This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
[Archivist's note: Since Joe Brenner's The Pile has vanished from the Net, I am now hosting a local copy of this excerpt from it. The file was formerly at http://www.grin.net/~mirthles/pile/sendmail.html.
Subject: Re: Sendmail relaying problem From: Boris Lutz <blutz@stud.ee.ethz.ch> Date: Fri, 21 May 1999 10:57:50 +0200 On Thu, May 20, 1999 at 05:58:50PM -0400, Andy Lindeman wrote: > Hello- > I just upgraded from Redhat 5.2 (Sendmail 8.8.x) to 6.0 (8.9.3) and I use > relaying from a client PC "through" the Linux box's Sendmail. The Linux box > connects to the 'net through a PPP connection that is _not_ "always on". > Red Hat used to allow relaying through the sendmail "hacks" I believe, and > they're no longer included, so I turned on relaying by including my domain > in /etc/mail/relay-domains file. > My problem is this: It used to be I could send mail from the client PCs to > the Linux box and the mail would stay in the Sendmail queue until it dials > up. Now, sendmail only accepts mail when the PPP connection is going. When > it's not, Sendmail refuses to accept the mail returning the error "Can not > check MX records for receiving". > How do I fix this? Many thanks. I wrote an answer to a similar problem a few days ago, maybe this will help you. Sendmail is powerful but a real pain if you want to configure it the first time, however as soon as you get used to this mc files it's not that bad as it looks :-) I had a similar problem after upgrading. The best thing you can do is to write your own mc file and compile it with m4 and replace the original /etc/sendmail.cf with the generated cf file. This method has the advantage that your sendmail won't be vulnerable to spam attacks (in deferred mode sendmail 8.9.X doesn't do any relay checking) and it will deliver local mail directly. It basically does run sendmail in normal background mode but it knows that any mail delivered by SMTP is expensive and it doesn't make any unnecessary DNS lookups either. If you don't want sendmail to deliver queued mail automatically change /etc/sysconfig/sendmail and put sendmail -q in your /etc/ppp/ip-up.local file. This is my mc file maybe you need to make some minor changes. Have a look at: http://www.sendmail.org/m4/readme.html include(`../m4/cf.m4')dnl OSTYPE(`linux')dnl define(`confCW_FILE', ` /etc/mail/sendmail.cw')dnl define(`confEBINDIR', `/usr/sbin/smrsh')dnl define(`ALIAS_FILE',`/etc/mail/aliases')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`SMART_HOST',`put_your_isp_mailserver_here')dnl define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')dnl define(`confDELIVERY_MODE', `background')dnl define(`confCON_EXPENSIVE', `True')dnl define(`SMTP_MAILER_FLAGS', `e')dnl define(`confDEF_USER_ID',``8:12'')dnl undefine(`UUCP_RELAY')dnl undefine(`BITNET_RELAY')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(local_procmail)dnl FEATURE(smrsh)dnl FEATURE(access_db, `hash -o /etc/mail/access')dnl FEATURE(blacklist_recipients)dnl FEATURE(relay_hosts_only)dnl FEATURE(nocanonify)dnl MAILER(procmail)dnl MAILER(smtp)dnl MAILER(local)dnl Make any changes you need to this file and save it as myconfig.mc run: m4 myconfig.mc > sendmail.cf and replace (after making a backup) the old cf file with the new one, restart sendmail and you're set. === Subject: Re: sendmail question wrt "return" field, plus.. shutdown? From: Mark Cohen <markc@necronomicon.net> Date: Sat, 12 Jun 1999 02:41:15 -0700 (PDT) 1. In sendmail there are a couple things you need to do. Make sure you have a sendmail.cw file. Put all the domains that you want sendmail to listen to. ie if you have virtualdomain1.com and virtualdomain2.com they both need to be in sendmail.cw. Also you should have the DM (Domain Masquerading) set to what you want the from to look like. Usually this is something like localhost.virtualdomain.com. You want it to just be virtualdomain.com. Also, you might need a Class M (CM virtualdomain1.com,virtualdomain2.com) You might want to look at the sendmail config readmes on www.sendmail.org for other things you might want to do. ie kdomaintable and virtualusertable. (Both of which are dbm files, read the manuals on this) As for # 2 When you make changes to httpd.conf and sendmail, you just need to either restart the service or kill -HUP it. In the case of httpd, just do a ps waux | grep httpd | grep -v nobody it should return the root process. You just need to kill -HUP it and viola! (Assuming you're running apache 1.3) Or (should you be using