1 sun educational services dns and sendmail copyright 2003 sun microsystems, inc. all rights...

1

Sun Educational Services

DNS and Sendmail

Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services

2


AgendaAgenda

• DNS Structure and Configuration

• Sendmail Installation

• Sendmail Configuration

• Troubleshooting

• DNS Structure and Configuration

• Sendmail Installation

• Sendmail Configuration

• Troubleshooting

DNS and Sendmail Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services

3

• Early Internet naming problems

• HOSTS.TXT file maintenance

• Server/network load


• The solution

• Name uniqueness



• Early Internet naming problems




• The solution

• Name uniqueness




1) Domain Name System history

1. Introduction to DNS


4DNS and Sendmail Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services


2) Domain

• Is a collection of names

• Specifies keys for DNS look up

• Is an Inverted tree structure

• Is capable of spannig a large physical area

• Can be broaken into subdomains

• Supports parent/child domain relationships

• Is a collection of names

• Specifies keys for DNS look up

• Is an Inverted tree structure

• Is capable of spannig a large physical area

• Can be broaken into subdomains

• Supports parent/child domain relationships

5DNS and Sendmail



3) DNS Namespace - structure



3) DNS Namespace – structure (cont)

Domain Description

com Commercial organizations

edu Educational organizations

gov Governmental(U.S.) organizations

mil Millitary (U.S.) organizations

net Networking organizations and ISPs

org Non-profit and other organizations

arpa Used for inverse address lookups

ca Country code-based domains

7DNS and Sendmail



4) DNS Namespace – Naming rule

• Fully qualified name of a domain (FQDN)

• Relative domain name (RDN)

• Domain naming rules

• A 255 character limit per FQDN

• A 63 character limit per domain

• Only alphas, numerics, and the dash are permitted

• Naming conventions decided by domain administrator

• in-addr.arpa. domain

• Fully qualified name of a domain (FQDN)

• Relative domain name (RDN)

• Domain naming rules

• A 255 character limit per FQDN

• A 63 character limit per domain

• Only alphas, numerics, and the dash are permitted

• Naming conventions decided by domain administrator

• in-addr.arpa. domain



5) Zone of Authority

• Is the portion of the name space for which a server is authoritive

• Consists of domains and all associated data

• Can be one or more domains

• Is the portion of the name space for which a server is authoritive

• Consists of domains and all associated data

• Can be one or more domains



5) Zone of Authority (cont)Controlling authority

arpaIn-addr

203

234

247

100

com edu org net

sun100

suned

admin

hped

sun200

NIC

admin.edu. domain Pointer

admin

suned

zone

nameless root

10DNS and Sendmail



6) DNS Server Types

• Root Servers

• Primary (master) servers

• Secondary (slave) servers

• Caching-only servers

• Forwarding servers

• Root Servers

• Primary (master) servers

• Secondary (slave) servers

• Caching-only servers

• Forwarding servers

11DNS and Sendmail



Forwarding servers

내부 네트웍

경계선 네트웍

1 2

3 4

5

인터넷

외부 라우터

내부 라우터

내부 클라이언트내부 클라이언트

options { forwarders { 192.168.129.1; 192.168.129.3; };forward olny;

};

BIND 4Forwarders 192.168.129.1; 192. 168.129.3Option forward-only

12DNS and Sendmail



7) Client Resolver

( DNS client name resolution process )

# /etc/resolv.confSearch corp.sun.com eng.sun.com sun.com

/etc/nsswitch.conf

hosts: files dns

13DNS and Sendmail



8) BIND (Berkeley Internet Name Domain)

• Most frequently used DNS implementation

• Available at http://www.isc.org/bind.html

• Available at ftp.isc.org.

• Solaris 7 implements BIND version 8.1.2


• Latest BIND version may not be supported

• Most frequently used DNS implementation

• Available at http://www.isc.org/bind.html

• Available at ftp.isc.org.



• Latest BIND version may not be supported

http://www.isc.org/bind.html

http://www.isc.org/bind.html

14DNS and Sendmail



8) BIND (Berkeley Internet Name Domain)

# ftp ftp.isc.org

ftp> cd /isc/bind/src/cur/bind-8

ftp> binary

ftp> get bind-src.tar.gz

ftp> !

# gzip –dc bind-src.tar.gz | tar xvf –

# make stdlinks

# make clean

# make depend

# make

# make install

# ftp ftp.isc.org

ftp> cd /isc/bind/src/cur/bind-8

ftp> binary

ftp> get bind-src.tar.gz

ftp> !

# gzip –dc bind-src.tar.gz | tar xvf –

# make stdlinks

# make clean

# make depend

# make

# make install

ftp://ftp.isc.org/

ftp://ftp.isc.org/

15


1) Notice When DNS Server Configuration

2. DNS Server Configuration

• Location of names and addresses of root servers

• Information to resolve all domains for which the server is authoritive

• Information to resolve all inverse domains for which the server is authoritive

• Location of servers one level below the domain being served

• Location of names and addresses of root servers

• Information to resolve all domains for which the server is authoritive

• Information to resolve all inverse domains for which the server is authoritive

• Location of servers one level below the domain being served


16DNS and Sendmail



2) BIND Configuration File

options { DIRECTORY "/var/named";};zone "." in { type hint; file “named.root";};zone "lab1.com" in { type master; file "domain-info";};zone “247.234.203.in-addr.arpa" in { type master; file "inverse-domain-info";};zone "0.0.127.in-addr.arpa" in { type master; file "loopback-domain-info";};

# vi /etc/named.conf

/var/named

named.root

domain-info

inverse-domain-info

loopback-domain-info



• options : Name Server 전체 config file 의 default 값 설정 ( 특히 , 기준 디렉토리 )

• server : Remote Name Server 를 가진 환경시 setting

( secondary server 설정시 사용 )

• zone : 하나의 domain 을 운영하는 단위

• options : Name Server 전체 config file 의 default 값 설정 ( 특히 , 기준 디렉토리 )

• server : Remote Name Server 를 가진 환경시 setting

( secondary server 설정시 사용 )

• zone : 하나의 domain 을 운영하는 단위


18

DNS Resource Records

[name] [ ttl ] [class] [type] [data]

[name] : resource record for domain name

[ ttl ] : caching time

[class] : IN

[type] : record type

DNS Resource Records

[name] [ ttl ] [class] [type] [data]

[name] : resource record for domain name

[ ttl ] : caching time

[class] : IN

[type] : record type

DNS and Sendmail




19DNS and Sendmail



A IP address

CNAME

alias of hostname

MX mail exchange server

NS Name Server of each domain

PTR reverse domain ( indicate point of hostname )

SOA host that manage a Domain


[record type ]

20DNS and Sendmail




. 3600000 IN NS A.ROOT-SERVERS.NET.

A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4

;

; formerly NS1.ISI.EDU

;

. 3600000 NS B.ROOT-SERVERS.NET.

