[TriLUG] Sendmail Config Question

Jaimie Livingston Jaimie.Livingston at HAHT.com
Thu Apr 24 11:11:27 EDT 2003


Thanks Jon,

<snip>
You might want to just treat everything as though it were a virtual domain.
For that to work, you would have to have a secondary name for sending the
foo at haht.com mail into the inside of HAHT.

Something like foo at haht.com ==> foo at exchange.haht.com
               foo.bar at haht.com ==> foo at exchange.haht.com

Then have the MX for the domain exchange.haht.com point to the interior
appliance that is doing your spam filtering.
<snip>

I considered this, but it just seemed wrong at the time. I'll reconsider it.


<snip>
> 1) relay SMTP traffic for approved domains in relay-domains
>    (relay-domains currently includes haht.com, as well as the
>    other approved domains)

This is a no-brainer.  Put these domains in your /etc/mail/access file with
keyword RELAY.
<snip>

I should have said virtual-hosted domains rather than approved domains.
We're already using the access file to relay for some domains, and we use
the relay-domains for the virtual domains we host. 

<snip>
> 2) resolve aliases for a subset of @haht.com addresses 
>    (i.e. jaimiel at haht.com to jlivingston at haht.com)

Why do you care about this (on this server)?  This server is only acting as
a relay to move mail into your other server.  Shouldn't this be done at the
other (exchange) server?

The internal server should be able to handle all your aliasing.
<snip>

Unfortunately, the box in question is not a real SMTP server. It's an
anti-spam appliance that has absolutely no capabilities to resolve aliases. 

<snip>
If not, then your best bet is to treat it like a virtual host (as pointed
out above).  Virtual hosts don't need real accounts on the box.
<snip>

If I were starting from scratch, this is what I would do.
However, this is our production MX. I don't want to break it, nor do I want
to have to rebuild our whole domain structure just to support this one
piss-ant device.


What I really want to know is if there is a way to have this server just
resolve aliases for a subset of all the @haht.com address book, but not
break the way it currently relays @haht.com messages that it cannot resolve.
If the answer is no, then that's that.

Jaimie



-----Original Message-----
From: Jon Carnes [mailto:jonc at nc.rr.com] 
Sent: Wednesday, April 23, 2003 8:15 PM
To: trilug at trilug.org
Subject: Re: [TriLUG] Sendmail Config Question


You might want to just treat everything as though it were a virtual domain.
For that to work, you would have to have a secondary name for sending the
foo at haht.com mail into the inside of HAHT.

Something like foo at haht.com ==> foo at exchange.haht.com
               foo.bar at haht.com ==> foo at exchange.haht.com

Then have the MX for the domain exchange.haht.com point to the interior
appliance that is doing your spam filtering.

The main disadvantage is that you need to define all the users here (and
their various aliases) - of course you have to do that *somewhere* anyway.


On Wed, 2003-04-23 at 18:18, Jaimie Livingston wrote:
> HELO,

cute ;-)

> 
> I need some Sendmail config help, and I am not finding the available 
> docs all that useful, most likely due to inexperience on my part.
> 
> I want to change the configuration of a sendmail server that is the 
> primary MX for haht.com and also provides some virtual hosting for a 
> few other domains. Currently, the server relays mail using the "smart" 
> relay host option in sendmail.cf thru a firewall into another SMTP 
> server. I would like to change the configuration to do the following:
> 
> 1) relay SMTP traffic for approved domains in relay-domains
>    (relay-domains currently includes haht.com, as well as the other 
> approved domains)

This is a no-brainer.  Put these domains in your /etc/mail/access file with
keyword RELAY.

Don't put *any* of them in /etc/mail/local-host-names (unless you want to
process them via the virtusertable).

If you want to by-pass DNS lookups (and using SmartRelay) you can add routes
in the /etc/mail/mailertable.

> 2) resolve aliases for a subset of @haht.com addresses 
>    (i.e. jaimiel at haht.com to jlivingston at haht.com)

Why do you care about this (on this server)?  This server is only acting as
a relay to move mail into your other server.  Shouldn't this be done at the
other (exchange) server?

The internal server should be able to handle all your aliasing.

If not, then your best bet is to treat it like a virtual host (as pointed
out above).  Virtual hosts don't need real accounts on the box.

BTW: you can put real accounts on the box and simply use the /bin/nologin
shell (yah, you know that...)

> 3) relay/forward @haht.com messages to another SMTP server
>    (for anti-virus and anti-spam filtering)

You can use the virtual hosting trick, or setup a route in the mailertable,
or use the smartrelay trick.

> 
> The version of Sendmail being used is 8.12.9.
> 
> The current configuration does #1 and #3, but does not do #2.
> 
> I have experimented a little bit with the aliases file, the 
> virtualuser file, and the Smart relay option in sendmail.cf, but I 
> have not been successful getting all three requirements working.
> 
> #1 seems easy enough.
> #2 only works if I don't relay using the "Smart" relay host option in 
> sendmail.cf. Unfortunately, messages to @haht.com addresses not found 
> in the aliases file bounce.
> 
> #3 works if I relay using the "Smart" relay host option in 
> sendmail.cf, but Sendmail won't resolve aliases for @haht.com 
> addresses using either the aliases file or the virtualusertable.
> 
> I don't want to create user shell accounts on this server.
> 
> Can this be done?
> 
> Thanks in advance.
> 
> Jaimie
> 
> P.S. - While I generally appreciate alternatives (postfix, 
> spamassassin, procmail, or <your_choice_here>), my options in this 
> instance are constrained by outside factors. I have to use Sendmail, I 
> have to use the av/as product that is in place, and I don't have the 
> option to rebuild the system. I would appreciate it if evangelising 
> could be kept to a minimum.

Take care and good Luck - Jon

_______________________________________________
TriLUG mailing list
    http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ:
    http://www.trilug.org/faq/TriLUG-faq.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030424/6bb2ae4f/attachment.html>


More information about the TriLUG mailing list