RH or Suse) there should be an /etc/rc.d/inet.d/httpd and /etc/rc.d/init.d/sendmail You can usually *(As root) send it a stop and start and that will reload the conf files. Hope this helps... Mark Cohen On Fri, 11 Jun 1999, David Liu wrote: hi folks! again, more questions that i hope someone can help me solve.. PROBLEM #1 i have this problem where no matter how i configure my mail settings in eudora/whatever mail client (and even seemingly pine) i get the following: Date: Fri, 11 Jun 1999 10:40:32 -0700 (PDT) From: David Liu <dyliu@hostdomain.com> To: user@testing.com Subject: from dyliu@virtualdomain.com using pine Message-ID: <Pine.LNX.4.10.9906111040130.437-100000@localhost.notright.com> notice the From: field... even though i had it set in pine (and eudora) to use the return field of dyliu@virtualdomain.com, for some reason i still get dyliu@hostdomain.com. it happens on all of the virtual accounts. what gives? is there something to configure in sendmail.cf? where? this is where localhost.hostdomain.com is the machine that all the virtuals are setup on.. PROBLEM #2 when i make changes to sendmail or httpd.conf (let's say when i add new domains), do i always have to "shutdown -r now" from root? is there some way i can just restart each "service" without the full reboot? how? === Subject: Re: sendmail question wrt "return" field - virtualdomains? From: markus@infoscape.com Date: Mon, 14 Jun 1999 11:47:33 -0700 --pgp-sign-Multipart_Mon_Jun_14_11:47:03_1999-1 Content-Type: text/plain; charset=US-ASCII J C Lawrence writes: > When there are other, equivalent tools that will solve his problems > as well if not better, yes. While I'd recommend Exim over Qmail, I have to agree, that Exim (http://www.exim.org) is a very good and easy to administer MTA. I used to be sold on sendmail until I installed Debian which by default gives you Exim. Virtual domains, mailing list, and even more bizarre table-driven filtering rules are very easy configure. I don't know how Exim and sendmail compare security and performance wise, but so far I did not have any reason to return to sendmail. Unless you have very unusual requirements, I would suggest you give Exim a try. === Subject: Re: sendmail vs. other MTAs From: Rick Moen <rick@hugin.imat.com> Date: Mon, 14 Jun 1999 14:13:38 -0700 Quoting kkeller@slip.net (kkeller@slip.net): > Let me say a word on the sendmail vs. other mailers. The > analogy that I'd like to draw is "ditching linux because > it's hard" vs. "ditching sendmail because it's hard". With > linux, yes, it can be difficult, but it's a *far* superior > alternative to, say, Winblows 95/98/NT. OTOH, I'd say that > qmail (and, from what I've read, exim) is at least as good > as sendmail, but easier. Why not at least try it? Getting conversant with an MTA is always a bit of a pain. It took me about three days of slogging to get to know Qmail reasonably well, and I grumbled about it, and said rather unflattering things about Dan Bernstein (some of which I still say). Anything whatsoever that can be done with an MTA can be done with sendmail. I'm not sure whether that is the case with current versions of Exim or Qmail, or not -- but some other MTAs in the past (e.g., smail) have proven to have annoying limits. I'm already not happy with the choices in third-party utilities for Qmail (such as mailing list managers), certain design decisions (such as the non-portability of mail spools, and the fact that little changes like enabling delivery-progress notices requires a source-code patch), not to mention the obnoxious licence and the absurd directory structure (everything in /var/qmail). When I get to know Exim better, no doubt I'll have my discontents there, too. You can expect people to vent such things from time to time: We can hope they'll simmer down to amiable and time-honoured camp-loyalty wars such as vi-vs.-emacs[1] has become. [1] But users of pico and Nedit are clearly Beyond the Pale. (Hi, Deirdre!) === Subject: Re: sendmail vs. other MTAs From: George Bonser <grep@shorelink.com> Date: Mon, 14 Jun 1999 15:07:00 -0700 (PDT) On Mon, 14 Jun 1999, David Welton wrote: > > Anyone tried Postfix yet? Comments? > Actually, I really see no need for any more MTA's. I can not think of any functionality beyond what Exim offers that anyone would need. It supports IPv6, LDAP, etc. Even handles goofy qmail type mailboxes. The config file is in English and EVERYTHING is configurable. Beats qmail with a stick, sendmail with an even bigger stick, and probably about equal to Postfix. Trouble with