B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107

;

; formerly C.PSI.NET

;

. 3600000 NS C.ROOT-SERVERS.NET.

C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12

;

; formerly TERP.UMD.EDU

;

. 3600000 NS D.ROOT-SERVERS.NET.

D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90

/var/named/named.root ftp://ftp.rs.internic.net/domain/named.root

21

; domain-info @ IN SOA sun111.lab1.com. root.lab1.com. ( 20010426 ; Serial 12H ; Refresh 43200 1H ; Retry 3600 1W ; expire 604800 1D ; TTL 86400) IN NS sun111.lab1.com. ; hosts for this domainsun111 IN A 203.234.247.111sun112 IN A 203.234.247.112

; CNAME aliaseswww IN CNAME sun111mail IN CNAME sun111 ; Loopback domainlocalhost IN A 127.0.0.1

; domain-info @ IN SOA sun111.lab1.com. root.lab1.com. ( 20010426 ; Serial 12H ; Refresh 43200 1H ; Retry 3600 1W ; expire 604800 1D ; TTL 86400) IN NS sun111.lab1.com. ; hosts for this domainsun111 IN A 203.234.247.111sun112 IN A 203.234.247.112

; CNAME aliaseswww IN CNAME sun111mail IN CNAME sun111 ; Loopback domainlocalhost IN A 127.0.0.1

DNS and Sendmail



/var/named/domain-info @ IN SOA sun111.lab1.com. root.lab1.com. (

20010426 ; Serial

12H ; Refresh 43200

1H ; Retry 3600

1W ; expire 604800

1D ; TTL 86400

)

IN NS sun111.lab1.com. ; primary server

IN NS sun112.lab1.com. ; slave server

; hosts for this domain

sun111 IN A 203.234.247.111

sun112 IN A 203.234.247.112

; CNAME aliases

www IN CNAME sun111

mail IN CNAME sun111

; Loopback domain

localhost IN A 127.0.0.1

22DNS and Sendmail



/var/named/inverse-domain-info

; inverse-domain-info

@ IN SOA sun111.lab1.com. root.lab1.com. (

20010425 ; Serial

12H ; Refresh 43200

1H ; Retry 3600

1W ; expire 604800

1D ; TTL 86400

)

IN NS sun111.lab1.com. ; primary server

IN NS sun112.lab1.com. ; slave server

;

111 IN PTR sun111.lab1.com.



…….

23DNS and Sendmail



/var/named/loopback-domain-info

DNS Daemon start# /etc/init.d/inetsvc stop# /etc/init.d/inetsvc start

DNS Daemon start# /etc/init.d/inetsvc stop# /etc/init.d/inetsvc start

;loopback-domain-info

@ IN SOA sun111.lab1.com. root.lab1.com. (

200011325 ; Serial

12H ; Refresh 43200

1H ; Retry 3600

1W ; expire 604800

1D ; TTL 86400

)

IN NS sun111.lab1.com.

1 IN PTR localhost.lab1.com.

24DNS and Sendmail




- Client / Server Common file Setup

# vi /etc/nsswitch.conf

hosts: files dns

# vi /etc/nsswitch.conf

hosts: files dns

# vi /etc/resolv.confdomain suned.co.krsearch suned.co.kr sales.suned.co.kr fin.suned.co.krnameserver 203.234.247.1 ; master servernameserver 203.234.247.2 ; slave servernameserver 203.234.247.3 ; slave server

# vi /etc/resolv.confdomain suned.co.krsearch suned.co.kr sales.suned.co.kr fin.suned.co.krnameserver 203.234.247.1 ; master servernameserver 203.234.247.2 ; slave servernameserver 203.234.247.3 ; slave server

25

•Send queries to and display replies from my resource record types

• Query the DNS server of choice

• Debug domain that is not protected by a firewall

•Send queries to and display replies from my resource record types

• Query the DNS server of choice

• Debug domain that is not protected by a firewall

DNS and Sendmail


Sun Educational Services•


DNS Trouble shooting ( nslookup )

26

# nslookupDefault Server: sun111.lab1.comAddress: 203.234.247.1

>sun112.lab1.com.Server: sun111.lab1.comAddress: 203.234.247.111

>set type=ns>lab1.com.…Lab1.com. Nameserver = sun111.lab1.comSun111.lab1.com internet address = 203.234.247.111

# nslookupDefault Server: sun111.lab1.comAddress: 203.234.247.1

>sun112.lab1.com.Server: sun111.lab1.comAddress: 203.234.247.111

>set type=ns>lab1.com.…Lab1.com. Nameserver = sun111.lab1.comSun111.lab1.com internet address = 203.234.247.111

DNS and Sendmail




nslookup (cont)

27

>set type=ptr>203.234.247.111…111.247.234.203.in-addr.arpa name = sun111.lab1.com

>set class=chaos>set type=txt>version.bindVERSION.BIND text = “BIND 8.2.2-p5”

>server xxx.co.kr>ls xxx.co.kr//-- zone file info list……….

>set type=ptr>203.234.247.111…111.247.234.203.in-addr.arpa name = sun111.lab1.com

>set class=chaos>set type=txt>version.bindVERSION.BIND text = “BIND 8.2.2-p5”

>server xxx.co.kr>ls xxx.co.kr//-- zone file info list……….

DNS and Sendmail




nslookup (cont)

cause to security problem

cause to security problem

28DNS and Sendmail



• # pkill –INT in.named

• # pkill –USR1 in.named

• # pkill –USR2 in.named

• # pkill –HUP in.named


BIND Debugging Tools

/var/named/named_dump.db

/var/named/named.runDebug level on

Debug level off

Reread configuration fileCached info retain

29DNS and Sendmail



3) Secondary DNS Server Setupoptions { DIRECTORY "/var/named";};zone "." in { type hint; file “named.root";};zone "lab1.com" in { type slave; file "domain-info"; masters { 203.234.247.200; };};zone “247.234.203.in-addr.arpa" in { type slave; file "inverse-domain-info"; masters { 203.234.247.200; };};zone "0.0.127.in-addr.arpa" in { type master; file "loopback-domain-info";};

( /etc/named.conf )

/var/named

named.root

domain-info

inverse-domain-info

loopback-domain-info

30DNS and Sendmail



• Using BIND configuration file

• Restricting queries

• Preventing unauthorized zone transfers

• Configuring Access Control lists

• Using BIND configuration file

• Restricting queries

• Preventing unauthorized zone transfers

• Configuring Access Control lists

4) DNS Security

31DNS and Sendmail



4) DNS Security (ex)

Restricting All QueriesOptions {

allow-query { 203.234.247.100; 203.234.247.112; };};Restricting Queries for a Specific ZoneZone “lab1.com” in {

type master;file “domain-info” ;allow-query { 203.234.247.0” ; };

};

