sendmail

This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.

[Archivist's note: Since Joe Brenner's The Pile has vanished from the Net, I am now hosting a local copy of this excerpt from it. The file was formerly at http://www.grin.net/~mirthles/pile/sendmail.html.



Subject: Re: Sendmail relaying problem
From: Boris Lutz <blutz@stud.ee.ethz.ch>
Date: Fri, 21 May 1999 10:57:50 +0200


On Thu, May 20, 1999 at 05:58:50PM -0400, Andy Lindeman wrote:
> Hello-
> I just upgraded from Redhat 5.2 (Sendmail 8.8.x) to 6.0 (8.9.3) and I use
> relaying from a client PC "through" the Linux box's Sendmail. The Linux box
> connects to the 'net through a PPP connection that is _not_ "always on".
> Red Hat used to allow relaying through the sendmail "hacks" I believe, and
> they're no longer included, so I turned on relaying by including my domain
> in /etc/mail/relay-domains file.
> My problem is this: It used to be I could send mail from the client PCs to
> the Linux box and the mail would stay in the Sendmail queue until it dials
> up. Now, sendmail only accepts mail when the PPP connection is going. When
> it's not, Sendmail refuses to accept the mail returning the error "Can not
> check MX records for receiving".
> How do I fix this? Many thanks.

I wrote an answer to a similar problem a few days ago, maybe this will help
you. Sendmail is powerful but a real pain if you want to configure it
the first time, however as soon as you get used to this mc files it's not
that bad as it looks :-)

I had a similar problem after upgrading. The best thing you can do is to
write your own mc file and compile it with m4 and replace the original
/etc/sendmail.cf with the generated cf file.

This method has the advantage that your sendmail won't be vulnerable to
spam attacks (in deferred mode sendmail 8.9.X doesn't do any relay checking)
and it will deliver local mail directly.
It basically does run sendmail in normal background mode but it knows that
any mail delivered by SMTP is expensive and it doesn't make any
unnecessary DNS lookups either.
If you don't want sendmail to deliver queued mail automatically change
/etc/sysconfig/sendmail and put sendmail -q in your /etc/ppp/ip-up.local
file.

This is my mc file maybe you need to make some minor changes. Have a look
at: http://www.sendmail.org/m4/readme.html

include(`../m4/cf.m4')dnl
OSTYPE(`linux')dnl
define(`confCW_FILE', ` /etc/mail/sendmail.cw')dnl
define(`confEBINDIR', `/usr/sbin/smrsh')dnl
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl

define(`SMART_HOST',`put_your_isp_mailserver_here')dnl
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')dnl
define(`confDELIVERY_MODE', `background')dnl
define(`confCON_EXPENSIVE', `True')dnl
define(`SMTP_MAILER_FLAGS', `e')dnl
define(`confDEF_USER_ID',``8:12'')dnl

undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl

FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(local_procmail)dnl
FEATURE(smrsh)dnl
FEATURE(access_db, `hash -o /etc/mail/access')dnl
FEATURE(blacklist_recipients)dnl
FEATURE(relay_hosts_only)dnl
FEATURE(nocanonify)dnl

MAILER(procmail)dnl
MAILER(smtp)dnl
MAILER(local)dnl


Make any changes you need to this file and save it as myconfig.mc run:
m4 myconfig.mc > sendmail.cf
and replace (after making a backup) the old cf file with the new one,
restart sendmail and you're set.

===

Subject: Re: sendmail question wrt "return" field, plus.. shutdown?
From: Mark Cohen <markc@necronomicon.net>
Date: Sat, 12 Jun 1999 02:41:15 -0700 (PDT)



1. In sendmail there are a couple things you need to do.  Make sure you
have a sendmail.cw file. Put all the domains that you want sendmail to
listen to. ie if you have virtualdomain1.com and virtualdomain2.com they
both need to be in sendmail.cw.  Also you should have the DM (Domain
Masquerading) set to what you want the from to look like. Usually this is
something like localhost.virtualdomain.com. You want it to just be
virtualdomain.com.

Also, you might need a Class M (CM virtualdomain1.com,virtualdomain2.com)

You might want to look at the sendmail config readmes on www.sendmail.org
for other things you might want to do. ie kdomaintable and
virtualusertable. (Both of which are dbm files, read the manuals on this)


As for # 2
When you make changes to httpd.conf and sendmail, you just need to either
restart the service or kill -HUP it. In the case of httpd, just do a ps
waux | grep httpd | grep -v nobody it should return the root process. You
just need to kill -HUP it and viola! (Assuming you're running apache 1.3)
Or (should you be using RH or Suse) there should be an
/etc/rc.d/inet.d/httpd and /etc/rc.d/init.d/sendmail You can usually *(As
root) send it a stop and start and that will reload the conf files.

