HP-UX Mailing Services Administrator’s Guide HP-UX 11i v2, HP-UX 11i v3 HP Part Number: B2355-91064 Published: February 2007 Edition: 3
Legal Notices © Copyright 2004–2007 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Table of Contents About This Document...................................................................................................................13 New and Changed Information in This Edition........................................................................13 Intended Audience................................................................................................................13 HP-UX Release Name and Release Identifier..................................................................
2 Configuring and Administering Sendmail....................................................................................37 Configuring Sendmail............................................................................................................37 Configuring Sendmail on a Standalone System...................................................................38 Configuring Sendmail on a Mail Server..............................................................................
Promiscuous Relay.................................................................................................57 No Default MSA....................................................................................................57 DNS Blackhole List................................................................................................57 Relay mail from.....................................................................................................58 Delay checks..............................
Configuring Cyrus SASL v2 in Sendmail......................................................................81 Configuring Sendmail to Reject Unsolicited Mail.....................................................................81 Message Quarantining......................................................................................................82 Support for Mail Filter (MILTER) APIs...............................................................................82 Enhanced DNS Black Hole List Option....
Printing and Reading the Mail Queue................................................................................98 Files in the Mail Queue................................................................................................99 Queue Changes..............................................................................................................101 Changes to Sendmail Files and Databases.........................................................................101 The mailstats Utility........
List of Figures 1-1 1-2 Flow of Mail Through Sendmail.................................................................................25 Sendmail Client-Server Operation..............................................................................
List of Tables 1-1 1-2 1-3 1-4 2-1 2-2 2-3 2-4 2-5 2-6 2-7 2-8 MTA and MUAs Supported on HP-UX 11i v2 and HP-UX 11i v3..............................17 Time Zones Supported by mailx.................................................................................20 How Sendmail Resolves Addresses with Mixed Operators.......................................27 Q Configuration Command Equates...........................................................................30 The —R Values in the dns Database Map.......
About This Document This document describes the Mailing Services implemented in the HP-UX 11i v2 and HP-UX 11i v3 operating systems. It is one of the documents available for the Internet Services suite of products. For a list of other Internet Services documents, see “Related Information” (page 15). These documents replace the document Installing and Administering Internet Services (B2355-90685), which was shipped with releases prior to the HP-UX 11i v2 operating system.
HP-UX Release Name and Release Identifier Each HP-UX 11i release has an associated release name and release identifier. The uname(1) command with the -r option returns the release identifier. The following table lists the releases available for HP-UX 11i. Release Identifier Release Name Supported Processor Architecture B.11.11 HP-UX 11i v1 PA-RISC B.11.20 HP-UX 11i v1.5 Intel® Itanium® Processor Family B.11.22 HP-UX 11i v1.6 Intel Itanium Processor Family B.11.23 HP-UX 11i v2.
Related Information For more information about the Internet Services suite of products, see the following documents: • HP-UX Internet Services Administrator’s Guide at: http://www.docs.hp.com/hpux/netcom/index.html#Internet%20Services • HP-UX Routing Services Administrator’s Guide at: http://www.docs.hp.com/hpux/netcom/index.html#Internet%20Services • HP-UX IP Address and Client Management Administrator’s Guide at: http://www.docs.hp.com/hpux/netcom/index.
ComputerOut Command $ # daemon Variable [] {} (Ctrl+A) Bold ... | Text displayed by the computer. A command name or qualified command phrase, daemon, file, or option name. The system prompt for the Bourne, Korn, and POSIX shells. The superuser prompt. Courier font type indicates daemons, files, commands, manpages, and option names. The name of a variable that you may replace in a command or function or information in a display that represents several possible values.
1 Mailing Services Overview Mailers are a set of UNIX® commands that provide command-line interfaces for users to send and receive messages over the network. These interfaces, which are generally referred to as Mail User Agents (MUA), communicate with a Mail Transport Agent (MTA) to send mail messages to the appropriate destination, and receive messages destined to the end user’s mailbox. An MUA is a program that allows users to compose and read electronic mail messages.
CAUTION: Do not use two separate mail programs simultaneously to access the same mail file. This may cause unpredictable results. The elm Utility The elm utility is based on the public domain elm program. An electronic mail for UNIX, elm is a Mail User Agent (MUA) system designed to run with Sendmail or with any other UNIX MTA configured on your system.
(the options menu) in the main menu, which displays a list of all the elm configuration variables. Choose the appropriate option in the options menu to modify the configuration variable. When invoked, elm reads the customized variables from the $HOME/.elm/elmrc file to initialize the parameters.
these messages are not displayed the next time mailx is invoked. Messages remain in this file until removed explicitly. During startup, mailx reads commands from a system-wide file, /usr/share/lib/mailx.rc, to initialize certain parameters. It then uses the personalized variables available in the user-specific startup file, $HOME/mailrc. When you invoke mailx, a header summary of all the messages is displayed, followed by a prompt indicating that mailx can accept regular options.