Restricting All QueriesOptions {

allow-query { 203.234.247.100; 203.234.247.112; };};Restricting Queries for a Specific ZoneZone “lab1.com” in {

type master;file “domain-info” ;allow-query { 203.234.247.0” ; };

};

*** can’t find server name for address --:query refused*** can’t find server name for address --:query refused

32DNS and Sendmail



4) DNS Security(ex)

Preventing Unauthorized Zone TransfersOptions {

allow-transfer { 203.234.247.112; };};Block All Zone TransfersZone “lab1.com” in {

type master;file “domain-info” ;allow-transfer{ none; };

};

Preventing Unauthorized Zone TransfersOptions {

allow-transfer { 203.234.247.112; };};Block All Zone TransfersZone “lab1.com” in {

type master;file “domain-info” ;allow-transfer{ none; };

};

*** Can’t list domain lab1.com : unspecified error*** Can’t list domain lab1.com : unspecified error

33DNS and Sendmail



5) Miscellaneous DNS Topics

• $ORIGIN• $INCLUDE• h2n• DIG • DNS Resource

• O’Relly book• info.bind newgroup• http://www.internic.net.• RFCs

• $ORIGIN• $INCLUDE• h2n• DIG • DNS Resource

• O’Relly book• info.bind newgroup• http://www.internic.net.• RFCs

http://www.internic.net/

http://www.internic.net/

34DNS and Sendmail



6) Q & A

• • • • • • • • • •

35DNS and Sendmail



2. Introduction to Sendmail

Introduction to Electronic Mail

• Supports communication within the local domain and among other, external domains

• Has a history• Standardized by Internet Engineering Task Force ( IETF)

Introduction to Electronic Mail

• Supports communication within the local domain and among other, external domains

• Has a history• Standardized by Internet Engineering Task Force ( IETF)

1) Email Fundamental

36DNS and Sendmail



2. Introduction to Sendmail

Three component of Email

• MUA – the program that acts as the interface between the user and MTA

ex) mail, mailx, mailtool, dtmail, …• MTA – mail messages routing and resolution of mail address

ex) Berkeley sendmail, smail…• MDA – program that impliments a mail delivery protocol

which is responsible for putting email into a user’s local mailbox file. ex) mail.local, SMTP

Three component of Email

• MUA – the program that acts as the interface between the user and MTA

ex) mail, mailx, mailtool, dtmail, …• MTA – mail messages routing and resolution of mail address

ex) Berkeley sendmail, smail…• MDA – program that impliments a mail delivery protocol

which is responsible for putting email into a user’s local mailbox file. ex) mail.local, SMTP


37DNS and Sendmail




Mail Program Interaction

/bin/mailx(MUA)/bin/mailx(MUA)

/usr/lib/sendmail(MTA)/usr/lib/sendmail(MTA)

SMTP(remote MDA)SMTP(remote MDA)/usr/lib/mail.local(local MDA)/usr/lib/mail.local(local MDA)

/usr/lib/mail.local/usr/lib/mail.local

User send message

Message is collected

Message is routed

Message is delivered

User reads message

mailxmaildtmail

sendmailqmailMS-Exchange

38DNS and Sendmail


Concept of Mail Routing



39DNS and Sendmail


Types of Mail Addresses

• Unqualified addressuser01

• Qualified addressuser01@sun100

• Fully qualified [email protected]

• UUCP addressmachinex!machiney!machinez!user01



40DNS and Sendmail




Alias Resolution

41DNS and Sendmail


Using Mail Aliases

• $HOME/.mailrcalias manager [email protected] [email protected] (~1024)

• /etc/mail/aliasesroot: maryfriend: mike, tom, betty, stevesales: [email protected], [email protected]: :include:/home/group/managernobody: /dev/nulluser01: “| /usr/bin/cat | /usr/bin/sed ‘s/A/a/g’ > /file01”



mailto:[email protected]





42DNS and Sendmail


Using Mail Aliases (cont)

$HOME/.forward

\user01/export/home/user01/mail.backup

\user01, “|/usr/bin/vacation user01 || exit 75”/export/home/user01/mail.backup



43DNS and Sendmail


Planning Your Mail System

• Configuring Local Mail only• Configuring Local Mail in Remote Mode



44DNS and Sendmail


• History of sendmail• Definition and feature of sendmail• Security issues with sendmail• Functions of sendmail processing• Changes to sendmail under the Solaris 7 OS• Directory structure for sendmail• Configuration files for sendmail• The stopping and starting of sendmail

• History of sendmail• Definition and feature of sendmail• Security issues with sendmail• Functions of sendmail processing• Changes to sendmail under the Solaris 7 OS• Directory structure for sendmail• Configuration files for sendmail• The stopping and starting of sendmail

3) Sendmail Overview


45DNS and Sendmail



History of sendmail

• Originally written by Eric Allman at University of Caifornia, Berkley• V8.7 and later written in conjunction with Internet Engineering Task Force(IETF)• Sendmail version 8.9.1 is distributed with Solaris7• Sendmail version 8.10.2 is distributed with Solaris8• Sendmail version 8.11.6 is distributed with Solaris9• upgrade to sendmail 8.12.9 (security patch)

History of sendmail

• Originally written by Eric Allman at University of Caifornia, Berkley• V8.7 and later written in conjunction with Internet Engineering Task Force(IETF)• Sendmail version 8.9.1 is distributed with Solaris7• Sendmail version 8.10.2 is distributed with Solaris8• Sendmail version 8.11.6 is distributed with Solaris9• upgrade to sendmail 8.12.9 (security patch)


46DNS and Sendmail



Feature of sendmail of sendmail

• It supports UNIX System V mail, UNIX Version 7 mail, and Internet mail.• It uses existing software for delivery whenever possible.• It can be configured to handle complex environments using configuration files.• Groups can maintain their own mailing lists.• Individual forwarding can be specified without modifying the domain-wide alias file.• Each user can specify a custom mailer to process incoming mail.

Feature of sendmail of sendmail

• It supports UNIX System V mail, UNIX Version 7 mail, and Internet mail.• It uses existing software for delivery whenever possible.• It can be configured to handle complex environments using configuration files.• Groups can maintain their own mailing lists.• Individual forwarding can be specified without modifying the domain-wide alias file.• Each user can specify a custom mailer to process incoming mail.


