Difference between revisions of "Sendmail"
(New page: == Directory protection error messages appearing in sendmail log == *directory /var/spool/mail must have 1777 protection mean? How can I fix this? In order to update a mailbox in the def...) |
m |
||
Line 18: | Line 18: | ||
:Pierre Ficheux, Lectra Syst�mes | :Pierre Ficheux, Lectra Syst�mes | ||
:pierre@rd.lectra.fr | :pierre@rd.lectra.fr | ||
+ | |||
+ | | ||
+ | |||
+ | == Sendmail delay when starting or restarting daemon == | ||
+ | |||
+ | The pause is most likely a name server lookup that is timing out. Have a look in your maillog (probably /var/log/maillog) and search for lines that look like these two: | ||
+ | |||
+ | Dec 21 18:33:46 keiko sendmail[4547]: | ||
+ | gethostbyaddr() failed for 192.168.0.1 | ||
+ | |||
+ | Dec 21 18:33:47 keiko sendmail[4553]: | ||
+ | starting daemon (8.8.5): SMTP+queueing@00:05:00 | ||
+ | |||
+ | What's happening is sendmail is trying to resolve the IP address of the machine it's running on. Name server calls take a relatively long time to timeout, thus the delay you are experiencing. The quick solution is to add an entry for this IP address into /etc/hosts or into your name server configuration. sendmail starts very quickly after you have done this. | ||
+ | |||
+ | | ||
+ | |||
+ | == Force email alias forwarding without virtusertable or luser relay == | ||
+ | |||
+ | :Subject: sendmail trick, force alias forwarding | ||
+ | :Date: 30 Jul 2003 17:25:50 -0500 | ||
+ | |||
+ | # single email address | ||
+ | # single virtual email address | ||
+ | # all email for a virtual domain | ||
+ | |||
+ | place in the sendmail.cf file... | ||
+ | |||
+ | <nowiki>#forwards *@dom1.com email to a remote mail server</nowiki> | ||
+ | <nowiki></nowiki> | ||
+ | <nowiki>R$*<@dom1.com> $#esmtp $@mail.svr.com $: $1 < @ dom2.com></nowiki> | ||
+ | <nowiki>R$*<@dom1.com.> $#esmtp $@mail.svr.com $: $1 < @ dom2.com></nowiki> | ||
+ | |||
+ | you can also forward only select users including virtual users | ||
+ | |||
+ | <nowiki>Rlisa<@dom1.com> $#esmtp $@mail.svr.com $: derek < @ dom2.com></nowiki> | ||
+ | <nowiki>Rlisa<@dom1.com.> $#esmtp $@mail.svr.com $: derek < @ dom2.com></nowiki> | ||
+ | <nowiki></nowiki> | ||
+ | <nowiki></nowiki> | ||
+ | <nowiki> dom1.com -> domain on current mail server</nowiki> | ||
+ | <nowiki> dom2.com -> domain on remote mail server</nowiki> | ||
+ | <nowiki> mail.svr.com -> hostname of remote mail server</nowiki> | ||
+ | |||
+ | EXAMPLES: | ||
+ | |||
+ | <nowiki># Complex routing is appended here, followed by normal remote routing</nowiki> | ||
+ | <nowiki></nowiki> | ||
+ | <nowiki>Relectro<@valuedgold.com> $#esmtp $@mail.robo.com $: derek < @ clientdomain.com></nowiki> | ||
+ | <nowiki>Relectro<@valuedgold.com.> $#esmtp $@mail.robo.com $: derek < @ clientdomain.com></nowiki> | ||
+ | <nowiki></nowiki> | ||
+ | <nowiki># Complex user routing end here</nowiki> | ||
+ | <nowiki></nowiki> | ||
+ | <nowiki>R$*<@valuedgold.com> $#esmtp $@mail.robo.com $: $1 < @ clientdomain.com></nowiki> | ||
+ | <nowiki>R$*<@valuedgold.com.> $#esmtp $@mail.robo.com $: $1 < @ clientdomain.com></nowiki> | ||
+ | |||
+ | |
Revision as of 13:54, 26 June 2007
Directory protection error messages appearing in sendmail log
- directory /var/spool/mail must have 1777 protection mean? How can I fix this?
In order to update a mailbox in the default UNIX format, it is necessary to create a lock file to prevent the mailer from delivering mail while an update is in progress. Some systems use a directory protection of 775, requiring that all mail handling programs be setgid mail; or of 755, requiring that all mail handling programs be setuid root.
The IMAP toolkit does not run with any special privileges, and we plan to keep it that way. It is antithetical to the concept of a toolkit if users can't write their own programs to use it. Also, we've had enough bad experiences with security bugs while running privileged; the IMAP and POP servers have to be root when not logged in, in order to be able to log themselves in. We don't want to go any deeper down that slippery slope.
Directory protection 1777 is secure enough on most well-managed systems. If you can't trust your users with a 1777 mail spool (petty harassment is about the limit of the abuse exposure), then you have much worse problems then that.
If you absolutely insist upon requiring privileges to create a lock file, external file locking can be done via a setgid mail program named /etc/mlock (this is defined by LOCKPGM in the c-client Makefile). If the toolkit is unable to create a .lock file in the directory by itself, it will try to call mlock to do it. We do not recommend doing this for performance reasons.
A sample mlock program is part of the imap-utils package:
We have tried to make this sample program reasonably secure, but it has not been thoroughly audited.
- Pierre Ficheux, Lectra Syst�mes
- pierre@rd.lectra.fr
Sendmail delay when starting or restarting daemon
The pause is most likely a name server lookup that is timing out. Have a look in your maillog (probably /var/log/maillog) and search for lines that look like these two:
Dec 21 18:33:46 keiko sendmail[4547]: gethostbyaddr() failed for 192.168.0.1
Dec 21 18:33:47 keiko sendmail[4553]: starting daemon (8.8.5): SMTP+queueing@00:05:00
What's happening is sendmail is trying to resolve the IP address of the machine it's running on. Name server calls take a relatively long time to timeout, thus the delay you are experiencing. The quick solution is to add an entry for this IP address into /etc/hosts or into your name server configuration. sendmail starts very quickly after you have done this.
Force email alias forwarding without virtusertable or luser relay
- Subject: sendmail trick, force alias forwarding
- Date: 30 Jul 2003 17:25:50 -0500
- single email address
- single virtual email address
- all email for a virtual domain
place in the sendmail.cf file...
#forwards *@dom1.com email to a remote mail server R$*<@dom1.com> $#esmtp $@mail.svr.com $: $1 < @ dom2.com> R$*<@dom1.com.> $#esmtp $@mail.svr.com $: $1 < @ dom2.com>
you can also forward only select users including virtual users
Rlisa<@dom1.com> $#esmtp $@mail.svr.com $: derek < @ dom2.com> Rlisa<@dom1.com.> $#esmtp $@mail.svr.com $: derek < @ dom2.com> dom1.com -> domain on current mail server dom2.com -> domain on remote mail server mail.svr.com -> hostname of remote mail server
EXAMPLES:
# Complex routing is appended here, followed by normal remote routing Relectro<@valuedgold.com> $#esmtp $@mail.robo.com $: derek < @ clientdomain.com> Relectro<@valuedgold.com.> $#esmtp $@mail.robo.com $: derek < @ clientdomain.com> # Complex user routing end here R$*<@valuedgold.com> $#esmtp $@mail.robo.com $: $1 < @ clientdomain.com> R$*<@valuedgold.com.> $#esmtp $@mail.robo.com $: $1 < @ clientdomain.com>