both Postfix and Qmail are the author's are both rather stubborn and not likely to adopt user suggestions. Exim's maintainer, on the other hand, listens to his user community rather than dictating to it. === Subject: Re: sendmail vs. other MTAs From: Aaron T Porter <atporter@primate.net> Date: Mon, 14 Jun 1999 15:31:07 -0700 (PDT) On Mon, 14 Jun 1999, David Welton wrote: > Anyone tried Postfix yet? Comments? My experiences with postfix are mixed. I run two mail systems for delivery of linux list mail, the primary runs sendmail, and also delivers mail to about 250 local users. The secondary runs postfix and only deals with differed messages. I use the fallbackMXhost option in sendmail to pass off "problem" messages to the postfix box. Postfix has a great queue manager, it will sort messages by host and attempt delivery on a host basis rather than on a message basis (for example if I have 13,000 delayed messages to 50 hosts, postfix will attempt 50 deliveries every queue run, while sendmail will try 13,000). The postfix config files are a heck of a lot easier to understand than either sendmail or qmail (in my opinion), and they like to live in /etc :) The postfix development community is very small, very responsive, and very accessible. That said, postfix died on me. For a short time I was running one server instead of two using postfix. It was a dual p133 with 128mb of ram and was delivering all mail from vger.rutgers.edu to [com,net,org,edu] -- it buckled under the strain. The queue directory got up to a few hundred megs, new messages got priority over older ones, local mail ground to a halt, and network mail started getting multiple hour latencies. I switched back to my previous sendmail/postfix arrangement and load averages were once again below 0.10 on both boxes, sendmail did fine with well behaved addresses and postfix beat the others into submission. I recently attempted to put a sendmail box in as my fallbackMXhost due to hardware problems on my postfix box only to see the load average shoot up to 14, forks failing due to the number of sendmail processes, etc. All that with a queue run time of 4 hours. There is no one true MTA, but if you're willing to learn a few of them and make them work together, you can get a really reliable high traffic mail server. Last time I checked we were moving about 2 gigs of mail a day. === Subject: Re: sendmail vs. other MTAs From: markus@infoscape.com Date: Mon, 14 Jun 1999 15:42:05 -0700 --pgp-sign-Multipart_Mon_Jun_14_15:41:37_1999-1 Content-Type: text/plain; charset=US-ASCII Aaron T Porter writes: > started getting multiple hour latencies. I switched back to my > previous sendmail/postfix arrangement and load averages were once > again below 0.10 on both boxes, sendmail did fine with well > behaved addresses and postfix beat the others into submission. I > recently attempted to put a sendmail box in as my fallbackMXhost > due to hardware problems on my postfix box only to see the load > average shoot up to 14, forks failing due to the number of > sendmail processes, etc. All that with a queue run time of 4 > hours. I have to agree that sendmail misbehaves very badly when it needs to process backlogged messages. At work, I have two Sun machines that share duties for delivery of some automatically generated messages. One day, one of the machines decided to kill its sendmail process (I still don't know, why that happened) and the other machine kept spooling about 200 messages until I noticed. I restarted sendmail and once both machines realized that they could now go ahead and process the backlogged messages, load levels surged way up and random processes (NFS, sendmail, other daemons, ...) kept failing with various out of resource errors (out of tmp space, out of processes, ...). === Subject: Re: sendmail question wrt "return" field - virtualdomains? From: J C Lawrence <claw@varesearch.com> Date: Mon, 14 Jun 1999 17:22:03 -0700 On Mon, 14 Jun 1999 11:47:33 -0700 markus <markus@infoscape.com> wrote: > I don't know how Exim and sendmail compare security and > performance wise, but so far I did not have any reason to return > to sendmail. Exim's queue handling is significantly better than Sendmail's, is variously equivalent to QMail's queue handler, uses a similar monolithic security model to sendmail, and in general (all things are extremely relative when you start talking about MTA's due to edge conditions) performs similarly to Qmail. === Subject: Re: sendmail vs. other MTAs From: J C Lawrence <claw@varesearch.com> Date: Mon, 14 Jun 