Sendmail

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

Directory protection error messages appearing in sendmail log

  • directory /var/spool/mail must have 1777 protection mean? How can I fix this?

In order to update a mailbox in the default UNIX format, it is necessary to create a lock file to prevent the mailer from delivering mail while an update is in progress. Some systems use a directory protection of 775, requiring that all mail handling programs be setgid mail; or of 755, requiring that all mail handling programs be setuid root.

The IMAP toolkit does not run with any special privileges, and we plan to keep it that way. It is antithetical to the concept of a toolkit if users can't write their own programs to use it. Also, we've had enough bad experiences with security bugs while running privileged; the IMAP and POP servers have to be root when not logged in, in order to be able to log themselves in. We don't want to go any deeper down that slippery slope.

Directory protection 1777 is secure enough on most well-managed systems. If you can't trust your users with a 1777 mail spool (petty harassment is about the limit of the abuse exposure), then you have much worse problems then that.

If you absolutely insist upon requiring privileges to create a lock file, external file locking can be done via a setgid mail program named /etc/mlock (this is defined by LOCKPGM in the c-client Makefile). If the toolkit is unable to create a .lock file in the directory by itself, it will try to call mlock to do it. We do not recommend doing this for performance reasons.

A sample mlock program is part of the imap-utils package:

We have tried to make this sample program reasonably secure, but it has not been thoroughly audited.

Pierre Ficheux, Lectra Syst�mes
pierre@rd.lectra.fr

 

Sendmail delay when starting or restarting daemon

The pause is most likely a name server lookup that is timing out. Have a look in your maillog (probably /var/log/maillog) and search for lines that look like these two:

Dec 21 18:33:46 keiko sendmail[4547]: 
gethostbyaddr() failed for 192.168.0.1
Dec 21 18:33:47 keiko sendmail[4553]: 
starting daemon (8.8.5): SMTP+queueing@00:05:00

What's happening is sendmail is trying to resolve the IP address of the machine it's running on. Name server calls take a relatively long time to timeout, thus the delay you are experiencing. The quick solution is to add an entry for this IP address into /etc/hosts or into your name server configuration. sendmail starts very quickly after you have done this.

 

Force email alias forwarding without virtusertable or luser relay

Subject: sendmail trick, force alias forwarding
Date: 30 Jul 2003 17:25:50 -0500
  1. single email address
  2. single virtual email address
  3. all email for a virtual domain

place in the sendmail.cf file...

#forwards *@dom1.com email to a remote mail server

R$*<@dom1.com>  $#esmtp $@mail.svr.com $: $1 < @ dom2.com>
R$*<@dom1.com.> $#esmtp $@mail.svr.com $: $1 < @ dom2.com>

you can also forward only select users including virtual users

Rlisa<@dom1.com>        $#esmtp $@mail.svr.com $: derek < @ dom2.com>
Rlisa<@dom1.com.>       $#esmtp $@mail.svr.com $: derek < @ dom2.com>


          dom1.com -> domain on current mail server
          dom2.com -> domain on remote mail server
          mail.svr.com -> hostname of remote mail server

EXAMPLES:

# Complex routing is appended here, followed by normal remote routing

Relectro<@valuedgold.com>      $#esmtp $@mail.robo.com $: derek < @ clientdomain.com>
Relectro<@valuedgold.com.>     $#esmtp $@mail.robo.com $: derek < @ clientdomain.com>

# Complex user routing end here

R$*<@valuedgold.com>   $#esmtp $@mail.robo.com $: $1 < @ clientdomain.com>
R$*<@valuedgold.com.>  $#esmtp $@mail.robo.com $: $1 < @ clientdomain.com>

 

Modify or Disable DNS lookup in Sendmail

DNS Lookup can slow SMTP connections to sendmail if customers do not have valid functioning PTR records. To speed things up a bit when it is not possible to fix the PTR records you can modify the DNS lookup behavior of Sendmail thanks to the 'ServiceSwitchFile' option. This option is available in versions of Sendmail 8.7 and above.

You can invoke a ServiceSwitchFile option to point host lookups to a file by doing one of the following:

O ServiceSwitchFile=<path> <--- .cf file
-OServiceSwitchFile=<path> <--- invoked from cmd line
define(`confSERVICE_SWITCH_FILE', <path> <--- in .mc config file 

Here is a good example that works: Customer Joe uses your SMTP relay and has Internet Service with ABC Inet. You are XYZ mail service. ABC Inet has broken DNS, they don't bother with PTR records for their customers. Joe complains that sending mail is slow. So you modify your sendmail.cf file:

O HostsFile=/etc/hosts

And you add a bogus entry in your /etc/hosts for joe. Problem solved.

Reference "ServiceSwitchFile 34.8.61" from "Sendmail" by O'Reilly p748