Table 1-2 Time Zones Supported by mailx (continued) hac hae hap har hat hay hfh hg hkt hna hnc hne hnp hnr hnt hny hoe idle idlw idt iot irdt irkst irkt irst irt javt jayt jt kgst kgt kost krast krat lhdt lhst ligt lint lkt magst magt mal mart mat mawt med medst mesz mewt mex mez mht mmt msks mvt myt nct ndt nft nor novst novt npt nrt nsut nt nut nzdt nzst nzt oesz oez omsst omst pet petst pett pgt phot pht pkt pmdt pont pwt
following line in mailfile to forward all mail addressed to the owner to a given machine or person: Forward to This is used especially for forwarding mail to a given machine in a multiple-machine environment. The Forward option requires read-write group permission and mail group ID in the mailfile. Unlike mail, you can use rmail only to send messages. UUCP uses rmail as a security precaution. For more information on mail and rmail, type man 1M mail at the HP-UX prompt.
For more technical and conceptual information about Sendmail, HP recommends that you read Bryan Costales and Eric Allman, 2001. Sendmail, 3rd Edition, O'Reilly and Associates, Inc. You can also refer to the Sendmail 8.13 Companion by Bryan Costales. For information about using Sendmail with BIND, HP recommends that you read DNS and BIND, by Paul Albitz and Cricket Liu, also published by O’Reilly and Associates, Inc.
How Sendmail Collects Messages Sendmail receives messages through any of the following methods: • • • A user agent calls Sendmail to route a piece of mail. User agents supported by HP for use with Sendmail are elm, mail, and mailx. A Sendmail daemon or other mail program calls Sendmail to route a piece of mail received from the network or the mail queue. A user invokes Sendmail directly from the command line. How Sendmail Routes Messages Sendmail routes messages as follows: 1. 2. 3.
Figure 1-1 Flow of Mail Through Sendmail The Sendmail Utility 25
If an address resolves to the local mailer, Sendmail looks up the address in its alias database and expands it appropriately if it is found. The aliasing facility or a user’s .forward file can be used to route mail to programs and to files. (Sendmail does not mail directly to programs or files.) Mail to programs is normally piped to the prog mailer (/usr/bin/sh -c), which executes the command specified in the alias or .forward file definition.
SMTP Addresses: RFC 2822-style addresses in any of the following forms, where host is not the local host name, are routed by SMTP over TCP/IP: user@host user@host.domain <@host,@host2,@host3:user@host4> user@[remote_host’s_internet_address] If the name server is in use, Sendmail requests mail exchanger (MX) records for the remote host. If there are any, it attempts to deliver the mail to each of them, in the order of preference, until delivery succeeds.
MX host in the list in order, and it delivers the message to the first MX host to which it successfully connects. If that MX host is not the final destination for the message, it is expected that the host will relay the message to its final destination. If Sendmail tries all the MX hosts in the list and fails, the message is returned to the sender with an error message.
Messages addressed to hosts in the nz domain are relayed to the host gw.dcc.nz. HP recommends that you seek permission from the administrators of hosts not under your own control before relaying mail through them. MX Failures: Several possible failures are associated with MX configuration: • The name server query for MX records fails. The query fails because no MX records exist for the target host or because the name server is not running. You can set the TryNullMXList option in the /etc/mail/sendmail.
describes the equates and the command-line arguments or options the queue groups can override. Table 1-4 Q Configuration Command Equates Equate Overrides Command-Line Switch/Option Description Flags= (F=) -qf Specifies fork queue runs. Interval= (I=) -qInterval Specifies the interval between queue runs. Jobs=(J=) MaxQueueRunSize Specifies the maximum number of envelopes per queue run. Nice=(N=) NiceQueueRun Specifies how to renice(3) the queue run.
Using queuegroups Through the access Database To select queue groups easily based on recipient addresses or recipient domains, you must use the gen_cf main menu option to use the queue group feature. After enabling the queuegroup feature, you must add lines such as the following to the source file for your access database: QGRP:slow-poke.com QGRP:root@notify.com QGRP:your.
• value according to your system size. Do not set ConnectionCacheSize to a value greater than 4. The ConnectionCacheTimeout(K) option specifies the maximum time that any cached connection is permitted to remain idle. When the idle time exceeds this value, the connection is closed. This number must be small (less than 10 minutes) to prevent Sendmail from using too many resources from other hosts. The default ConnectionCacheTimeout value is 5 minutes.