47DNS and Sendmail



Security Issues With sendmail

• sendmail Version 8.10.2 is more secure than earlier version.• Due to it’s open exchange of arbitrary data, sendmail still has some security drawbacks.• For information about sendmail security and other sendmail topics, refer to:

• Costales, Brian. 1997. Sendmail, Second Edition, O’Reilly.• Sun Microsystem web site:http://www.sun.com•The sendmail web site –> http://www.sendmail.org

Security Issues With sendmail

• sendmail Version 8.10.2 is more secure than earlier version.• Due to it’s open exchange of arbitrary data, sendmail still has some security drawbacks.• For information about sendmail security and other sendmail topics, refer to:

• Costales, Brian. 1997. Sendmail, Second Edition, O’Reilly.• Sun Microsystem web site:http://www.sun.com•The sendmail web site –> http://www.sendmail.org


48DNS and Sendmail



Functions of sendmail Processing

• Argument processing and address parsing• Scanning of the arguments• Processing of the option specifications

• Message collection• Envelope, message header, and message body

• Message delivery• Queue for retransmission• Return to sender

Functions of sendmail Processing

• Argument processing and address parsing• Scanning of the arguments• Processing of the option specifications

• Message collection• Envelope, message header, and message body

• Message delivery• Queue for retransmission• Return to sender


49DNS and Sendmail


Generic SMTP FlowGeneric SMTP Flow


50DNS and Sendmail



Changes to sendmail Under the Solaris 7 OS

• The sendmail program now has its own packages.• SUNWsndmr installs the configuration files.• SUNWsndmu installs the binaries.

• Configuration files are built using the m4 language.• strong anti-spam support is available.• Permissions and the ownership have been changed to increase security.

Changes to sendmail Under the Solaris 7 OS

• The sendmail program now has its own packages.• SUNWsndmr installs the configuration files.• SUNWsndmu installs the binaries.

• Configuration files are built using the m4 language.• strong anti-spam support is available.• Permissions and the ownership have been changed to increase security.


51DNS and Sendmail



Directory Structure for sendmail

• The files and locations of the sendmail hierarchy includes the:

• Hierarchy of /usr/lib/mail directory• Featured files in /usr/lib/mail • Contents of the /etc/mail directory

Directory Structure for sendmail

• The files and locations of the sendmail hierarchy includes the:

• Hierarchy of /usr/lib/mail directory• Featured files in /usr/lib/mail • Contents of the /etc/mail directory


52DNS and Sendmail



/usr/lib/mail/

Function

m4/ General support routines that are important and should not be changed without very careful consideration.

cf/ The configuration files which have .mc a suffixes, and must be run through m4 to become complete. The resulting output should have a .cf suffix.

ostype/ Definitions describing a particular operating system type. These should always be referenced using the OSTYPE macro in the .mc file.

Domain/ Definitions describing a particular domain, referenced using the DOMAIN macro in the .mc file.

Mailer/ Descriptions of mailers. These are referenced using the MAILER macro in the .mc file.

Sh/ Shell files used when building the .cf file from the .mc file in the cf subdirectory.

Feature/ These hold special features that you might want to include. They should be referenced using the FEATURE macro.

53DNS and Sendmail



File/Directory DescriptionREADME Describing the configuration files

cf/main-v7sun.mc Is the main configuration file

cf/Makefile Contains rules for building new configuration files

cf/subsidiary-v7sun.mc Is the configuration file for hosts that NFS-mount /var/mail from another host

domain/generic.m4 Is the generic domain file from Berkeley

domain/solaris-antispam.m4 Is the domain file which contains the changes that make sendmail function like previous Solaris version, except that relaying is disabled completely, sender addresses with no hostname are rejected, and unresolved domains are rejected

domain/solaris-generic.m4 Is the domain file which contains the changes that make sendmail function like previous Solaris versions(default)

54DNS and Sendmail



File/Directory(cont)

Description

ostype/solaris2.m4 Defines local mailer as mail

ostype/solaris.m1.m4 Defines local mailer as mail.local(default)

sh/sheck-permissions Checks permissions of : include: aliases and .forward files and their parent directory path for correct permissions

sh/check-hostname Vefifies that sendmail is able to determine the fully qualified host name

feature Defines specific features for particular hosts ( see README for a full description of the features)

mailer Defines mailers which include local, smtp and uucp

55DNS and Sendmail



/etc/mail DescriptionMail.rc Contains default settings for the mailtool user agent

aliases Contains main-forwarding information

aliases.dir Is the binary form of mail-forwarding information(created by running newaliases

aliases.pag Is the binary form of mail-forwarding information(created by running newaliases

mailx.rc Contains default settings for the mailx user agent

main.cf Sample configuration file for main systems

relay-domains Contains a list of all domains for which relaying is allowed; by default, only the local domain is allowed

sendmail.cf Is the configuration file for mail routing

sendmail.cw Is the optional file that you can create if the number of aliases for the mail host is too long (sendmail 8.11.6 에서 /etc/mail/local-host-names 으로 변경됨 )

56DNS and Sendmail



/etc/mail Descriptionsendmail.hf Is the help file used by the SMTP HELP command

sendmail.pid Lists the Process Identification Number of the listing daemon

Sendmail.st Is the sendmail statistics file; if this file is parent, sendmail logs the amount of traffic through each mailer

sendmailvars Stores macro and class definitions for name space lookup from sendmail.cf

subsidiary.cf Is the sample configuration file for subsidiary systems

aliases.db Is the alias database map, which can be created in three different format, dbm, hash, and btree; the aliases.db map is created using the makemap command.

57DNS and Sendmail



Configuration Files for sendmail( /etc/mail/sendmail.cf)

• sendmail.cf contains most of the sendmail configuration and provides the following functionality.

• It defines the sendmail environment using symbols, classes, options, and parameters• It specifies how sendmail will rewrite addresses• It determines how addresses are to be interpreted• It determines how mail will be routed

Configuration Files for sendmail( /etc/mail/sendmail.cf)

• sendmail.cf contains most of the sendmail configuration and provides the following functionality.

• It defines the sendmail environment using symbols, classes, options, and parameters• It specifies how sendmail will rewrite addresses• It determines how addresses are to be interpreted• It determines how mail will be routed


58DNS and Sendmail



/etc/mail/sendmail.cf (cont)

Contents

• Mail delivery agents – The program used to deliver mail• Macro – Built-in or user-defined variables• Options – Definitions of sendmail behavior• Rule sets – A subroutine of rewrite rules• Rewrite rules – Rules governing the transformaion of address

/etc/mail/sendmail.cf (cont)

Contents

• Mail delivery agents – The program used to deliver mail• Macro – Built-in or user-defined variables• Options – Definitions of sendmail behavior• Rule sets – A subroutine of rewrite rules• Rewrite rules – Rules governing the transformaion of address


59DNS and Sendmail




m4 Preprocessor

60DNS and Sendmail




# cat example.mc

divert (-1)divert (0) dnlVERSIONID(‘@(#)main-v7sun.mc 1.2 (sun) 01/27/98’)OSTYPE(solaris2.ml)dnlDOMAIN(solaris-generic)dnlMAILER(local)dnlMAILER(smtp)dnlFEATURE(relay_entire_domain)dnl

# cat example.mc

divert (-1)divert (0) dnlVERSIONID(‘@(#)main-v7sun.mc 1.2 (sun) 01/27/98’)OSTYPE(solaris2.ml)dnlDOMAIN(solaris-generic)dnlMAILER(local)dnlMAILER(smtp)dnlFEATURE(relay_entire_domain)dnl

m4 Preprocessor(cont)

