Solved

Native sendmail.cf for Solaris

Posted on 2002-04-23
19
941 Views
Last Modified: 2013-12-17
Greetings sendmail gods:

UPDATED:
I have bit the bullet and changed the hostname to
mailman.batman.com and installed a modified copy of
the subsidiary.cf file as sendmail.cf.

Everything works fine except when LOCAL UNIX USERS
send email. The mail is reported to come from
"user@mailman.batman.com", not "user@batman.com".

I will award "500" points to anyone who can help me solve this.

**********************************************
Original Message:

I have a system that is configured with Native Solaris mail (110615-04). My problem:
I have a TLD (Top Level Domain), eg

batman.com

mail works fine in and out.
the problem is due to the fact that the system name is "batman.com".

by default (and a bloody stupid one too) sendmail allows relaying to subdomain traffic (ie .COM) - which is clearly undesirable.

The question:

without changing the hostname, how do i get relaying to stop for the .com domain?

I would also prefer not to muck about with m4 - hacking the sendmail.cf is preferred.

(the cf file is based on "main.cf")

0
Comment
Question by:festive
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 9
19 Comments
 
LVL 15

Expert Comment

by:samri
ID: 6964677
There is some writeups on the following page:

http://www.sendmail.org/%7Eca/email/check.html#check_rcpt

http://www.sendmail.org/~ca/email/chk-relay-map.html

I hope this is applicable to you scenario.  

Good luck.
0
 
LVL 15

Expert Comment

by:samri
ID: 6964678
0
 
LVL 2

Author Comment

by:festive
ID: 6964798
read the URL's - not really what I was looking for:
I need to just remove relay capability from ".com"
when I start sendmail with a -d flag it lists .com as a subdomain - is there a way to override this behaviour.

ie how can we TELL sendmail that the host is actually "mail.batman.com" and that we accept mail for "users@batman.com" but not "users@spammer.com"

I had all of this working fine before the domain changed to a TLD (ie .com)

0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 15

Expert Comment

by:samri
ID: 6964854
Take a look at this link.  Apology, I do not have access to Solaris box to take a peek.

http://www.kempston.net/solaris/configsendmail.html

There a link at Sendmail's website that might be related: http://www.sendmail.org/vendor/sun/

If I can recall, toward the top of the config file, there is a keyword, something that talks about "if the machine cannot identify it's dns domain".  I do not have the reference off hand.

"The $m macro contains the name of the parent domain. "
0
 
LVL 15

Expert Comment

by:samri
ID: 6964857
OK. got it from this site: http://www.cisco.com/univercd/cc/td/doc/product/voice/uone/srvprov/r43s/infrastr/appxb.htm


# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
 

Maybe you might want to change it to
-------
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
Djbatman.com
0
 
LVL 2

Author Comment

by:festive
ID: 6967612
ok - I have bit the bullet and changed my fqdn
to mailhost.batman.com

I can receive mail for the domain ok and when sending through the system (as an authorised relay) it works.

the problem (hopefully the last) is that from the UNIX
system (ie the mailhost) if messages are sent out -
they are incorrectly addressed (ie they appear to come
from "user@mailhost.batman.com"

how do I get sendmail to strip off the "mailhost" (or hostname) bit and correctly send mail.

(whilst leaving the relay bits and others ok).
0
 
LVL 15

Expert Comment

by:samri
ID: 6967772
You can use DM (Domain Masquerading).

Look for DM keyword;
----
# who I masquerade as (null for no masquerading) (see also $=M)
DM

And change it to:
----
# who I masquerade as (null for no masquerading) (see also $=M)
DMbatman.com

and restart sendmail.
0
 
LVL 2

Author Comment

by:festive
ID: 6970349
I already had this set to batman.com

- no luck.
still being addressed as from "user@mailhost.batman.com"
0
 
LVL 15

Expert Comment

by:samri
ID: 6970375
This is strange, I've tested on my machine Rh7.2 sendmail 8.11.6.   Suppose the version/platform is different, but that should not be affecting the DM.

Try adding these, and rememeber to hash out (#) the exisingting DM, or C{M}, if there is any.