An efficient queue file-naming system is also being provided in this release. The algorithm used to name files ensures that the names will be unique for 60 years. The queued items can be moved between queues with ease. Default Client/Server Operation This section describes the operation of Sendmail servers and clients. Figure 1-2 shows a Sendmail server called mailserv and a Sendmail client called mailclient in the company.com domain. On mailclient, the SENDMAIL_SERVER_NAME in the /etc/rc.config.
How Sendmail Handles Errors By default, Sendmail immediately reports to standard output any errors that occur during the routing or delivery of a message. Sendmail distinguishes between temporary failures and permanent failures. Permanent failures are mail transactions that are unlikely to succeed without the intervention of the sender or a system administrator. For example, mailing to an unknown user is a permanent failure.
If the attempt to return the failed message itself fails, Sendmail returns the message and transcript to the alias postmaster on the local system. The postmaster alias in the default alias file (/usr/newconfig/etc/mail/aliases) resolves to root. If Sendmail is unable to return the message to any of the addresses described previously, as a last resort it appends the error transcript and returned message to the file /var/tmp/dead.letter.
2 Configuring and Administering Sendmail This chapter describes Sendmail, the Internet Services mail routing utility provided on the HP-UX operating system. Sendmail relays incoming and outgoing mail messages to the appropriate programs for delivery and further routing. Sendmail allows you to send mail and to receive mail messages from other hosts on a local area network or through a gateway.
NOTE: HP recommends that you use Sendmail with the BIND name server. The BIND name server must have a mail exchanger (MX) record for every host in every domain that it serves. For more information on how Sendmail uses MX records, see “Mail Exchanger (MX) Records” (page 27). Configuring Sendmail on a Standalone System When Sendmail is installed, it is automatically configured to send and receive mail messages for users on the local system only.
The Sendmail startup script then invokes the Sendmail daemon by issuing the following command: /usr/sbin/sendmail -bd -q30m By using the -q30m option, Sendmail processes the mail queue every 30 minutes. For more information about Sendmail’s command line options, type man 1M sendmail at the HP-UX prompt. Configuring Sendmail on a Mail Server This section describes how to configure a system to allow users on other (client) systems to use Sendmail.
NFS link. By default, a Sendmail client forwards to the server any local mail (a user address destined for the client system) and sends nonlocal mail directly to the destination system or MX host. An outgoing mail message appears to originate from the server, so replies are sent back to the server. For more information on how Sendmail clients and servers work, see “Default Client/Server Operation” (page 33). Sendmail clients can be diskless systems.
Verifying your Sendmail Installation This section provides information on how to verify your Sendmail installation.
Received: from node1.UUCP; Wed, 6 Received: by node1; Wed, 6 Aug 02 Received: from node2.UUCP; Wed, 6 Received: by node2; Wed, 6 Aug 02 Date: Wed, 6 Aug 02 09:26:18 mdt From: Joe User To: node1!node2!joe Subject: UUCP Test Wed Aug Aug 02 09:30:16 09:30:16 mdt Aug 02 09:26:18 09:26:18 mdt 6 09:26:15 MDT 2002 An entry in your /var/adm/syslog/mail.log file must have been logged for the UUCP mail transaction. See “Configuring and Reading the Sendmail Log” (page 95) for more information.
NOTE: In this example, if you send a mail message to yourself and if the remote system is running Sendmail, ensure that the MeToo option is set in the configuration file on the remote system. The remote system’s configuration file must contain a line beginning with O MeToo. If the remote host’s configuration file does not contain such an entry, Sendmail on the remote host notices that the sender is the same as the recipient and removes your address from the recipients’ list.
HP recommends that you leave a copy of the configuration file in the /usr/newconfig directory unmodified, in case you need to reinstall the default configuration settings. To modify the configuration settings in the /etc/mail/sendmail.cf file, perform the following steps: 1. The gen_cf UNIX shell script is installed in the /usr/newconfig/etc/mail/cf/cf directory.
Maximum message size (option MaxMessageSize) This option restricts the maximum message (in bytes) that sendmail will accept from a remote system. If a message larger that this limit is originated form the local system, the message will be truncated to the limit. To enable this feature uncomment the line: O MaxMessageSize=100000 Forwarding Nondomain Mail to a Gateway Mail that is being sent to a domain other than the sender’s domain can be forwarded to a mail gateway.
#O Timeout.control=2m • You can set the resolver’s transmission time interval (in seconds) using the Timeout.resolver.retrans option. This option sets the Timeout.resolver.retrans.first, which sets the resolver’s transmission time interval (in seconds) for the first attempt to deliver a message. It also sets the Timeout.resolver.retrans.normal option. The default setting for this option is: #O Timeout.resolver.retrans=5s #O Timeout.resolver.retrans.first=5s #O Timeout.resolver.retrans.
