UPDATED:
I have bit the bullet and changed the hostname to
mailman.batman.com and installed a modified copy of
the subsidiary.cf file as sendmail.cf.

Everything works fine except when LOCAL UNIX USERS
send email. The mail is reported to come from
"user@mailman.batman.com", not "user@batman.com".

I will award "500" points to anyone who can help me solve this.

**********************************************
Original Message:

I have a system that is configured with Native Solaris mail (110615-04). My problem:
I have a TLD (Top Level Domain), eg

batman.com

mail works fine in and out.
the problem is due to the fact that the system name is "batman.com".

by default (and a bloody stupid one too) sendmail allows relaying to subdomain traffic (ie .COM) - which is clearly undesirable.

The question:

without changing the hostname, how do i get relaying to stop for the .com domain?

I would also prefer not to muck about with m4 - hacking the sendmail.cf is preferred.

(the cf file is based on "main.cf")

0
Comment
Question by:festive
  • 10
  • 9
19 Comments
 
LVL 15

Expert Comment

by:samri
ID: 6964677
There is some writeups on the following page:

http://www.sendmail.org/%7Eca/email/check.html#check_rcpt

http://www.sendmail.org/~ca/email/chk-relay-map.html

I hope this is applicable to you scenario.  

Good luck.
0
 
LVL 15

Expert Comment

by:samri
ID: 6964678
0
 
LVL 2

Author Comment

by:festive
ID: 6964798
read the URL's - not really what I was looking for:
I need to just remove relay capability from ".com"
when I start sendmail with a -d flag it lists .com as a subdomain - is there a way to override this behaviour.

ie how can we TELL sendmail that the host is actually "mail.batman.com" and that we accept mail for "users@batman.com" but not "users@spammer.com"

I had all of this working fine before the domain changed to a TLD (ie .com)

0
 
LVL 15

Expert Comment

by:samri
ID: 6964854
Take a look at this link.  Apology, I do not have access to Solaris box to take a peek.

http://www.kempston.net/solaris/configsendmail.html

There a link at Sendmail's website that might be related: http://www.sendmail.org/vendor/sun/

If I can recall, toward the top of the config file, there is a keyword, something that talks about "if the machine cannot identify it's dns domain".  I do not have the reference off hand.

"The $m macro contains the name of the parent domain. "
0
 
LVL 15

Expert Comment

by:samri
ID: 6964857
OK. got it from this site: http://www.cisco.com/univercd/cc/td/doc/product/voice/uone/srvprov/r43s/infrastr/appxb.htm


# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
 

Maybe you might want to change it to
-------
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
Djbatman.com
0
 
LVL 2

Author Comment

by:festive
ID: 6967612
ok - I have bit the bullet and changed my fqdn
to mailhost.batman.com

I can receive mail for the domain ok and when sending through the system (as an authorised relay) it works.

the problem (hopefully the last) is that from the UNIX
system (ie the mailhost) if messages are sent out -
they are incorrectly addressed (ie they appear to come
from "user@mailhost.batman.com"

how do I get sendmail to strip off the "mailhost" (or hostname) bit and correctly send mail.

(whilst leaving the relay bits and others ok).
0
 
LVL 15

Expert Comment

by:samri
ID: 6967772
You can use DM (Domain Masquerading).

Look for DM keyword;
----
# who I masquerade as (null for no masquerading) (see also $=M)
DM

And change it to:
----
# who I masquerade as (null for no masquerading) (see also $=M)
DMbatman.com

and restart sendmail.
0
 
LVL 2

Author Comment

by:festive
ID: 6970349
I already had this set to batman.com

- no luck.
still being addressed as from "user@mailhost.batman.com"
0
 
LVL 15

Expert Comment

by:samri
ID: 6970375
This is strange, I've tested on my machine Rh7.2 sendmail 8.11.6.   Suppose the version/platform is different, but that should not be affecting the DM.

Try adding these, and rememeber to hash out (#) the exisingting DM, or C{M}, if there is any.