61DNS and Sendmail




How to build a New Configuration file

1. # cd /usr/lib/mail/cf2. # cp main-v7sun.mc sendmail.mc3. # vi sendmail.mc4. # vi Makefile5. # /usr/ccs/bin/make6. # cp sendmail.cf /etc/mail

How to build a New Configuration file

1. # cd /usr/lib/mail/cf2. # cp main-v7sun.mc sendmail.mc3. # vi sendmail.mc4. # vi Makefile5. # /usr/ccs/bin/make6. # cp sendmail.cf /etc/mail

62DNS and Sendmail



The Stopping and Starting of sendmail

• Automatic startup is performed using the /etc/init.d/sendmail script

• sendmail can be stopped and restarted using /etc/init.d/sendmail stop /etc/init.d/sendmail start

• Manual startup can be performed using the sendmail command lines located within the startup script maintain proper startup values.

The Stopping and Starting of sendmail

• Automatic startup is performed using the /etc/init.d/sendmail script

• sendmail can be stopped and restarted using /etc/init.d/sendmail stop /etc/init.d/sendmail start

• Manual startup can be performed using the sendmail command lines located within the startup script maintain proper startup values.


63DNS and Sendmail



# vi /etc/init.d/sendmailcase "$1" in'start') if [ -f /usr/lib/sendmail -a -f /etc/mail/sendmail.cf ]; then if [ ! -d /var/spool/mqueue ]; then /usr/bin/mkdir -m 0750 /var/spool/mqueue /usr/bin/chown root:bin /var/spool/mqueue fi MODE="-bd" if [ -f /etc/default/sendmail ]; then . /etc/default/sendmail fi …………………….. ;; 'stop') /usr/bin/pkill -x -u 0 sendmail ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0

# vi /etc/init.d/sendmailcase "$1" in'start') if [ -f /usr/lib/sendmail -a -f /etc/mail/sendmail.cf ]; then if [ ! -d /var/spool/mqueue ]; then /usr/bin/mkdir -m 0750 /var/spool/mqueue /usr/bin/chown root:bin /var/spool/mqueue fi MODE="-bd" if [ -f /etc/default/sendmail ]; then . /etc/default/sendmail fi …………………….. ;; 'stop') /usr/bin/pkill -x -u 0 sendmail ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit 0

64DNS and Sendmail



Miscellaneous sendmail Support

• Configuration file version values

• Additional mail service program and files, such as:• /usr/bin directory used for mail services• /usr/lib mail files• Additional files used for mail services

Miscellaneous sendmail Support

• Configuration file version values

• Additional mail service program and files, such as:• /usr/bin directory used for mail services• /usr/lib mail files• Additional files used for mail services


65DNS and Sendmail



/usr/bin Descriptionaliasadm A program to manipulate the NIS+ aliases map

mail A user agent

mailcompat A filter to store mail in SunOS4.1 mailbox format

mailq Link to /usr/lib/sendmail; used to list the mail queue

mailstats A program used to read mail statistics stored in the /etc/mail/sendmail.st file ( if present )

mailx A user agent

mconnect An Interactive connection to sendmail

newaliases An aliases of /usr/lib/sendmail which causes the aliases database to be rebuilt

rmail A link to /usr/bin/mail

vacation A program which allows automatic response to incoming mail messages

66DNS and Sendmail



/usr/lib Descriptionmail.local Mailer that delivers mail to mailboxes

sendmail The routing program, also known as the mail transfer agent

/etc/shells Lists the valid login shells

/usr/sbin/in.comsat Are the mail-notification daemons

/usr/sbin/makemap Builds binary forms of keyed map

/usr/sbin/syslogd Logs error messages used by sendmail

/usr/dt/bin/dtmail Is the CDE mail user agent

/var/mail/user_name Is the location of the user’s incoming mailbox

/var/spool/mqueue Is the location of the outgoing mail queue

$OPENWINHOME/bin/mailtool Is the Open Windows mail user agent

67DNS and Sendmail


2. Introduction to Sendmail3) Sendmail Overview

• Debugging sendmail with mconnect• Using simple Mail Transfer Protocol (SMTP)• Testing the mail configuration• Verifying a user• Expanding an an alias or list• Setting up the postmaster alias• Administrating the mail configuration• Defining SPAM• Detecting masquerading hosts

• Debugging sendmail with mconnect• Using simple Mail Transfer Protocol (SMTP)• Testing the mail configuration• Verifying a user• Expanding an an alias or list• Setting up the postmaster alias• Administrating the mail configuration• Defining SPAM• Detecting masquerading hosts


68DNS and Sendmail



Debugging sendmail With mconnect

• Use mailx –v

• Issue SMTP commands• mconnect• telnet

Debugging sendmail With mconnect

• Use mailx –v

• Issue SMTP commands• mconnect• telnet


69DNS and Sendmail



Simple Mail Transfer Protocol

• Is used to send/receive a message

• Is a simple command set

• Follows a basic handshaking process

Simple Mail Transfer Protocol

• Is used to send/receive a message

• Is a simple command set

• Follows a basic handshaking process


70DNS and Sendmail


3) Sendmail OverviewSome of its command are:

• HELO <hostsname> - Initials a session, and identifies the sending hostname • MAIL FROM: <sender> - Identifies who the mail is from• RCPT TO: <recipient> - Identifies who the mail is to (use multiple ECPT TO:commands)• DATA – Signal the start of the text (which is terminated by a line with a signal dot[.])• QUIT – Ends session• RSET – Resets the session• NOOP – Does nothng• HELP – Displays help text• EXPN <recipient> - Expands the address (for example, taking into account aliases/ forward files)

Some of its command are:

• HELO <hostsname> - Initials a session, and identifies the sending hostname • MAIL FROM: <sender> - Identifies who the mail is from• RCPT TO: <recipient> - Identifies who the mail is to (use multiple ECPT TO:commands)• DATA – Signal the start of the text (which is terminated by a line with a signal dot[.])• QUIT – Ends session• RSET – Resets the session• NOOP – Does nothng• HELP – Displays help text• EXPN <recipient> - Expands the address (for example, taking into account aliases/ forward files)


71DNS and Sendmail




# mconnectconnecting to host localhost (127.0.0.1), port 25connection open220 oss2.ioss.co.kr ESMTP Sendmail 8.10.2+Sun/8.10.2; Thu, 3 Jul 2003 16:44:26 +0900 (KST)helo my.netian.com250 oss2.ioss.co.kr Hello localhost [127.0.0.1], pleased to meet youmail from: [email protected] 2.1.0 [email protected]... Sender okrcpt to: [email protected] 2.1.5 [email protected]... Recipient okdata354 Enter mail, end with "." on a line by itselfhi....how are you? . 250 2.0.0 h637ixb27726 Message accepted for deliveryquit221 2.0.0 oss2.ioss.co.kr closing connection

