Solved

Native sendmail.cf for Solaris

Posted on 2002-04-23
19
931 Views
Last Modified: 2013-12-17
Greetings sendmail gods:

UPDATED:
I have bit the bullet and changed the hostname to
mailman.batman.com and installed a modified copy of
the subsidiary.cf file as sendmail.cf.

Everything works fine except when LOCAL UNIX USERS
send email. The mail is reported to come from
"user@mailman.batman.com", not "user@batman.com".

I will award "500" points to anyone who can help me solve this.

**********************************************
Original Message:

I have a system that is configured with Native Solaris mail (110615-04). My problem:
I have a TLD (Top Level Domain), eg

batman.com

mail works fine in and out.
the problem is due to the fact that the system name is "batman.com".

by default (and a bloody stupid one too) sendmail allows relaying to subdomain traffic (ie .COM) - which is clearly undesirable.

The question:

without changing the hostname, how do i get relaying to stop for the .com domain?

I would also prefer not to muck about with m4 - hacking the sendmail.cf is preferred.

(the cf file is based on "main.cf")

0
Comment
Question by:festive
  • 10
  • 9
19 Comments
 
LVL 15

Expert Comment

by:samri
Comment Utility
There is some writeups on the following page:

http://www.sendmail.org/%7Eca/email/check.html#check_rcpt

http://www.sendmail.org/~ca/email/chk-relay-map.html

I hope this is applicable to you scenario.  

Good luck.
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
0
 
LVL 2

Author Comment

by:festive
Comment Utility
read the URL's - not really what I was looking for:
I need to just remove relay capability from ".com"
when I start sendmail with a -d flag it lists .com as a subdomain - is there a way to override this behaviour.

ie how can we TELL sendmail that the host is actually "mail.batman.com" and that we accept mail for "users@batman.com" but not "users@spammer.com"

I had all of this working fine before the domain changed to a TLD (ie .com)

0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Take a look at this link.  Apology, I do not have access to Solaris box to take a peek.

http://www.kempston.net/solaris/configsendmail.html

There a link at Sendmail's website that might be related: http://www.sendmail.org/vendor/sun/

If I can recall, toward the top of the config file, there is a keyword, something that talks about "if the machine cannot identify it's dns domain".  I do not have the reference off hand.

"The $m macro contains the name of the parent domain. "
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
OK. got it from this site: http://www.cisco.com/univercd/cc/td/doc/product/voice/uone/srvprov/r43s/infrastr/appxb.htm


# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
 

Maybe you might want to change it to
-------
# my official domain name
# ... define this only if sendmail cannot automatically determine your domain
#Dj$w.Foo.COM
Djbatman.com
0
 
LVL 2

Author Comment

by:festive
Comment Utility
ok - I have bit the bullet and changed my fqdn
to mailhost.batman.com

I can receive mail for the domain ok and when sending through the system (as an authorised relay) it works.

the problem (hopefully the last) is that from the UNIX
system (ie the mailhost) if messages are sent out -
they are incorrectly addressed (ie they appear to come
from "user@mailhost.batman.com"

how do I get sendmail to strip off the "mailhost" (or hostname) bit and correctly send mail.

(whilst leaving the relay bits and others ok).
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
You can use DM (Domain Masquerading).

Look for DM keyword;
----
# who I masquerade as (null for no masquerading) (see also $=M)
DM

And change it to:
----
# who I masquerade as (null for no masquerading) (see also $=M)
DMbatman.com

and restart sendmail.
0
 
LVL 2

Author Comment

by:festive
Comment Utility
I already had this set to batman.com

- no luck.
still being addressed as from "user@mailhost.batman.com"
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
This is strange, I've tested on my machine Rh7.2 sendmail 8.11.6.   Suppose the version/platform is different, but that should not be affecting the DM.

Try adding these, and rememeber to hash out (#) the exisingting DM, or C{M}, if there is any.