FallbackMXhost=fallbackhost The FallbackMXhost option works only if Sendmail can look up the host name of the recipient. If it does not find the host name, the FallbackMXhost is not useful. In such situations, Sendmail uses the FallBackSmartHost option. The FallBackSmartHost option specifies the name of an MX record that Sendmail must use as the last resort if the MX records are not available to identify the remote host.
Each new envelope contains fewer envelope recipients. Normally, all the envelopes are delivered in parallel for delivery efficiency. XscriptFileBufferSize Use this option to control the maximum size of a memory-buffered (xf) transcript before using a disk-based file. The default setting for this option is: #O XscriptFileBufferSize=4096 MaxAliasRecursion You can specify the maximum depth of an alias recursion in the sendmail.cf file using this option.
overflow attacks. The default setting for this option is unlimited, as shown in the following example: #O MaxMimeHeaderLength=0/0 DeadLetterDrop Use this option to specify the location of the system-wide dead.letter file, which was formerly hardcoded to/var/tmp/dead.letter. The default setting for this option in this version is: O DeadLetterDrop=/var/tmp/dead.letter Sendmail does not save mail anywhere if this option is not set.
• For a successful lookup: 31:OK resolved.address@example.com • When the key is not found: 8:NOTFOUND • When a failure occurs: 55:TEMP this text explains that we had a temporary failure The socket map uses the following syntax to specify the remote endpoint: Xname {, field=value }* Where: name is the name of the filter and the field=name pairs define the attributes of the filter. Following are the field types: Socket Flags Timeouts Specifies the socket specification.
You must include the -R switch, which specifies the DNS resource record type, to lookup in the dns map declaration. Sendmail supports the following types of resource records: A, AAAA, AFSDB, CNAME, MX, NS, PTR, SRV, and TXT. A map lookup returns only one record. For certain types of records, such as MX records, the return value can be a random element of the list because of the randomizing in the DNS resolver. Table 2-1 describes the different -R values in the dns database map.
Table 2-2 The dns Database-Map Type K Command Switches (continued) Switch Description -R Specifies the record type to look up. -r Denotes the rs_search()_res.retries limit. -T Denotes the suffix to append on temporary failure. -t Informs Sendmail to ignore temporary errors. The /usr/newconfig/etc/mail/cf/cf/gen_cf Script Following are the main menu options in the /usr/newconfig/etc/mail/cf/cf/gen_cf script: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.
You can select the relevant submenu option to set the appropriate options in the /usr/newconfig/etc/mail/cf/cf/sendmail.cf.gen file. Following are the submenu options in the “Relay Options” option: 1. 2. 3. 4. 5. 6. 7. 8. 9. Relay ON Relay OFF [Default Sendmail.
The “Verify permissions for the sendmail files” menu option verifies the permission of the Sendmail files. You can use the gen_cf script to verify the permissions of the Sendmail files. The “Correct permissions for the sendmail files” menu option corrects the permissions of the Sendmail files. You can use the gen_cf script to verify the permissions of the Sendmail files. The “Create User and Queue for MSP” menu option creates a user and queue for MSP.
Relay based on MX Setting this option, will turn ON the ability to allow relaying based on the MX records of the host portion of an incoming recipient; that is, if an MX record for host foo.com points to your site, you will accept and relay mail addressed to foo.com. Relay hosts only This option changes the behavior of the access database and class R macro to lookup individual host names only.
NOTE: Because /etc/mail/access is a database, after creating the text file, you must use the following makemap command to create the database map. makemap dbm /etc/mail/access < /etc/mail/access For more information on the makemap utility, type man 1M makemap at the HP-UX prompt. Relay local from This option allow Sendmail to relay mail messages when the sender of the mail message is a valid user on that machine. Consider a valid user abc on host 1.
Accept unqualified senders This option allows Sendmail to accept all those MAIL FROM: parameters where the mail address of the sender does not include a domain name. Normally, MAIL FROM: commands in the SMTP session are refused if the connection is a network and the sender address does not include a domain name. Realtime Blackhole List Setting this option, turns ON the rejection of hosts found in the Realtime Blackhole List. The default list is maintained on the server $def_rbl.
Relay mail from You can use this option to facilitate relaying through a user machine. The sender name, which is listed as RELAY in the access map (tagged with From:), can be specified using this option. The domain portion of the mail sender is also checked when the optional argument domain is provided. Delay checks This option delays the anti-spam checks by Sendmail until it issues the SMTP RCPTcommand. Mail from certain addresses that might have been blocked by other anti-spam checks are received.