# mconnectconnecting to host localhost (127.0.0.1), port 25connection open220 oss2.ioss.co.kr ESMTP Sendmail 8.10.2+Sun/8.10.2; Thu, 3 Jul 2003 16:44:26 +0900 (KST)helo my.netian.com250 oss2.ioss.co.kr Hello localhost [127.0.0.1], pleased to meet youmail from: [email protected] 2.1.0 [email protected]... Sender okrcpt to: [email protected] 2.1.5 [email protected]... Recipient okdata354 Enter mail, end with "." on a line by itselfhi....how are you? . 250 2.0.0 h637ixb27726 Message accepted for deliveryquit221 2.0.0 oss2.ioss.co.kr closing connection

72DNS and Sendmail



# /usr/bin/mailx –v [email protected]: hi.... this is test mailplease remove it......EOToss2 / # [email protected]... Connecting to mail2.orgio.net. via esmtp...220 orgio.net ESMTP WBlock.ps 2.27; Mon, 7 Jul 2003 06:44:24 +0900>>> EHLO oss2.test.co.kr250-mail2.orgio.net Hello [211.63.131.242], pleased to meet you250-8bitmime250-size 20480000250 help>>> MAIL From:<[email protected]> SIZE=105250 [email protected]... Sender OK>>> RCPT To:<[email protected]>250 [email protected]... Recipient OK>>> DATA354 Enter mail, end with "." on a line by itself>>> .250 Message accepted for [email protected]... Sent (Message accepted for delivery)Closing connection to mail2.orgio.net.>>> QUIT221 Bye..

# /usr/bin/mailx –v [email protected]: hi.... this is test mailplease remove it......EOToss2 / # [email protected]... Connecting to mail2.orgio.net. via esmtp...220 orgio.net ESMTP WBlock.ps 2.27; Mon, 7 Jul 2003 06:44:24 +0900>>> EHLO oss2.test.co.kr250-mail2.orgio.net Hello [211.63.131.242], pleased to meet you250-8bitmime250-size 20480000250 help>>> MAIL From:<[email protected]> SIZE=105250 [email protected]... Sender OK>>> RCPT To:<[email protected]>250 [email protected]... Recipient OK>>> DATA354 Enter mail, end with "." on a line by itself>>> .250 Message accepted for [email protected]... Sent (Message accepted for delivery)Closing connection to mail2.orgio.net.>>> QUIT221 Bye..



73DNS and Sendmail




# /usr/lib/sendmail –v [email protected] [email protected]... Connecting to mail6.orgio.net. via esmtp...220 orgio.net ESMTP WBlock.ps 2.27; Mon, 7 Jul 2003 06:50:14 +0900>>> EHLO oss2.test.co.kr250-mail6.orgio.net Hello [211.63.131.242], pleased to meet you250-8bitmime250-size 20480000250 help>>> MAIL From:<[email protected]> SIZE=10250 [email protected]... Sender OK>>> RCPT To:<[email protected]>250 [email protected]... Recipient OK>>> DATA354 Enter mail, end with "." on a line by itself>>> .250 Message accepted for [email protected]... Sent (Message accepted for delivery)Closing connection to mail6.orgio.net.>>> QUIT221 Bye...

# /usr/lib/sendmail –v [email protected] [email protected]... Connecting to mail6.orgio.net. via esmtp...220 orgio.net ESMTP WBlock.ps 2.27; Mon, 7 Jul 2003 06:50:14 +0900>>> EHLO oss2.test.co.kr250-mail6.orgio.net Hello [211.63.131.242], pleased to meet you250-8bitmime250-size 20480000250 help>>> MAIL From:<[email protected]> SIZE=10250 [email protected]... Sender OK>>> RCPT To:<[email protected]>250 [email protected]... Recipient OK>>> DATA354 Enter mail, end with "." on a line by itself>>> .250 Message accepted for [email protected]... Sent (Message accepted for delivery)Closing connection to mail6.orgio.net.>>> QUIT221 Bye...



74DNS and Sendmail



Testing the Mail Configuration

• Run tests after changing the configuration files

• Record common problem

• Gather additional diagnostic information

Testing the Mail Configuration

• Run tests after changing the configuration files

• Record common problem

• Gather additional diagnostic information


75DNS and Sendmail



Addition Diagnostic InformationAddition Diagnostic Information

• Look at the receive lines in the Look at the receive lines in the header of the messageheader of the message. These lines. These lines trade the route the message took as it was relayedtrade the route the message took as it was relayed• Look at the Look at the message from MAILERmessage from MAILER –DAEMON. These typically –DAEMON. These typically report delivery problems.report delivery problems.• Check the system logs in Check the system logs in /var/adm/messages/var/adm/messages and and /var/log/syslog/var/log/syslog for delivery problems.for delivery problems.• Since the sendmail program always records what it is doingSince the sendmail program always records what it is doing in the system log, modify the crontab file to run a shell scriptin the system log, modify the crontab file to run a shell script nightly that searches the log for SYSERR. Message and mailsnightly that searches the log for SYSERR. Message and mails any that it finds to the postmaster.any that it finds to the postmaster.• Use the Use the mailstatsmailstats program to test mail types and determine program to test mail types and determine the number of message coming in and going out.the number of message coming in and going out.

Addition Diagnostic InformationAddition Diagnostic Information

• Look at the receive lines in the Look at the receive lines in the header of the messageheader of the message. These lines. These lines trade the route the message took as it was relayedtrade the route the message took as it was relayed• Look at the Look at the message from MAILERmessage from MAILER –DAEMON. These typically –DAEMON. These typically report delivery problems.report delivery problems.• Check the system logs in Check the system logs in /var/adm/messages/var/adm/messages and and /var/log/syslog/var/log/syslog for delivery problems.for delivery problems.• Since the sendmail program always records what it is doingSince the sendmail program always records what it is doing in the system log, modify the crontab file to run a shell scriptin the system log, modify the crontab file to run a shell script nightly that searches the log for SYSERR. Message and mailsnightly that searches the log for SYSERR. Message and mails any that it finds to the postmaster.any that it finds to the postmaster.• Use the Use the mailstatsmailstats program to test mail types and determine program to test mail types and determine the number of message coming in and going out.the number of message coming in and going out.


