Re: Sendmail nullclient
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan A. Rickauer Sent: Wednesday, September 07, 2005 8:51 AM To: misc@openbsd.org Subject: Sendmail nullclient Currently, I am struggling with sendmail. I'd like to configure it as nullclient but all m4 files I found online wouldn't work on OpenBSD 3.7. Playing with the one's in /usr/share/sendmail/cf/ didn't succeed. Could someone post me his nullclient m4 file, please? Thanks! Here is what I use in Linux (sendmail 8.12.10): -bash-2.05b$ more sendmail.mc include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`$Id$')dnl OSTYPE(`linux')dnl FEATURE(`nouucp', `reject')dnl FEATURE(`always_add_domain')dnl MASQUERADE_AS(`ceimaine.org')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`mailertable')dnl FEATURE(`access_db')dnl MAILER(`smtp')dnl dnl Turn off ident querying, which is usually wrong and slows things down define(`confTO_IDENT', `0')dnl dnl Since the bastion box never delivers mail to disk or anything that dnl generally requires it to assume a user's identity, we can run it as dnl something other than root, which is very good. dnl define(`confRUN_AS_USER', `mailnull:mailnull')dnl define(`confDEF_USER_ID',``8:12'')dnl define(`confTRUSTED_USER', `smmsp')dnl dnl Sendmail defaults to giving out all kinds of useful (to hackers) dnl information in the greeting message. There are still a number of dnl ways to get Sendmail to give you that information, but this makes dnl it a little harder. define(`confSMTP_LOGIN_MSG', `')dnl dnl This disables all of the commands that would allow an outsider to dnl confirm email addresses, see who root mail is sent to, etc. define(`confPRIVACY_FLAGS', `goaway')dnl dnl Send a copy of bounce messages to the postmaster define(`confCOPY_ERRORS_TO', `postmaster')dnl
Re: Sendmail nullclient
Will H. Backman wrote: Here is what I use in Linux (sendmail 8.12.10): Thanks. But this is not a real nullclient configuration - or at least not what I was expecting. According to various documentations, this should be enough. Unfortunately, it isn't and I am not a sendmail specialist: include(`../m4/cf.m4') define(`__OSTYPE__',`') FEATURE(`nullclient', `myiphere') Stephan
Re: Sendmail nullclient
--On 07 September 2005 15:28 +0200, Stephan A. Rickauer wrote: According to various documentations, this should be enough. Unfortunately, it isn't and I am not a sendmail specialist: include(`../m4/cf.m4') define(`__OSTYPE__',`') FEATURE(`nullclient', `myiphere') /usr/share/sendmail/cf/clientproto.mc edited appropriately works when I try it - if it doesn't work for you, post a description and relevant lines from the system log.
Re: Sendmail nullclient
Ever had a look at http://untroubled.org/nullmailer/ ? -- Technology doesn't secure systems, people do - and they use their minds. -- Richard Forno
Re: Sendmail nullclient
Stuart Henderson wrote: /usr/share/sendmail/cf/clientproto.mc edited appropriately works when I try it - if it doesn't work for you, post a description and relevant lines from the system log. Thanks, I modified a copy of that file according to my needs and did the following: m4 ../m4/cf.m4 null.mc /etc/mail/null.cf After -HUP'ing sendmail and sending a mail locally, I get the following errors: Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaL000188: to=[EMAIL PROTECTED], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30344, relay=130.60.230.185 [130.60.230.185], dsn=5.6.0, stat=Data format error Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaL000188: j87DvvaL022088: DSN: Data format error Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaL022088: to=[EMAIL PROTECTED], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31368, relay=130.60.230.185, dsn=5.5.4, stat=Service unavailable Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaL022088: j87DvvaM022088: return to sender: Service unavailable Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaM022088: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32392, relay=130.60.230.185 [130.60.230.185], dsn=5.5.4, stat=Service unavailable Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaL022088: Losing ./qfj87DvvaL022088: savemail panic Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaL022088: SYSERR(root): savemail: cannot save rejected email anywhere BTW: I _can_ telnet on port 25 of my mail host. Thanks for you help again, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Sendmail nullclient
Joel Dinel wrote: Ever had a look at http://untroubled.org/nullmailer/ ? Nope - thanks. Only knew 'ssmtp' of which the FreeBSD guys have a wonderful documentation for: http://www.freebsd.org/doc/en/books/handbook/outgoing-only.html Don't know what the OpenBSD philosophy is here, but without learning sendmail I am/was not able to simply configure my system as 'send-only' machine... -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Sendmail nullclient
Don't know what the OpenBSD philosophy is here, but without learning sendmail I am/was not able to simply configure my system as 'send-only' machine... Perhaps I'm just smoking crack here, but your machine was pretty much send-only before you started playing with it. What's the difference between your send-only thing and Sendmail listening only to localhost (which it does on OpenBSD by default)? Benny -- Now, that next spring you find in your garage a creature that looks like a cross-bred badger and anaconda. A badgerconda. -- bash.org