Domaintable Include a "domain table" which can be used to provide domain name mapping. Use of this should really be limited to your own domains. It may be useful if you change names (for example, your company changes names from oldname.com to newname.com). Send only This option generates a sendmail.cf file without the check_compat ruleset. You can send mail messages, but you cannot receive them. You must set the SENDMAIL_SENDONLY flag in /etc/rc.config.
This section discusses the following topics: • • • • • “Adding Aliases to the Sendmail Alias Database” (page 60) “Verifying Your Sendmail Aliases” (page 64) “Managing Sendmail Aliases with NIS” (page 64) “Rewriting the From Line on Outgoing Mail” (page 65) “Forwarding Your Own Mail with a .forward File” (page 65) NOTE: A non-root user does not have access to the files or databases associated with Sendmail namely: /etc/mail/aliases.*, /etc/mail/sendmail.st, and /etc/mail/sendmail.
Table 2-3 Mailing List Options Option Description user_name Sendmail looks up the aliases database for the local user name unless you put a backslash ( ) before the local user name. To prevent Sendmail from performing unnecessary alias lookups, put backslashes before local user names. For example: local_users: amy, carrie, sandy, tony remote_users: mike, denise mike: mike@chem.tech.
Table 2-3 Mailing List Options (continued) Option Description "| command" Sendmail pipes the message as standard input to the specified command. The double quotes are required to protect the command line from being interpreted by Sendmail. Commands must be listed as full pathnames. If stdout and stderr are not redirected, they are not printed to the terminal, and they disappear. However, if a command returns a nonzero exit status, its output to stderr becomes part of the Sendmail error transcript.
of a mailing list, it looks for an alias of the form owner-mailing_list and sends the error message to the owner. For example, if mike were responsible for maintaining the chess_club mailing list, he could be configured as the owner: chess_club: mike@chem.tech.edu, marie@buffalo, bigvax!amlabs!denise, margaret@hp.com owner-chess_club: mike@chem.tech.edu Any errors that Sendmail encounters while trying to deliver mail to the members of the chess_club mailing list would be reported to mike.
Mail sent to dave at either host sage or host basil bounces between the two systems. Sendmail adds a tracing header line (Received:) with each hop. When 26 tracing header lines have been added, Sendmail recognizes the aliasing loop and aborts the delivery with an error message. Creating a Postmaster Alias RFC 2822 requires that a postmaster alias be defined on every host. The postmaster is the person in charge of handling problems with the mail system on that host.
Modifying your NIS Aliases Database For information about the NIS aliases database, see NIS Administrator's Guide, at the URL http://docs.hp.com/en/netcom.html. Rewriting the From Line on Outgoing Mail HP provides a method that allows the From line on a mail message to be rewritten. This can be useful when a user’s login name does not clearly identify the user to intended mail recipients. For example, mail sent by bkelley (mailname) can be changed to read as Bob_Kelley (maildrop).
A .forward file can contain anything that appears on the right side of an alias definition, including programs and files. (See Table 2-3) The following is an example of a .forward file owned by user alice on host chicago: alice@miami, alice@toronto, alice, mycrew Mail sent to alice@chicago will be delivered to alice’s accounts on hosts miami and toronto, and to her account on local host chicago.
Now you must set up Sendmail. 2. Generate the sendmail.cf.gen file using the gen_cf utility with the virtusertable option, and move this file to /etc/mail/sendmail.cf. For more information on gen_cf, read the section “Modifying the Default Sendmail Configuration File” (page 43). 3. Create the virtual user table in the /etc/mail directory. A sample virtual user table may look like the following: joe@mydomain.com jane@mydomain.com @mydomain.com jschmoe jdoe@othercompany.
Sendmail supports the use of the LDAP protocol to look up addresses. The ldapx class, which is a database, is used to look up items in the LDAP directory service. The Sendmail configuration file contains the syntax required to enable the LDAP protocol to perform address lookups. Enabling Address Lookups Using LDAP When you enable LDAP support, LDAP will look up login names, then return the e-mail address for that user. To enable this, you must modify the sendmail.cf file.
or F{LDAPRoute}/etc/mail/ldap-domain-file where /etc/mail/ldap-domain-file contains the domains. The LDAPDefaultSpec option in the sendmail.cf file sets the default LDAP map specification. You must set this up before defining LDAP maps. The settings are used for all LDAP maps unless they are specified in the individual map specification (K command). By default, it appears in the sendmail.cf file as follows: O LDAPDefaultSpec=-h localhost localhost can be replaced by your LDAP server name.
-k (&(ObjectClass=mailrecipient) (mail=%0)) • -v – LDAP attribute Value that replaces the origin string in the map. In most cases, this is the RFC822 e-mail address.