Hope this helps...

Mark Cohen





On Fri, 11 Jun 1999, David Liu wrote:


hi folks!
again, more questions that i hope someone can help me solve..

PROBLEM #1

i have this problem where no matter how i configure my mail settings in
eudora/whatever mail client (and even seemingly pine) i get the following:

Date: Fri, 11 Jun 1999 10:40:32 -0700 (PDT) 
From: David Liu <dyliu@hostdomain.com> 
To: user@testing.com 
Subject: from dyliu@virtualdomain.com using pine 
Message-ID: <Pine.LNX.4.10.9906111040130.437-100000@localhost.notright.com> 

notice the From: field... even though i had it set in pine (and eudora) to
use the return field of dyliu@virtualdomain.com, for some reason i still
get dyliu@hostdomain.com. it happens on all of the virtual accounts. what
gives? is there something to configure in sendmail.cf? where?

this is where localhost.hostdomain.com is the machine that all the virtuals
are setup on.. 


PROBLEM #2

when i make changes to sendmail or httpd.conf (let's say when i add new
domains), do i always have to "shutdown -r now" from root? is there some
way i can just restart each "service" without the full reboot? how?

===

Subject: Re: sendmail question wrt "return" field - virtualdomains? 
From: markus@infoscape.com
Date: Mon, 14 Jun 1999 11:47:33 -0700


--pgp-sign-Multipart_Mon_Jun_14_11:47:03_1999-1
Content-Type: text/plain; charset=US-ASCII

J C Lawrence writes:
 > When there are other, equivalent tools that will solve his problems
 > as well if not better, yes.  While I'd recommend Exim over Qmail,

I have to agree, that Exim (http://www.exim.org) is a very good and
easy to administer MTA. I used to be sold on sendmail until I
installed Debian which by default gives you Exim. Virtual domains,
mailing list, and even more bizarre table-driven filtering rules are
very easy configure. I don't know how Exim and sendmail compare
security and performance wise, but so far I did not have any reason to
return to sendmail. Unless you have very unusual requirements, I would
suggest you give Exim a try.


===

Subject: Re: sendmail vs. other MTAs
From: Rick Moen <rick@hugin.imat.com>
Date: Mon, 14 Jun 1999 14:13:38 -0700


Quoting kkeller@slip.net (kkeller@slip.net):

> Let me say a word on the sendmail vs. other mailers.  The
> analogy that I'd like to draw is "ditching linux because
> it's hard" vs. "ditching sendmail because it's hard".  With
> linux, yes, it can be difficult, but it's a *far* superior
> alternative to, say, Winblows 95/98/NT.  OTOH, I'd say that
> qmail (and, from what I've read, exim) is at least as good
> as sendmail, but easier.  Why not at least try it?

Getting conversant with an MTA is always a bit of a pain.  It took me
about three days of slogging to get to know Qmail reasonably well, and I
grumbled about it, and said rather unflattering things about Dan
Bernstein (some of which I still say).

Anything whatsoever that can be done with an MTA can be done with
sendmail.  I'm not sure whether that is the case with current 
versions of Exim or Qmail, or not -- but some other MTAs in the
past (e.g., smail) have proven to have annoying limits. 

I'm already not happy with the choices in third-party utilities for
Qmail (such as mailing list managers), certain design decisions (such
as the non-portability of mail spools, and the fact that little changes
like enabling delivery-progress notices requires a source-code patch),
not to mention the obnoxious licence and the absurd directory structure
(everything in /var/qmail).

When I get to know Exim better, no doubt I'll have my discontents there,
too.  You can expect people to vent such things from time to time:  We
can hope they'll simmer down to amiable and time-honoured camp-loyalty 
wars such as vi-vs.-emacs[1] has become.

[1] But users of pico and Nedit are clearly Beyond the Pale.  (Hi, Deirdre!)

===

Subject: Re: sendmail vs. other MTAs
From: George Bonser <grep@shorelink.com>
Date: Mon, 14 Jun 1999 15:07:00 -0700 (PDT)


On Mon, 14 Jun 1999, David Welton wrote:

> 
> Anyone tried Postfix yet?  Comments?
> 


Actually, I really see no need for any more MTA's. I can not think of any
functionality beyond what Exim offers that anyone would need. It supports
IPv6, LDAP, etc. Even handles goofy qmail type mailboxes. The config file
is in English and EVERYTHING is configurable.