1999 17:27:59 -0700 On Mon, 14 Jun 1999 15:07:00 -0700 (PDT) George Bonser <grep@shorelink.com> wrote: > Actually, I really see no need for any more MTA's. I can not think > of any functionality beyond what Exim offers that anyone would > need. It supports IPv6, LDAP, etc. Even handles goofy qmail type > mailboxes. The config file is in English and EVERYTHING is > configurable. About the only thing I would call into question is Exim's security model (as versus Postfix's). So far Exim has been eminently secure but the possibility remains. Postfix removes most/much of that possibility thru architectural design in somewhat similar ways to QMail's design, but without the extreme contortions of Qmail. > Trouble with both Postfix and Qmail are the author's are both > rather stubborn and not likely to adopt user suggestions. While I don't comment on Dan, I've found Veitse more than responsive on the postfix lists once clear evidence is presented. > Exim's maintainer, on the other hand, listens to his user > community rather than dictating to it. Philip is a treasure. === Subject: Re: sendmail vs. other MTAs From: J C Lawrence <claw@varesearch.com> Date: Mon, 14 Jun 1999 17:24:08 -0700 On Mon, 14 Jun 1999 14:13:38 -0700 Rick Moen <rick@hugin.imat.com> wrote: > Anything whatsoever that can be done with an MTA can be done with > sendmail. I'm not sure whether that is the case with current > versions of Exim or Qmail, or not -- but some other MTAs in the > past (e.g., smail) have proven to have annoying limits. QMail and Exim both aren't overly happy about driving UUCP mail systems for one. You can do it with Exim (haven't tried with QMail), but it makes it clear that its not native territory. === Subject: Re: sendmail vs. other MTAs From: J C Lawrence <claw@varesearch.com> Date: Mon, 14 Jun 1999 17:31:12 -0700 On Mon, 14 Jun 1999 16:55:42 -0700 (PDT) George Bonser <grep@shorelink.com> wrote: > On Mon, 14 Jun 1999, J C Lawrence wrote: >> I archive the Postfix lists at Kanga.Nu. While I've not rolled >> it out into a production environment, I'm now willing to. >> Impressive piece of code. > Have you discovered anything that would justify removing a working > Exim with it? What I mean is, are there any compelling features > that would make Exim obsolete or inferior in a technical sense? In the general case no. Were I expecting a change in loading conditions, then potentially. Postfix seems to scale under load noticeably better than Exim. Nothing massive, but enough to be very pleased about when you start sustaining larger loads. === Subject: Re: sendmail vs. other MTAs From: George Bonser <grep@shorelink.com> Date: Mon, 14 Jun 1999 17:57:07 -0700 (PDT) On Mon, 14 Jun 1999, J C Lawrence wrote: > In the general case no. Were I expecting a change in loading > conditions, then potentially. Postfix seems to scale under load > noticeably better than Exim. Nothing massive, but enough to be very > pleased about when you start sustaining larger loads. I have noticed that Exim can be a hog under high load. Its default settings allow it to use way too much of the system for my liking. I have had to throttle it down a bit from the default to limit the maximum number of parallel deliveries else I start to run out of system resources. (max files, max processes, memory) Usually setting max queue-runners and deliveries per runner to some sane value works well. === Subject: Re: sendmail vs. other MTAs From: George Bonser <grep@shorelink.com> Date: Mon, 14 Jun 1999 17:50:49 -0700 (PDT) On Mon, 14 Jun 1999, J C Lawrence wrote: > About the only thing I would call into question is Exim's security > model (as versus Postfix's). So far Exim has been eminently secure > but the possibility remains. Postfix removes most/much of that > possibility thru architectural design in somewhat similar ways to > QMail's design, but without the extreme contortions of Qmail. Hmm, I know the version of Exim I have been using instantly changes it UID/GID as soon as it binds to port 25. In other words, it does not run as root. It can even be configured to NEVER become root for any reason (the never_root config option). Another interesting security feature is that it will not trust the suid setting if it is run with a command-line path to a config file that is different than the default compile-time config file. > While I don't comment on Dan, I've found Veitse more than responsive > on the postfix lists once clear evidence is presented. I suppose the difference is where one author says "No, I will never put this in the code" Mr. Hazel