Any untyped attributes are considered NORMAL attributes. The optional OBJECTCLASS (separated with a |) list contains the objectClass values for which that attribute applies. If the list is provided, the attribute named is used only if the LDAP record being returned is a member of that object class. If these new value attribute TYPEs are used in an AliasFile option setting, they must be within double quotes. This prevents Sendmail from misparsing the colons.
Security By default, Sendmail is a set-user-ID program. You can set it to a set-group-ID program by creating a new user smmsp and by using the submit.cf configuration file. If sendmail is called for initial delivery, you must use the submit.cf file with a fallback of sendmail.cf as configuration file. A Mail Submission Program (MSP) is another instance of Sendmail that is used for initial mail submission. MSP uses the /etc/mail/submit.cf file as the configuration file.
Using the Sendmail Restricted Shell Program Sendmail allows the aliases file or a user’s .forward file to specify programs to be run. These programs are by default invoked through /usr/bin/sh -c. The Sendmail restricted shell (smrsh) program enables you to restrict the programs that can be run through the aliases file or through a .forward file; only programs that are linked to the /var/adm/sm.bin directory can be invoked. To use the smrsh program, complete the following steps: 1.
Table 2-4 Option Values for DontBlameSendmail 74 Option Value Description safe Allows the files only in a safe directory. All files accessed by Sendmail must be safe. AssumeSafeChown Assumes that the chown system call is restricted to root. ClassFileInUnsafeDirPath Allows class files that are in unsafe directories. ErrorHeaderInUnsafeDirPath Allows the file named in the ErrorHeader option to be in an unsafe directory. ForwardFileInGroupWritableDirPath Allows .
Table 2-4 Option Values for DontBlameSendmail (continued) Option Value Description FileDeliveryToHardLink Allows delivery to files that are hard links. FileDeliveryToSymLink Allows delivery to files that are symbolic links. WriteMapToHardLink Allows writes to maps that are hard links. WriteMapToSymLink Allows writes to maps that are symbolic links. WriteStatsToHardLink Allows the status file to be a hard link. WritesStatsToSymLink Allows the status file to be a symbolic link.
host name changes repeatedly. In this case, authorization is via a secret password, which is client dependent. The authentication protocol exchange consists of a series of server challenges (otherwise known as a ready response) and client answers that are specific to the authentication mechanism. The AUTH parameter to the MAIL FROMcommand is set as follows: MAIL FROM: from-addr AUTH=addr-spec The addr-spec contains the identity that submitted the message to the delivery system.
Support for Deliver By SMTP Extension (RFC 2852) The Deliver By SMTP extension is a mechanism by which an SMTP client requests a server to deliver the message within a specified period of time, while transmitting a message to an SMTP server. A client that makes such a request also specifies the message handling that must occur if the message cannot be delivered within the specified time period.
You can disable identd to improve the performance of the system by commenting out this entry. The following sections discuss disabling identd: • • “Disabling identd on the Remote Client” (page 78) “Disabling identd from the Sendmail Server” (page 78) Disabling identd on the Remote Client You must comment out the following line in the/etc/inetd.
True or False. Following is the option in the sendmail.cf file: # O UseTLS=False CERT_DIR Specifies the directory for storing Sendmail certificates. Following is the option in the sendmail.cf file: # CA directory O CACertPath=/etc/mail/certs/ CACERT_PATH CACERT SERVER_CERT and CLIENT_CERT Specifies the path that stores the certificates of all the Certificate Authorities known to the Sendmail server.
the option is enabled or uncommented in the generated sendmail.cf configuration file. To use Sendmail with STARTTLS, you must install the OpenSSL software on your system. The OpenSSL software is available at: http://www.software.hp.com. Cyrus SASL v2 Support The Simple Authentication and Security Layer (SASL) is a generic mechanism that enables protocols to accomplish authentication. Some notable applications that use SASL include Sendmail and Cyrus imapd (Versions 1.6.0 and later).
Configuring Cyrus SASL v2 in Sendmail To configure Cyrus SASL v2 in Sendmail, you must change the default values for the following options in the Sendmail configuration file: C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 ANONYMOUS PLAIN # list of authentication mechanisms O AuthMechanisms=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5 ANONYMOUS PLAIN # Authentication realm #O AuthRealm # default authentication information for outgoing connections O DefaultAuthInfo=/etc/mail/default-auth-info Configuring Send
The following sections discuss the anti-spamming features in detail. Message Quarantining Starting with Sendmail, you can quarantine mail messages (envelopes). Queue files or envelopes are stored but not considered for delivery or display unless the “quarantine” state of the envelope is undone, or delivery or display of the quarantined items is requested.
programs to access mail messages as they are being processed, in order to filter meta information and content. Milter is declared in the configuration file as: Xname {, field=value}* Where name is the name of the filter (used internally only) and the field=value pairs define attributes of the filter. Enhanced DNS Black Hole List Option The enhanced DNS Black Hole List (EDNSBL) option is an enhanced version of the dnsbl feature. The dnsbl feature rejects mail from hosts in a DNS-based rejection list.