----
DMbatman.com
C{M}batman.com

And restart sendmail:

/etc/init.d/sendmail stop
/etc/init.d/sendmail start

0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 2

Author Comment

by:festive
Comment Utility
Tried - same result.

it only happens on the local mailserver
ie it is not hiding it's local hostname :-(

why is the local host name being picked up?
running sendmail -d gives:

System Identity after readcf
short domain name $w = mailhost
canonical domain name $j = mailhost.batman.com
subdomain name $m = batman.com
node name $k = mailhost

hence anything that goes out from the local host
is being addressed as coming from: $j or $k$m

There is an entry within Ruleset 96 that states:
"Handle special cases for local names"
and contains:
R$* < @ localhost . $m > $*      $: $1 < @ $j . > $2  local domain

This is the last bit that I need to get working..
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
which user did you test your mail.  Normall, root would  not have their masqueraded.  Try to send mail using other login.

Notice this option:
C{E}root
0
 
LVL 2

Author Comment

by:festive
Comment Utility
tried it as an untrusted / unlisted user...
same deal.
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Hmm...

Either we are stucked... or we had to wait for other "experts".

Personally, at this point, I would just do an "init 6" (reboot) and see if anything good comes out.  -- if you can afford to restart the machine.  I knew, this is too radical, but who knows.
0
 
LVL 2

Author Comment

by:festive
Comment Utility
I will double the points (ie to 500) for anyone who has done this on Solaris 8 and can share this little secret:
ie

how to hide the local user@machine.domain for local UNIX users behind user@domain.

Note: All other users work fine: sendmail.cf file is based on subsidiary.cf

This is really irritating and the last bit i need to do to fix the problem.
0
 
LVL 15

Accepted Solution

by:
samri earned 250 total points
Comment Utility
The following page might be useful:
http://www.kempston.net/solaris/configsendmail.html

Jump to this section:
"If you have several email addresses:"
0
 
LVL 2

Author Comment

by:festive
Comment Utility
I just hate to answer my own questions - but this may be useful to any poor unfortunates that have to do this themselves:

The biggest problem is that all of the resources are either out of date or for generic sendmail.

Solaris Sendmail appears very different.

To Recap:

**********************************************************
Telling your Solaris Sendmail Server to hide it's actual
hostname.
**********************************************************

eg you have a server called mailhost.mydomain.com
and your mail addresses are address@mydomain.com
and when you send email from the local UNIX system
it goes out addressed as from user@mailhost.mydomain.com
and you want it to be user@mydomain.com

Here is what you do:

ensure that your hostnames are correct:
you can check this with: sendmail -d
this will display the host, dns and node names etc

edit your /etc/mail/sendmail.cf file as usual.
locate the line "SEnvFromSMTP=11"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

likewise - locate the line "SHdrFromSMTP=31"
underneath it will be a line that is commented:
"change to mail server" and should start with:
R$+   and contain the word "Canonify2".
within this line: replace the ${ms} with $m

restart sendmail and voila - all is well.
0
 
LVL 2

Author Comment

by:festive
Comment Utility
Even though you did not resolve the problem
you were the only one willing to risk life
and limb delving into the bowels of sendmail.

I appreciate your input.

Maybe I will see you in the Solaris Forum :-)

Thanks
Festive
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
festive,

I just came back from a two days gateway (weekend).

The information is certainly very new to me.  I knew that Sun's version on Sendmail (and most other products) are a bit "tuned-up" to Sun's specific.

Anyhow, it is very useful.  Perhaps you might want to share with us the URL maybe.

In most scenario, the DM option should have done the work.

Anyway, I certainly would appreciate the pts (even though I don't feel 100% entitled to it).  For appreciatin: Gracias.


cheers.
0
 
LVL 2

Author Comment

by:festive
Comment Utility
There was no URL - that is the problem :-(
I have found this by scouring the web.
all of the existing stuff at kempston and sunsolve
are for the older versions.

if ever you need help with this - I am a wizard now
(although it was a close call!)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

MS outlook is a premier email client that enable you to send and receive the e-mails with various file formats of attachments such as document files, media file, and many others formats. There is some scenario occurs when a receiver of an e-mail mes…
Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now