----
DMbatman.com
C{M}batman.com

And restart sendmail:

/etc/init.d/sendmail stop
/etc/init.d/sendmail start

0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 2

Author Comment

by:festive
ID: 6970455
Tried - same result.

it only happens on the local mailserver
ie it is not hiding it's local hostname :-(

why is the local host name being picked up?
running sendmail -d gives:

System Identity after readcf
short domain name $w = mailhost
canonical domain name $j = mailhost.batman.com
subdomain name $m = batman.com
node name $k = mailhost

hence anything that goes out from the local host
is being addressed as coming from: $j or $k$m

There is an entry within Ruleset 96 that states:
"Handle special cases for local names"
and contains:
R$* < @ localhost . $m > $*      $: $1 < @ $j . > $2  local domain

This is the last bit that I need to get working..
0
 
LVL 15

Expert Comment

by:samri
ID: 6970556
which user did you test your mail.  Normall, root would  not have their masqueraded.  Try to send mail using other login.

Notice this option:
C{E}root
0
 
LVL 2

Author Comment

by:festive
ID: 6970594
tried it as an untrusted / unlisted user...
same deal.
0
 
LVL 15

Expert Comment

by:samri
ID: 6970618
Hmm...

Either we are stucked... or we had to wait for other "experts".

Personally, at this point, I would just do an "init 6" (reboot) and see if anything good comes out.  -- if you can afford to restart the machine.  I knew, this is too radical, but who knows.
0
 
LVL 2

Author Comment

by:festive
ID: 6970852
I will double the points (ie to 500) for anyone who has done this on Solaris 8 and can share this little secret:
ie

how to hide the local user@machine.domain for local UNIX users behind user@domain.

Note: All other users work fine: sendmail.cf file is based on subsidiary.cf

This is really irritating and the last bit i need to do to fix the problem.
0
 
LVL 15

Accepted Solution

by:
samri earned 250 total points
ID: 6970877
The following page might be useful:
http://www.kempston.net/solaris/configsendmail.html

Jump to this section:
"If you have several email addresses:"
0
 
LVL 2

Author Comment

by:festive
ID: 6971633
I just hate to answer my own questions - but this may be useful to any poor unfortunates that have to do this themselves:

The biggest problem is that all of the resources are either out of date or for generic sendmail.

Solaris Sendmail appears very different.

To Recap:

**********************************************************
Telling your Solaris Sendmail Server to hide it's actual
hostname.
**********************************************************

eg you have a server called mailhost.mydomain.com
and your mail addresses are address@mydomain.com
and when you send email from the local UNIX system
it goes out addressed as from user@mailhost.mydomain.com
and you want it to be user@mydomain.com

Here is what you do:

ensure that your hostnames are correct:
you can check this with: sendmail -d
this will display the host, dns and node names etc

edit your /etc/mail/sendmail.cf file as usual.
locate the line "SEnvFromSMTP=11"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

likewise - locate the line "SHdrFromSMTP=31"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

restart sendmail and voila - all is well.
0
 
LVL 2

Author Comment

by:festive
ID: 6971644
Even though you did not resolve the problem
you were the only one willing to risk life
and limb delving into the bowels of sendmail.

I appreciate your input.

Maybe I will see you in the Solaris Forum :-)

Thanks
Festive
0
 
LVL 15

Expert Comment

by:samri
ID: 6974921
festive,

I just came back from a two days gateway (weekend).

The information is certainly very new to me.  I knew that Sun's version on Sendmail (and most other products) are a bit "tuned-up" to Sun's specific.

Anyhow, it is very useful.  Perhaps you might want to share with us the URL maybe.

In most scenario, the DM option should have done the work.

Anyway, I certainly would appreciate the pts (even though I don't feel 100% entitled to it).  For appreciatin: Gracias.


cheers.
0
 
LVL 2

Author Comment

by:festive
ID: 6979968
There was no URL - that is the problem :-(
I have found this by scouring the web.
all of the existing stuff at kempston and sunsolve
are for the older versions.

if ever you need help with this - I am a wizard now
(although it was a close call!)
0

Featured Post

Can’t get the mobile email signature right?

Not having any luck when trying to create an email signature for mobile devices? Does the formatting keep messing up? Make sure you have great email signatures on all devices by using Exclaimer Cloud - Signatures for Office 365.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Automapping, a wonderful feature with Exchange 2010 (SP2 onwards I believe), allows additional/Shared mailboxes that a user has access to be automatically mapped on Outlook client, simplifying the process by adding them while Outlook launches. Ho…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now