76DNS and Sendmail




Verifying a User# mconnect oss1connecting to host oss1 (192.168.0.251), port 25connection open220 oss1.ioss.co.kr ESMTP Sendmail 8.10.2+Sun/8.10.2; Thu, 3 Jul 2003 14:27:57 +0900 (KST)vrfy joosy250 2.1.5 <[email protected]>vrfy hong 550 5.1.1 hong... User unknown……………………………………………………….vrfy user01252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)

Verifying a User# mconnect oss1connecting to host oss1 (192.168.0.251), port 25connection open220 oss1.ioss.co.kr ESMTP Sendmail 8.10.2+Sun/8.10.2; Thu, 3 Jul 2003 14:27:57 +0900 (KST)vrfy joosy250 2.1.5 <[email protected]>vrfy hong 550 5.1.1 hong... User unknown……………………………………………………….vrfy user01252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)

# vi /usr/lib/mail/cf/sendmail.mcDOMAIN(`solaris-generic')dnldefine(`confPRIVACY_FLAGS',`noexpn,novrfy')dnlMAILER(`local')dnl


77DNS and Sendmail




Expanding an Alias or List# mconnect oss1expn staff550 5.1.1 olson... User unknownexpn Postmaster250 2.1.5 Super-User [email protected]…………………expn staff502 5.7.0 Sorry, we do not allow this operation

Expanding an Alias or List# mconnect oss1expn staff550 5.1.1 olson... User unknownexpn Postmaster250 2.1.5 Super-User [email protected]…………………expn staff502 5.7.0 Sorry, we do not allow this operation





78DNS and Sendmail


Duties of the postmaster

• Check the mail queues to be sure mail is flowing in and out.• Check any downed systems where mail is backing up. It the system is not needed, delete it from the mail services, or bring the system up to keep mail moving• Fix personal aliases, as required.• administer alias databases as people move in and out of the domain.• Set up temporary forwarding files.• Contacts owners of mailing lists and help them fix mailing list problems.• Go through postmaster mail daily and look for problems, like broken, forwarding files and mail alias loops.• Answer questions outside the company• Truncate log files periodically.

Duties of the postmaster

• Check the mail queues to be sure mail is flowing in and out.• Check any downed systems where mail is backing up. It the system is not needed, delete it from the mail services, or bring the system up to keep mail moving• Fix personal aliases, as required.• administer alias databases as people move in and out of the domain.• Set up temporary forwarding files.• Contacts owners of mailing lists and help them fix mailing list problems.• Go through postmaster mail daily and look for problems, like broken, forwarding files and mail alias loops.• Answer questions outside the company• Truncate log files periodically.


79DNS and Sendmail


Format of Queue file3) Sendmail Overview


80DNS and Sendmail


Code for the qf file


81DNS and Sendmail


Forcing the queue


1. Root login2. # kill sendmail_pid3. # mv /var/spool/mqueue /var/spool/omqueue4. # mkdir /var/spool/mqueue5. # chmod 755 mqueue6. # chown daemon mqueue; chgrp daemon mqueue7. # /usr/lib/sendmail –bd –q1h8. # /usr/lib/sendmail –oQ/var/spool/omqueue –q # /usr/lib/sendmail -Ruser01 # /usr/lib/sendmail -Mnnnn(queue id)1. # rmdir /var/spool/omqueue

1. Root login2. # kill sendmail_pid3. # mv /var/spool/mqueue /var/spool/omqueue4. # mkdir /var/spool/mqueue5. # chmod 755 mqueue6. # chown daemon mqueue; chgrp daemon mqueue7. # /usr/lib/sendmail –bd –q1h8. # /usr/lib/sendmail –oQ/var/spool/omqueue –q # /usr/lib/sendmail -Ruser01 # /usr/lib/sendmail -Mnnnn(queue id)1. # rmdir /var/spool/omqueue

82DNS and Sendmail



/etc/syslog.conf

*.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messagesmail.crit;mail.info;mail.debug /var/log/syslog *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)

*.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messagesmail.crit;mail.info;mail.debug /var/log/syslog *.alert;kern.err;daemon.err operator *.alert root *.emerg * # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)

83

Mailer Statics

• Local delivery agent• SMTP delivery agent• UUCP delivery agent

# touch /etc/mail/sendmail.st# touch /etc/mail/statistics(ver 8.10.x)# /usr/bin/mailstats

Mailer Statics

• Local delivery agent• SMTP delivery agent• UUCP delivery agent

# touch /etc/mail/sendmail.st# touch /etc/mail/statistics(ver 8.10.x)# /usr/bin/mailstats

DNS and Sendmail




Statistics from Thu Jul 3 16:09:08 2003 M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis Mailer 3 9 13K 5 9K 0 0 local 5 2 2639K 9 7920K 3 0 esmtp ============================================================= T 11 2652K 14 7929K 3 0

C 11 14 3

Statistics from Thu Jul 3 16:09:08 2003 M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis Mailer 3 9 13K 5 9K 0 0 local 5 2 2639K 9 7920K 3 0 esmtp ============================================================= T 11 2652K 14 7929K 3 0

C 11 14 3

84DNS and Sendmail




1. Disabling .forward Files# cd /usr/lib/mail/domain# vi solaris-generic.m4define(`confFORWARD_PATH', `’)dnl Build and install a new sendmail.cf

2. Change the .forward File Search Path# cd /usr/lib/mail/domain# vi solaris-generic.m4define(`confFORWARD_PATH', `$z/.forward:/var/forward/$u')dnl Build and install a new sendmail.cf

1. Disabling .forward Files# cd /usr/lib/mail/domain# vi solaris-generic.m4define(`confFORWARD_PATH', `’)dnl Build and install a new sendmail.cf

2. Change the .forward File Search Path# cd /usr/lib/mail/domain# vi solaris-generic.m4define(`confFORWARD_PATH', `$z/.forward:/var/forward/$u')dnl Build and install a new sendmail.cf

.forward File

85DNS and Sendmail



• Defining• Forging a mail header• Deciphering email headers• Using trace tools• Disabling SPAM• Stopping SPAM with sendmail

• Defining• Forging a mail header• Deciphering email headers• Using trace tools• Disabling SPAM• Stopping SPAM with sendmail


SPAM

86DNS and Sendmail


Forging a Mail Header Example

# mconnect hostname or# telnet hostname 25HELO my.forged.hostnameMAIL FROM: [email protected] TO: [email protected]: 09:05:00 Wed 19 Jul 2003SUBJECT: GREAT DEALSTO: friendly spammersFROM: [email protected],I’m selling vacuum cleaners…..want to buy?.quit

Forging a Mail Header Example

# mconnect hostname or# telnet hostname 25HELO my.forged.hostnameMAIL FROM: [email protected] TO: [email protected]: 09:05:00 Wed 19 Jul 2003SUBJECT: GREAT DEALSTO: friendly spammersFROM: [email protected],I’m selling vacuum cleaners…..want to buy?.quit