Running the gen_cf Script Follow these steps to run the gen_cf script: 1. 2. Log in as root. Go to the directory that contains the script: cd /usr/newconfig/etc/mail/cf/cf/gen_cf 3. 4. Run gen_cf. A list of options is displayed. Select the appropriate option. A message is displayed to inform you when the file is successfully built. Using the Access Database to Allow or Reject Mail Messages You can control the flow of mail messages coming in from certain domains.
Table 2-5 Access Database Format (continued) Value Description ### "any text" Where ### is an RFC 821-compliant error code and “any text" is a message to return for the command. ERROR: ### “any text” Same as stated for ### “any text”, but useful to mark error messages ERROR:D.S.N:### “any text” Same as stated for ### “any text”. D.S.N is an RFC 1893-compliant error code. Creating the Access Database Text File You must edit the Access Database text file manually.
To:friend.domain RELAY Connect:friend.domain OK Connect.from.domain RELAY From:good@another.dom From:another.dom OK REJECT Creating the Database Map After creating the Access Database text file, you must use the /usr/sbin/makemap utility to create the database map. Type the following command to create the database: makemap dbm /etc/mail/access < /etc/mail/access The makemap utility takes /etc/mail/access file as input. It then stores the results back into the /etc/mail/access.db file.
Relay Hosts Only: Relaying from Hosts Only By default, host names that are listed as RELAY in both the Access Database and the class R ($=R) macro can relay messages. When using this feature, specify host names. This feature enables Sendmail to look up individual host names and relay messages to the host. See “Checking Headers” (page 89) for information on using the R class. Relaying Based on MX Records This feature allows relaying based on the MX records of the host portion of an incoming recipient.
Accept Unresolvable Domains This feature enables Sendmail to accept all MAIL FROM: parameters that are not fully qualified, for example, a mail message whose host part of the argument to the MAIL FROM: parameter cannot be located in the host name service, such as DNS. Accept Unqualified Senders This feature allows you to accept all mail where the sender’s mail address does not include a domain name.
Checking Headers With header checking, you can reject mail messages based on the contents of their mail headers. Sendmail provides the syntax for limited header syntax checking. A configuration line of the form: HHeader: $>Ruleset causes the specified ruleset to be invoked on the header when read.
Defining Hosts Allowed to Relay: Class R You can use the $=R macro to define the hosts that are allowed to relay. The default file Sendmail uses to read values for the $=R macro is /etc/mail/relay-domains. Queue Changes This section describes miscellaneous enhancements to the queue option: • The queue option allows multiple -qI, -qR, or -qS queue run limiters. For example, using Sendmail -qRfoo -qRbar will deliver mail to recipients with foo or bar in their address.
NOTE: You can turn off MSA in the sendmail.cf file using the option, no_default_msa in the gen_cf script. For more information, see the no_default_msa option in “Modifying the Default Sendmail Configuration File” (page 43). The XUSR SMTPcommand and the -U (initial user submission) command-line option are deprecated. Mail user agents must use the MSA (Message Submission Agent) for initial user message submission. XUSR may be removed in future releases.
Troubleshooting Sendmail This section describes the following techniques for troubleshooting Sendmail: • • • • • • • • • “Keeping the Aliases Database Up to Date” (page 92) “Verifying Address Resolution and Aliasing” (page 92) “Verifying Message Delivery” (page 93) “Contacting the Sendmail Daemon to Verify Connectivity” (page 94) “Setting Your Domain Name” (page 95) “Attempting to Start Multiple Sendmail Daemons” (page 95) “Configuring and Reading the Sendmail Log” (page 95) “Printing and Reading the Mail
For hosts that resolve to IPC mailers, MX hosts are not reported when using verify mode, because MX records are not collected until delivery is actually attempted.
Sendmail has interfaces to three types of delivery agents. In verbose mode, Sendmail reports its interactions with them as follows: • Mailers that use SMTP to a remote host over a TCP/IP connection (IPC mailers). In verbose mode, Sendmail reports the name of the mailer used, each MX host (if any) to which it tries to connect, and each Internet address it tries for each host. When a connection succeeds, the SMTP transaction is reported in detail. • Mailers that run SMTP (locally) over pipes.
Setting Your Domain Name If Sendmail cannot resolve your domain name, you may see the following warning message in your syslog file: WARNING: local host name name is not qualified; fix $j in config file To resolve this problem, do one of the following: • Uncomment the following line in the /etc/mail/sendmail.cf file by deleting the pound sign (#) at the beginning of the following line: Dj$w.Foo.COM Change Foo.COM to the name of your domain (for example, HP.COM).