Re: Sendmail nullclient
C. Bensend wrote: Perhaps I'm just smoking crack here, but your machine was pretty much send-only before you started playing with it. What's the difference between your send-only thing and Sendmail listening only to localhost (which it does on OpenBSD by default)? I'd like to have mail not being delivered locally, even if generated locally. Everything should go to host xy. -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Sendmail nullclient
Joel Dinel wrote: But yeah, the default sendmail with a simple smarthost setting (DSmachine.whatever.com in sendmail.cf) would have also done the trick. It would keep on delivering local mail, which is nice (think all of the weekly/daily reports). I'd like to have it the other way around: Mail should not be accepted at all from remote and locally generated mail (reports etc.) should go to smart host. Seems to be so easy ... any ideas? -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Sendmail nullclient
Stephan A. Rickauer wrote: Joel Dinel wrote: But yeah, the default sendmail with a simple smarthost setting (DSmachine.whatever.com in sendmail.cf) would have also done the trick. It would keep on delivering local mail, which is nice (think all of the weekly/daily reports). I'd like to have it the other way around: Mail should not be accepted at all from remote and locally generated mail (reports etc.) should go to smart host. Seems to be so easy ... any ideas? Sure, edit the following file (or copy it under a new name) : /usr/share/sendmail/cf/submit.mc Then change the following line : FEATURE(`msp', `[127.0.0.1]')dnl to FEATURE(`msp', `[your.mailserver.com]')dnl Then add : sendmail_flags=NO to rc.conf.local This way, every messages will be sent to your.mailserver.com and the sendmail daemon will not need to be started. Regards, Antoine
Re: Sendmail nullclient
On Wed, Sep 07, 2005, Stephan A. Rickauer wrote: Sep 7 15:57:57 gimli.lan.ini.unizh.ch sm-mta[22088]: j87DvvaL000188: to=[EMAIL PROTECTED], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30344, relay=130.60.230.185 [130.60.230.185], dsn=5.6.0, stat=Data format error Most likely the other system rejected the mail because the sender address doesn't resolve. Check: - the logfile of 130.60.230.185 - the files Qfj87DvvaL022088 dfj87DvvaL022088 in the mail queue
Re: Sendmail nullclient
At 05:13 PM 9/7/2005 +0200, Stephan A. Rickauer wrote: C. Bensend wrote: Perhaps I'm just smoking crack here, but your machine was pretty much send-only before you started playing with it. What's the difference between your send-only thing and Sendmail listening only to localhost (which it does on OpenBSD by default)? I'd like to have mail not being delivered locally, even if generated locally. Everything should go to host xy. Mail is normally delivered to the recipient specified by the TO:. A normal OBSD box will deliver according to that email address as well as the aliases you set in /etc/mail/aliases. Any mail to a local user will deliver to that user, . . if you don't send mail to local users, you won't receive any on the box. If you set the root alias to [EMAIL PROTECTED], there should be NO email TO any user on the box (since you don't have it defined as a MTA for any domain, right?). Your question really doesn't make sense, .. or, perhaps the simplest solution is to disable sendmail? Lee
Re: Sendmail nullclient
Antoine Jacoutot wrote: Stephan A. Rickauer wrote: Seems to be so easy ... any ideas? Sure, edit the following file (or copy it under a new name) : /usr/share/sendmail/cf/submit.mc Great, that's a big step. The remaining problem is I don't know how to configure it in a way the hostname of my BSD box does not show up in the from address. Right now, mail is send from [EMAIL PROTECTED]. I tried putting a line into 'genericstable' but that wouldn't work. 'MASQUERADE_AS...' does not help either. Thanks a lot. -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Sendmail nullclient
At 06:03 PM 9/7/2005 +0200, Stephan A. Rickauer wrote: Great, that's a big step. The remaining problem is I don't know how to configure it in a way the hostname of my BSD box does not show up in the from address. Right now, mail is send from [EMAIL PROTECTED]. /etc/myname Lee
Re: Sendmail nullclient
Antoine Jacoutot wrote: This way, every messages will be sent to your.mailserver.com and the sendmail daemon will not need to be started. Even if it is obvious, I forgot to say you'll have to regenerate your submit.cf file and move it over /etc/mail. Regards, Antoine
Re: Sendmail nullclient [SOLVED]
Antoine Jacoutot wrote: Even if it is obvious, I forgot to say you'll have to regenerate your submit.cf file and move it over /etc/mail. Er ... ja, did that ;) Finally I was also able to fix my last problem by using FEATURE(masquerade_envelope)dnl, otherwise my postfix server would refuse the delivered mails. Thanks a lot for the help! -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Sendmail nullclient
Stephan A. Rickauer wrote: I tried putting a line into 'genericstable' but that wouldn't work. 'MASQUERADE_AS...' does not help either. MASQUERADE_AS should work if you put it in submit.mc Or, what you could do is to tell your mail server to accept mail to *.yourdomain.com If your server is sendmail, add the following line to /etc/mail/mailertable : .yourdomain.com local: And of course, make sure that /etc/mail/local-host-names references your domain : yourdomain.com Regards, Antoine