Beats qmail with a stick, sendmail with an even bigger stick, and probably
about equal to Postfix. Trouble with both Postfix and Qmail are the
author's are both rather stubborn and not likely to adopt user
suggestions. Exim's maintainer, on the other hand, listens to his user
community rather than dictating to it.

===

Subject: Re: sendmail vs. other MTAs
From: Aaron T Porter <atporter@primate.net>
Date: Mon, 14 Jun 1999 15:31:07 -0700 (PDT)


On Mon, 14 Jun 1999, David Welton wrote:

> Anyone tried Postfix yet?  Comments?

	My experiences with postfix are mixed.  I run two mail systems for
	delivery of linux list mail, the primary runs sendmail, and also
	delivers mail to about 250 local users.  The secondary runs
	postfix and only deals with differed messages.  I use the
	fallbackMXhost option in sendmail to pass off "problem" messages
	to the postfix box.

	Postfix has a great queue manager, it will sort messages by host
	and attempt delivery on a host basis rather than on a message
	basis (for example if I have 13,000 delayed messages to 50 hosts,
	postfix will attempt 50 deliveries every queue run, while sendmail
	will try 13,000).  The postfix config files are a heck of a lot
	easier to understand than either sendmail or qmail (in my
	opinion), and they like to live in /etc :)  The postfix
	development community is very small, very responsive, and very
	accessible.

	That said, postfix died on me.  For a short time I was running one
	server instead of two using postfix.  It was a dual p133 with
	128mb of ram and was delivering all mail from vger.rutgers.edu to
	[com,net,org,edu] -- it buckled under the strain.  The queue
	directory got up to a few hundred megs, new messages got priority
	over older ones, local mail ground to a halt, and network mail
	started getting multiple hour latencies.  I switched back to my
	previous sendmail/postfix arrangement and load averages were once
	again below 0.10 on both boxes, sendmail did fine with well
	behaved addresses and postfix beat the others into submission.  I
	recently attempted to put a sendmail box in as my fallbackMXhost
	due to hardware problems on my postfix box only to see the load
	average shoot up to 14, forks failing due to the number of
	sendmail processes, etc.  All that with a queue run time of 4
	hours.	

	There is no one true MTA, but if you're willing to learn a few of
	them and make them work together, you can get a really reliable
	high traffic mail server.

	Last time I checked we were moving about 2 gigs of mail a day.

===

Subject: Re: sendmail vs. other MTAs
From: markus@infoscape.com
Date: Mon, 14 Jun 1999 15:42:05 -0700


--pgp-sign-Multipart_Mon_Jun_14_15:41:37_1999-1
Content-Type: text/plain; charset=US-ASCII

Aaron T Porter writes:
 > 	started getting multiple hour latencies.  I switched back to my
 > 	previous sendmail/postfix arrangement and load averages were once
 > 	again below 0.10 on both boxes, sendmail did fine with well
 > 	behaved addresses and postfix beat the others into submission.  I
 > 	recently attempted to put a sendmail box in as my fallbackMXhost
 > 	due to hardware problems on my postfix box only to see the load
 > 	average shoot up to 14, forks failing due to the number of
 > 	sendmail processes, etc.  All that with a queue run time of 4
 > 	hours.	

I have to agree that sendmail misbehaves very badly when it needs to
process backlogged messages. At work, I have two Sun machines that
share duties for delivery of some automatically generated
messages. One day, one of the machines decided to kill its sendmail
process (I still don't know, why that happened) and the other machine
kept spooling about 200 messages until I noticed. I restarted sendmail
and once both machines realized that they could now go ahead and
process the backlogged messages, load levels surged way up and random
processes (NFS, sendmail, other daemons, ...) kept failing with
various out of resource errors (out of tmp space, out of processes,
...).

===

Subject: Re: sendmail question wrt "return" field - virtualdomains? 
From: J C Lawrence <claw@varesearch.com>
Date: Mon, 14 Jun 1999 17:22:03 -0700


On Mon, 14 Jun 1999 11:47:33 -0700 
markus  <markus@infoscape.com> wrote:

> I don't know how Exim and sendmail compare security and
> performance wise, but so far I did not have any reason to return
> to sendmail. 

Exim's queue handling is significantly better than Sendmail's, is
variously equivalent to QMail's queue handler, uses a similar
monolithic security model to sendmail, and in general (all things
are extremely relative when you start talking about MTA's due to
edge conditions) performs similarly to Qmail.