----
DMbatman.com
C{M}batman.com

And restart sendmail:

/etc/init.d/sendmail stop
/etc/init.d/sendmail start

0
 
LVL 2

Author Comment

by:festive
ID: 6970455
Tried - same result.

it only happens on the local mailserver
ie it is not hiding it's local hostname :-(

why is the local host name being picked up?
running sendmail -d gives:

System Identity after readcf
short domain name $w = mailhost
canonical domain name $j = mailhost.batman.com
subdomain name $m = batman.com
node name $k = mailhost

hence anything that goes out from the local host
is being addressed as coming from: $j or $k$m

There is an entry within Ruleset 96 that states:
"Handle special cases for local names"
and contains:
R$* < @ localhost . $m > $*      $: $1 < @ $j . > $2  local domain

This is the last bit that I need to get working..
0
 
LVL 15

Expert Comment

by:samri
ID: 6970556
which user did you test your mail.  Normall, root would  not have their masqueraded.  Try to send mail using other login.

Notice this option:
C{E}root
0
 
LVL 2

Author Comment

by:festive
ID: 6970594
tried it as an untrusted / unlisted user...
same deal.
0
 
LVL 15

Expert Comment

by:samri
ID: 6970618
Hmm...

Either we are stucked... or we had to wait for other "experts".

Personally, at this point, I would just do an "init 6" (reboot) and see if anything good comes out.  -- if you can afford to restart the machine.  I knew, this is too radical, but who knows.
0
 
LVL 2

Author Comment

by:festive
ID: 6970852
I will double the points (ie to 500) for anyone who has done this on Solaris 8 and can share this little secret:
ie

how to hide the local user@machine.domain for local UNIX users behind user@domain.

Note: All other users work fine: sendmail.cf file is based on subsidiary.cf

This is really irritating and the last bit i need to do to fix the problem.
0
 
LVL 15

Accepted Solution

by:
samri earned 250 total points
ID: 6970877
The following page might be useful:
http://www.kempston.net/solaris/configsendmail.html

Jump to this section:
"If you have several email addresses:"
0
 
LVL 2

Author Comment

by:festive
ID: 6971633
I just hate to answer my own questions - but this may be useful to any poor unfortunates that have to do this themselves:

The biggest problem is that all of the resources are either out of date or for generic sendmail.

Solaris Sendmail appears very different.

To Recap:

**********************************************************
Telling your Solaris Sendmail Server to hide it's actual
hostname.
**********************************************************

eg you have a server called mailhost.mydomain.com
and your mail addresses are address@mydomain.com
and when you send email from the local UNIX system
it goes out addressed as from user@mailhost.mydomain.com
and you want it to be user@mydomain.com

Here is what you do:

ensure that your hostnames are correct:
you can check this with: sendmail -d
this will display the host, dns and node names etc

edit your /etc/mail/sendmail.cf file as usual.
locate the line "SEnvFromSMTP=11"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

likewise - locate the line "SHdrFromSMTP=31"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

restart sendmail and voila - all is well.
0
 
LVL 2

Author Comment

by:festive
ID: 6971644
Even though you did not resolve the problem
you were the only one willing to risk life
and limb delving into the bowels of sendmail.

I appreciate your input.

Maybe I will see you in the Solaris Forum :-)

Thanks
Festive
0
 
LVL 15

Expert Comment

by:samri
ID: 6974921
festive,

I just came back from a two days gateway (weekend).

The information is certainly very new to me.  I knew that Sun's version on Sendmail (and most other products) are a bit "tuned-up" to Sun's specific.

Anyhow, it is very useful.  Perhaps you might want to share with us the URL maybe.

In most scenario, the DM option should have done the work.

Anyway, I certainly would appreciate the pts (even though I don't feel 100% entitled to it).  For appreciatin: Gracias.


cheers.
0
 
LVL 2

Author Comment

by:festive
ID: 6979968
There was no URL - that is the problem :-(
I have found this by scouring the web.
all of the existing stuff at kempston and sunsolve
are for the older versions.

if ever you need help with this - I am a wizard now
(although it was a close call!)
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
multiple email servers same domain 7 36
Exchange 2013 Snap-in? 3 40
Exchange 2010 SMTP Question 1 47
Email forward and auto reply 4 54
Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question