tends to say "I will not make this the default behavior but if enough people want it, I will make it an option.". I think the best example was the RBL support. There is a nice config option that will allow you to use the RBL to filter or reject mail BUT there is an option to also IGNORE the RBL for certain hosts or networks. This comes in pretty handy when some spammer gets a network put into the RBL or one of the other RBL workalikes (ORBS comes immediately to mind) but you need to maintain connectivity to a valued customer or vendor on the blacklisted network. You can selectively ignore RBL information for individual hosts or subnets. That came directly out of conversations on the mailing list where admins wanted to be able to use the RBL but they also wanted to be in final control of their email connectivity. I think it was the watching of this unfold in the development that sold me on Exim. I knew that I not only had a program that works well, I also had a responsive development community providing real support with it. > Philip is a treasure. Absolutely! He has even been know to produce custom patches for users with particularly troublesome problems. The best support I have seen from just about any freeware software program. Now if it would only do uucp. As a side note, if anyone really looks at the contributed config files that come with the Exim distribution, you can even see how easy it is to pipe inbound mail through a popular virus checker! This is a real time saver if you have a lot of Microsoft clients on your network. === Subject: Re: sendmail vs. other MTAs From: J C Lawrence <claw@varesearch.com> Date: Mon, 14 Jun 1999 18:18:55 -0700 On Mon, 14 Jun 1999 17:50:49 -0700 (PDT) George Bonser <grep@shorelink.com> wrote: > On Mon, 14 Jun 1999, J C Lawrence wrote: >> About the only thing I would call into question is Exim's >> security model (as versus Postfix's). So far Exim has been >> eminently secure but the possibility remains. Postfix removes >> most/much of that possibility thru architectural design in >> somewhat similar ways to QMail's design, but without the extreme >> contortions of Qmail. > Hmm, I know the version of Exim I have been using instantly > changes it UID/GID as soon as it binds to port 25. In other words, > it does not run as root. It can even be configured to NEVER become > root for any reason (the never_root config option). Another > interesting security feature is that it will not trust the suid > setting if it is run with a command-line path to a config file > that is different than the default compile-time config file. There's a lot more to security for MTA's than just the possibility of root compromises, as Vietse found out very early on when Dan trumpeted the various spool attacks that were possible on the then version of Postfix. Arguing this however is a matter of details and precise implementation -- more than is suitable for this list. === Subject: Re: sendmail vs. other MTAs From: marc_news@merlins.org (Marc MERLIN) Date: 15 Jun 1999 22:24:04 GMT On 14 Jun 1999 18:03:30 -0700, George Bonser <grep@shorelink.com> wrote: >[exim] >Now if it would only do uucp. That's the thing: I use UUCP between my backup MXes and myself, so that even if I'm done for a month, messages don't get bounced, and my machine still gets mail (albeit more slowly) if my MTA dies. Doesn't qmail do UUCP? How about postfix? === Subject: Re: sendmail vs. other MTAs From: George Bonser <grep@shorelink.com> Date: Tue, 15 Jun 1999 16:23:20 -0700 (PDT) On 15 Jun 1999, Marc MERLIN wrote: > On 14 Jun 1999 18:03:30 -0700, George Bonser <grep@shorelink.com> wrote: > >[exim] > >Now if it would only do uucp. > > That's the thing: I use UUCP between my backup MXes and myself, so that even > if I'm done for a month, messages don't get bounced, and my machine still > gets mail (albeit more slowly) if my MTA dies. > > Doesn't qmail do UUCP? How about postfix? Even Exim will do uucp to some extent. You can pipe mail to uux and it has an rmail script. As long as you are using internet style addressing, everything is cool. It will not understand source-routed mail ( site!site!site!site!user) or any !path mail at all, for that matter. It also has no interface to pathalias. I have an interesting setup on the main gateway machine of mine. Exim faces the internet and passes uucp mail to smail. Smail does the pathalias routing to figure out the next hop and sends it on its way. Works OK but I would really like to get a pathalias transport hacked into exim. === Subject: sendmail