===

Subject: Re: sendmail vs. other MTAs 
From: J C Lawrence <claw@varesearch.com>
Date: Mon, 14 Jun 1999 17:27:59 -0700


On Mon, 14 Jun 1999 15:07:00 -0700 (PDT) 
George Bonser <grep@shorelink.com> wrote:

> Actually, I really see no need for any more MTA's. I can not think
> of any functionality beyond what Exim offers that anyone would
> need. It supports IPv6, LDAP, etc. Even handles goofy qmail type
> mailboxes. The config file is in English and EVERYTHING is
> configurable.

About the only thing I would call into question is Exim's security
model (as versus Postfix's).  So far Exim has been eminently secure
but the possibility remains.  Postfix removes most/much of that
possibility thru architectural design in somewhat similar ways to
QMail's design, but without the extreme contortions of Qmail.

> Trouble with both Postfix and Qmail are the author's are both
> rather stubborn and not likely to adopt user suggestions. 

While I don't comment on Dan, I've found Veitse more than responsive
on the postfix lists once clear evidence is presented.

> Exim's maintainer, on the other hand, listens to his user
> community rather than dictating to it.

Philip is a treasure.

===

Subject: Re: sendmail vs. other MTAs 
From: J C Lawrence <claw@varesearch.com>
Date: Mon, 14 Jun 1999 17:24:08 -0700


On Mon, 14 Jun 1999 14:13:38 -0700 
Rick Moen <rick@hugin.imat.com> wrote:

> Anything whatsoever that can be done with an MTA can be done with
> sendmail.  I'm not sure whether that is the case with current
> versions of Exim or Qmail, or not -- but some other MTAs in the
> past (e.g., smail) have proven to have annoying limits.

QMail and Exim both aren't overly happy about driving UUCP mail
systems for one.  You can do it with Exim (haven't tried with
QMail), but it makes it clear that its not native territory.

===

Subject: Re: sendmail vs. other MTAs 
From: J C Lawrence <claw@varesearch.com>
Date: Mon, 14 Jun 1999 17:31:12 -0700


On Mon, 14 Jun 1999 16:55:42 -0700 (PDT) 
George Bonser <grep@shorelink.com> wrote:

> On Mon, 14 Jun 1999, J C Lawrence wrote:

>> I archive the Postfix lists at Kanga.Nu.  While I've not rolled
>> it out into a production environment, I'm now willing to.
>> Impressive piece of code.

> Have you discovered anything that would justify removing a working
> Exim with it? What I mean is, are there any compelling features
> that would make Exim obsolete or inferior in a technical sense?

In the general case no.  Were I expecting a change in loading
conditions, then potentially.  Postfix seems to scale under load
noticeably better than Exim.  Nothing massive, but enough to be very
pleased about when you start sustaining larger loads.

===

Subject: Re: sendmail vs. other MTAs 
From: George Bonser <grep@shorelink.com>
Date: Mon, 14 Jun 1999 17:57:07 -0700 (PDT)


On Mon, 14 Jun 1999, J C Lawrence wrote:

> In the general case no.  Were I expecting a change in loading
> conditions, then potentially.  Postfix seems to scale under load
> noticeably better than Exim.  Nothing massive, but enough to be very
> pleased about when you start sustaining larger loads.

I have noticed that Exim can be a hog under high load. Its default
settings allow it to use way too much of the system for my liking. I have
had to throttle it down a bit from the default to limit the maximum number
of parallel deliveries else I start to run out of system resources. (max
files, max processes, memory)

Usually setting max queue-runners and deliveries per runner to some sane
value works well.


===

Subject: Re: sendmail vs. other MTAs 
From: George Bonser <grep@shorelink.com>
Date: Mon, 14 Jun 1999 17:50:49 -0700 (PDT)


On Mon, 14 Jun 1999, J C Lawrence wrote:

> About the only thing I would call into question is Exim's security
> model (as versus Postfix's).  So far Exim has been eminently secure
> but the possibility remains.  Postfix removes most/much of that
> possibility thru architectural design in somewhat similar ways to
> QMail's design, but without the extreme contortions of Qmail.

Hmm, I know the version of Exim I have been using instantly changes it
UID/GID as soon as it binds to port 25. In other words, it does not run as
root. It can even be configured to NEVER become root for any reason (the
never_root config option). Another interesting security feature is that it
will not trust the suid setting if it is run with a command-line path to a
config file that is different than the default compile-time config file.