87DNS and Sendmail



88DNS and Sendmail



89DNS and Sendmail




90DNS and Sendmail




91DNS and Sendmail



Other Trace Tools

• traceroute

• whois

• dig

• nslookup

Other Trace Tools

• traceroute

• whois

• dig

• nslookup


92DNS and Sendmail




Stopping SPAM with sendmail

1. # cd /usr/lib/mail/cf2. # cp main-v7sun.mc sendmail.mc3. # vi sendmail.mc

divert(0)dnlVERSIONID(`@(#)main-v7sun.mc 1.5 (Sun) 09/12/01')OSTYPE(`solaris8')dnldefine(`DATABASE_MAP_TYPE',`dbm')FEATURE(access_db)DOMAIN(`solaris-generic')dnldefine(`confPRIVACY_FLAGS',`noexpn,novrfy')dnlMAILER(`local')dnlMAILER(`smtp')dnl

Stopping SPAM with sendmail

1. # cd /usr/lib/mail/cf2. # cp main-v7sun.mc sendmail.mc3. # vi sendmail.mc

divert(0)dnlVERSIONID(`@(#)main-v7sun.mc 1.5 (Sun) 09/12/01')OSTYPE(`solaris8')dnldefine(`DATABASE_MAP_TYPE',`dbm')FEATURE(access_db)DOMAIN(`solaris-generic')dnldefine(`confPRIVACY_FLAGS',`noexpn,novrfy')dnlMAILER(`local')dnlMAILER(`smtp')dnl

93DNS and Sendmail




Stopping SPAM with sendmail(cont)

4. # /usr/ccs/bin/make5. # cp sendmail.cf /etc/mail6. # vi /etc/mail/access192.168.0 RELAYsun.co.kr [email protected] [email protected] [email protected] 555 We don't accept mail from spam

7. # cd /etc/mail8. # makemap dbm access < access9. /etc/mail/sendmail stop /etc/mail/sendmail start


4. # /usr/ccs/bin/make5. # cp sendmail.cf /etc/mail6. # vi /etc/mail/access192.168.0 RELAYsun.co.kr [email protected] [email protected] [email protected] 555 We don't accept mail from spam

7. # cd /etc/mail8. # makemap dbm access < access9. /etc/mail/sendmail stop /etc/mail/sendmail start

94DNS and Sendmail





Result: (ex1)

>>> MAIL From:<[email protected]> SIZE=57550 5.7.1 <[email protected]>... Access deniedspam... forward: /export/home/spam/.forward.sun100+: World writable directoryspam... forward: /export/home/spam/.forward+: World writable directoryspam... forward: /export/home/spam/.forward.oss1: World writable directoryspam... forward: /export/home/spam/.forward: World writable directory/export/home/spam/dead.letter... Saved message in /export/home/spam/dead.letterClosing connection to sun100.sun.co.kr.>>> QUIT221 2.0.0 sun100.sun.co.kr closing connection


Result: (ex1)

>>> MAIL From:<[email protected]> SIZE=57550 5.7.1 <[email protected]>... Access deniedspam... forward: /export/home/spam/.forward.sun100+: World writable directoryspam... forward: /export/home/spam/.forward+: World writable directoryspam... forward: /export/home/spam/.forward.oss1: World writable directoryspam... forward: /export/home/spam/.forward: World writable directory/export/home/spam/dead.letter... Saved message in /export/home/spam/dead.letterClosing connection to sun100.sun.co.kr.>>> QUIT221 2.0.0 sun100.sun.co.kr closing connection

95DNS and Sendmail





Result: (ex2)

>>> MAIL From:<[email protected]> SIZE=57555 5.0.0 We don't accept mail from spamspam... forward: /export/home/spam /.forward.sun100l+: World writable directoryspam... forward: /export/home/spam /.forward+: World writable directoryspam... forward: /export/home/spam /.forward.sun100: World writable directoryspam... forward: /export/home/spam /.forward: World writable directory/export/home/ spam/dead.letter... Saved message in /export/home/spam/dead.letterClosing connection to mail.marine.co.kr.>>> QUIT221 2.0.0 mail.sun.co.kr closing connection


Result: (ex2)

>>> MAIL From:<[email protected]> SIZE=57555 5.0.0 We don't accept mail from spamspam... forward: /export/home/spam /.forward.sun100l+: World writable directoryspam... forward: /export/home/spam /.forward+: World writable directoryspam... forward: /export/home/spam /.forward.sun100: World writable directoryspam... forward: /export/home/spam /.forward: World writable directory/export/home/ spam/dead.letter... Saved message in /export/home/spam/dead.letterClosing connection to mail.marine.co.kr.>>> QUIT221 2.0.0 mail.sun.co.kr closing connection

96DNS and Sendmail



Hide hostnames

• Hide hostnames• MASQUERADE_AS(host.domain)• MASQUERADE_DOMAIN(otherhost.domain)• FEATURE (masquerade_envelope)• EXPOSED_USER(usernames)

• Enable host masquerading

Hide hostnames

• Hide hostnames• MASQUERADE_AS(host.domain)• MASQUERADE_DOMAIN(otherhost.domain)• FEATURE (masquerade_envelope)• EXPOSED_USER(usernames)

• Enable host masquerading


97DNS and Sendmail



Enabling Host Masquerading

1. # cd /usr/lib/mail/cf2. # cp main-v7sun.mc sendmail.mc3. # vi sendmail.mc…………..MASQUERADE_AS(sa389.edu)dnlFEATURE(masquerade_entire_domain)dnl…………..4. # /usr/ccs/bin/make5. # cp sendmail.cf /etc/mail6. sendmail daemon stop/start

Enabling Host Masquerading

1. # cd /usr/lib/mail/cf2. # cp main-v7sun.mc sendmail.mc3. # vi sendmail.mc…………..MASQUERADE_AS(sa389.edu)dnlFEATURE(masquerade_entire_domain)dnl…………..4. # /usr/ccs/bin/make5. # cp sendmail.cf /etc/mail6. sendmail daemon stop/start


98DNS and Sendmail



4) Q & A

•.Jan 21 17:14:47 Umyun sendmail[782]: g0L8Ek300780: SYSERR(root): config error: mail loops back to me (MX problem?)

• sendmail[13177]:NOQUEUE : low on space (have SMTP-DAEMON needs 101 in /var/spool/mqeue)

• Oct 20 10:22:06 ofphp sendmail[24249]: KAA24249: SYSERR(root): putbody: write error: File too largeOct 20 10:22:06 ofphp sendmail[24249]: KAA24249: Losing qfKAA24249: savemail panicOct 20 10:22:06 ofphp sendmail[24249]: KAA24249: SYSERR

• Aug 27 20:30:40 CFOS sendmail[6238]: f7RBJf706238: collect: premature EOM: Connection reset by h100.137.74.211.seed.net.tw

• Jan 16 01:15:08 ktnet sendmail[2199]: BAA02199: collect: premature EOM: Error 0

1 sun educational services dns and sendmail copyright 2003 sun microsystems, inc. all rights...

Documents

educational servicesdns

enterprise servicesdns

sendmail copyright

domain fqdn relative

domain administrator

rdn domain naming rules

naming conventions

character limit