For more information on configuring syslogd, see the HP-UX Internet Services Administrator’s Guide at:http://www.docs.hp.com/hpux/netcom/index.html#Internet%20Services. Setting Log Levels You can set the log level with the -oL option on the Sendmail command line or on the OL line in the Sendmail configuration file. At the lowest level, no logging is done. At the highest level, even the most mundane events are recorded. As a convention, log levels 11 and lower are considered useful.
Table 2-7 Sendmail Logging Levels (continued) 12 SMTP outbound connections logged at LOG_INFO. 13 Logs bad user shells, world-writable files and other questionable situations. 14 Connection refusals logged at LOG_INFO. More STARTTLS information logged at LOG_INFO. 15 All incoming and outgoing SMTP commands and their arguments logged at LOG_INFO. 20 Logs attempts to run locked queue files. These are not errors but this level is useful if your queue appears to be clogged.
Other details logged in the syslog file are time delay in delivering the message (delay=), type of mailer used (mailer=), priority of the message, relay machine, and the status of the message. Queued messages and SYSERRs are also logged. Storing Off Old Sendmail Log Files At typical logging levels, every piece of mail passing through Sendmail adds two or three lines to the mail log. A script to manage the growth of the mail log could be run nightly, at midnight, with an entry in root’s crontab file.
The first entry is a message with queue ID h3TA9Bb29701 and a size of 86 bytes. The message arrived in the queue on Wednesday, February 9, at 7:08 a.m. The sender was janet. She sent a message to the recipients ees@vetmed.umd.edu and ebs@surv.ob.com. Sendmail has already attempted to route the message, but the message remains in the queue because its SMTP connection was refused.
Table 2-8 Lines in Queue-Control Files Initial Letter Content of Line B The message body type (either 7bit or 8bitmime). C The controlling user for message delivery. This line always precedes a recipient line (R) that specifies the name of a file or program name. This line contains the user name that Sendmail must run as when it is delivering a message into a file or a program’s stdin. D The name of the data file. There can be only one D line in the queue-control file. E An error address.
Queue Changes The following miscellaneous enhancements have been made to the queue option: • The queue option allows multiple -qI, -qR, or -qS queue run limiters. For example, using Sendmail -qRfoo -qRbar will deliver mail to recipients with foo or bar in their address. • • The map flag -Tx appends x to lookups that return temporary failure. This is similar to -ax flag, which appends x to lookups that return success. The QueueSortOrder option is case sensitive.
M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis T 90 94K 136 138K 0 0 C 90 136 Mailer 0 How to Resolve the Warning Messages To resolve these warning messages, run the following command: # chmod 600 /etc/mail/sendmail.st Now, if you execute the mailstats utility, the warning messages do not appear. The newaliases Utility newaliases rebuilds the database for the mail aliases file.
Impact on Non-Root Users With the change in permission, non-root users cannot access the files and databases associated with Sendmail, and a Permission denied message appears when you run any utility that access the Sendmail files and databases. The following messages appear when you run the praliases and mailstats utilities: $ praliases praliases: /etc/mail/aliases: open: Permission denied $ mailstats mailstats: /etc/mail/sendmail.
Index Symbols E .forward file, 59 /etc/exports, 39 elm Configuration File $HOME/.elm/elmrc file, 18 configuration variables, 19 Boolean, 19 Numeric, 19 String, 19 elm Utility, 18 How elm Works, 18 Errors-To, in sendmail header, 34 /etc/rc.config.d/mailservs file see mailservs file, 38 /etc/rc.config.
mail, 21 mailfile, 21 rmail, 22 mailing list options Sendmail, 60 mailq, 98 mailservs file, 40 mailstats, 101 mailstats Utility impact on non-root users, 103 resolving the warning message, 102 mailx Utility command mode, 20 input mode, 20 system-wide file, 20 tilde escape commands, 20 MaxAliasRecursion, 48 MaxMimeHeaderLength, 48 message components storage, 35 Message Mode, 18 message recipients limiting, 45 Message Structure envelope, 23 Message Submission Agent, 57 message URL http //www.docs.hp.
mailing lists, 60 mailing to programs or files, 26 mailing to remote systems, 42 masquerading, 40 message structure, 23 mtail utility, 95 rewriting from line, 65 routing messages, 24 security options, 72 see also aliases database, 59 site hiding, 40 smrsh program, 73 startup script, 38 troubleshooting, 92 UUCP mailing, 41 validating senders, 87 validation, 91 verbose mode, 93 verifying installation, 41 sendmail logging, 95 sendmail.cf file forwarding non-domain mail, 45 HP-supported changes, 43 sendmail.