> While I don't comment on Dan, I've found Veitse more than responsive
> on the postfix lists once clear evidence is presented.

I suppose the difference is where one author says "No, I will never put
this in the code" Mr. Hazel tends to say "I will not make this the default
behavior but if enough people want it, I will make it an option.".  I
think the best example was the RBL support. There is a nice config option
that will allow you to use the RBL to filter or reject mail BUT there is
an option to also IGNORE the RBL for certain hosts or networks. This comes
in pretty handy when some spammer gets a network put into the RBL or one
of the other RBL workalikes (ORBS comes immediately to mind) but you need
to maintain connectivity to a valued customer or vendor on the blacklisted
network. You can selectively ignore RBL information for individual hosts
or subnets.

That came directly out of conversations on the mailing list where admins
wanted to be able to use the RBL but they also wanted to be in final
control of their email connectivity. I think it was the watching of this
unfold in the development that sold me on Exim. I knew that I not only had
a program that works well, I also had a responsive development community
providing real support with it.

> Philip is a treasure.

Absolutely! He has even been know to produce custom patches for users with
particularly troublesome problems. The best support I have seen from just
about any freeware software program.

Now if it would only do uucp.

As a side note, if anyone really looks at the contributed config files
that come with the Exim distribution, you can even see how easy it is to
pipe inbound mail through a popular virus checker! This is a real
time saver if you have a lot of Microsoft clients on your network.


===

Subject: Re: sendmail vs. other MTAs 
From: J C Lawrence <claw@varesearch.com>
Date: Mon, 14 Jun 1999 18:18:55 -0700


On Mon, 14 Jun 1999 17:50:49 -0700 (PDT) 
George Bonser <grep@shorelink.com> wrote:

> On Mon, 14 Jun 1999, J C Lawrence wrote:

>> About the only thing I would call into question is Exim's
>> security model (as versus Postfix's).  So far Exim has been
>> eminently secure but the possibility remains.  Postfix removes
>> most/much of that possibility thru architectural design in
>> somewhat similar ways to QMail's design, but without the extreme
>> contortions of Qmail.

> Hmm, I know the version of Exim I have been using instantly
> changes it UID/GID as soon as it binds to port 25. In other words,
> it does not run as root. It can even be configured to NEVER become
> root for any reason (the never_root config option). Another
> interesting security feature is that it will not trust the suid
> setting if it is run with a command-line path to a config file
> that is different than the default compile-time config file.

There's a lot more to security for MTA's than just the possibility
of root compromises, as Vietse found out very early on when Dan
trumpeted the various spool attacks that were possible on the then
version of Postfix.  Arguing this however is a matter of details
and precise implementation -- more than is suitable for this list.

===

Subject: Re: sendmail vs. other MTAs
From: marc_news@merlins.org (Marc MERLIN)
Date: 15 Jun 1999 22:24:04 GMT


On 14 Jun 1999 18:03:30 -0700, George Bonser <grep@shorelink.com> wrote:
>[exim]
>Now if it would only do uucp.

That's the thing: I use UUCP between my backup MXes and myself, so that even
if I'm done  for a month, messages  don't get bounced, and  my machine still
gets mail (albeit more slowly) if my MTA dies.

Doesn't qmail do UUCP? How about postfix?

===


Subject: Re: sendmail vs. other MTAs
From: George Bonser <grep@shorelink.com>
Date: Tue, 15 Jun 1999 16:23:20 -0700 (PDT)


On 15 Jun 1999, Marc MERLIN wrote:

> On 14 Jun 1999 18:03:30 -0700, George Bonser <grep@shorelink.com> wrote:
> >[exim]
> >Now if it would only do uucp.
> 
> That's the thing: I use UUCP between my backup MXes and myself, so that even
> if I'm done  for a month, messages  don't get bounced, and  my machine still
> gets mail (albeit more slowly) if my MTA dies.
> 
> Doesn't qmail do UUCP? How about postfix?

Even Exim will do uucp to some extent. You can pipe mail to uux and it has
an rmail script. As long as you are using internet style addressing,
everything is cool. It will not understand source-routed mail (
site!site!site!site!user) or any !path mail at all, for that matter. It
also has no interface to pathalias.

I have an interesting setup on the main gateway machine of mine. Exim
faces the internet and passes uucp mail to smail. Smail does the pathalias
routing to figure out the next hop and sends it on its way.

Works OK but I would really like to get a pathalias transport hacked into
exim.


===

Subject: sendmail