On Wed, Sep 10, 2008 at 6:08 PM, DoOrsOfpErcEpTioN <[EMAIL PROTECTED]>wrote:
> Hi, > > I have pasted below the sendmail.mc file for reference. > > About system users.... well we can have MTA operating with virtual users > too. > > The issue that I am concerned is that user authentication works simply > as the user name and not as entire email address. Or simply... the MTA > (sendmail) doesnt verify if the email address of the sender is the same > as that of the user that logged in. I think I am missing use of some > macros in the sendmail.mc file.. dont know which one or how to use it > and I cannot swtich MTA to postfix as it needs policy decision. :( > > About the access file... well that I guess will only play a role in > filtering. I.e. whether RELAY should be allowed from a particular > user/domain. I guess it doesnt have any role with authentication or > verifying sender address with username. > > Regards, > DoOrsOfpErcEpTiON > > Ps: > Sendmail.mc file --- > > divert(-1)dnl > dnl # > dnl # This is the sendmail macro config file for m4. If you make changes > to > dnl # /etc/mail/sendmail.mc, you will need to regenerate the > dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf > package is > dnl # installed and then performing a > dnl # > dnl # make -C /etc/mail > dnl # > include(`/usr/share/sendmail-cf/m4/cf.m4')dnl > VERSIONID(`setup for Red Hat Linux')dnl > OSTYPE(`linux')dnl > dnl # > dnl # default logging level is 9, you might want to set it higher to > dnl # debug the configuration > dnl # > dnl define(`confLOG_LEVEL', `9')dnl > dnl # > dnl # Uncomment and edit the following line if your outgoing mail needs > to > dnl # be sent out through an external mail server: > dnl # > dnl define(`SMART_HOST',`smtp.your.provider') > dnl # > define(`confDEF_USER_ID',``8:12'')dnl > dnl define(`confAUTO_REBUILD')dnl > define(`confTO_CONNECT', `1m')dnl > define(`confTRY_NULL_MX_LIST',true)dnl > define(`confDONT_PROBE_INTERFACES',true)dnl > define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl > define(`ALIAS_FILE', `/etc/aliases')dnl > define(`STATUS_FILE', `/var/log/mail/statistics')dnl > define(`UUCP_MAILER_MAX', `2000000')dnl > define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl > define(`confPRIVACY_FLAGS', > `authwarnings,novrfy,noexpn,restrictqrun')dnl > define(`confAUTH_OPTIONS', `A')dnl > dnl # > dnl # The following allows relaying if the user authenticates, and > disallows > dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links > dnl # > dnl define(`confAUTH_OPTIONS', `A p y')dnl > dnl # > dnl # PLAIN is the preferred plaintext authentication method and used by > dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs > do > dnl # use LOGIN. Other mechanisms should be used if the connection is > not > dnl # guaranteed secure. > dnl # Please remember that saslauthd needs to be running for AUTH. > dnl # > TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl > define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN > PLAIN')dnl > dnl # > dnl # Rudimentary information on creating certificates for sendmail TLS: > dnl # cd /usr/share/ssl/certs; make sendmail.pem > dnl # Complete usage: > dnl # make -C /usr/share/ssl/certs usage > dnl # > define(`confCACERT_PATH',`/usr/share/ssl/certs') > define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') > define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') > define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') > define(`confCLIENT_CERT',`/usr/share/ssl/certs/sendmail.pem') > define(`confCLIENT_KEY',`/usr/share/ssl/certs/sendmail.pem') > dnl # > dnl # This allows sendmail to use a keyfile that is shared with > OpenLDAP's > dnl # slapd, which requires the file to be readble by group ldap > dnl # > dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl > dnl # > define(`confTO_QUEUERETURN',`3d')dnl > define(`confTO_QUEUEWARN_NORMAL',`4h')dnl > dnl # NOTE: [anup nair 21Aug08] commeting the following lines due to > poor communication between incoming.service.zapak.com and emailDB > servers. > dnl # define(`confTO_QUEUERETURN_NORMAL',`2d')dnl > dnl # define(`confTO_QUEUERETURN_URGENT',`1d')dnl > dnl # define(`confTO_QUEUERETURN_NONURGENT',`1d')dnl > dnl # define(`confTO_QUEUEWARN',`4h')dnl > dnl # define(`confTO_QUEUEWARN_NORMAL',`2h')dnl > dnl # define(`confTO_QUEUEWARN_URGENT',`1h')dnl > dnl # define(`confTO_QUEUEWARN_NONURGENT',`4h')dnl > dnl # -- ^ end of comment ^ -- > dnl define(`confTO_QUEUEWARN', `4h')dnl > dnl define(`confTO_QUEUERETURN', `5d')dnl > dnl define(`confQUEUE_LA', `12')dnl > dnl define(`confREFUSE_LA', `18')dnl > define(`confTO_IDENT', `0')dnl > dnl FEATURE(delay_checks)dnl > FEATURE(`no_default_msa',`dnl')dnl > FEATURE(`smrsh',`/usr/sbin/smrsh')dnl > FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl > FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl > FEATURE(redirect)dnl > FEATURE(always_add_domain)dnl > FEATURE(use_cw_file)dnl > FEATURE(use_ct_file)dnl > dnl # > dnl # The following limits the number of processes sendmail can fork to > accept > dnl # incoming messages or process its message queues to 12.) sendmail > refuses > dnl # to accept connections once it has reached its quota of child > processes. > dnl # > dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl > dnl # > dnl # Limits the number of new connections per second. This caps the > overhead > dnl # incurred due to forking new sendmail processes. May be useful > against > dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP > address > dnl # limit would be useful but is not available as an option at this > writing.) > dnl # > dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl > dnl # > dnl # The -t option will retry delivery if e.g. the user runs over his > quota. > dnl # > FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl > FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl > FEATURE(`blacklist_recipients')dnl > EXPOSED_USER(`root')dnl > dnl # > dnl # The following causes sendmail to only listen on the IPv4 loopback > address > dnl # 127.0.0.1 and not on any other network devices. Remove the > loopback > dnl # address restriction to accept email from the internet or intranet. > dnl # REPLACE 'xx' WITH IP ADDRESS OCTET > DAEMON_OPTIONS(`Port=smtp,Addr=192.168.1.xx, Name=MTA')dnl > DAEMON_OPTIONS(`Port=smtp,Addr=220.227.xx.xx, Name=MTA')dnl > DAEMON_OPTIONS(`Port=smtp,Addr=localhost, Name=MTA')dnl > dnl # > dnl # > dnl # The following causes sendmail to additionally listen to port 587 > for > dnl # mail from MUAs that authenticate. Roaming users who can't reach > their > dnl # preferred sendmail daemon due to port 25 being blocked or > redirected find > dnl # this useful. > dnl # ## -- Anup: added to work in support of port 25. > DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl > dnl # > dnl # The following causes sendmail to additionally listen to port 465, > but > dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 > followed > dnl # by STARTTLS is preferred, but roaming clients using Outlook > Express can't > dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use > STARTTLS > dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses > smtps > dnl # when SSL is enabled-- STARTTLS support is available in version > 1.1.1. > dnl # > dnl # For this to work your OpenSSL certificates must be configured. > dnl # > dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > dnl # > dnl # The following causes sendmail to additionally listen on the IPv6 > loopback > dnl # device. Remove the loopback address restriction listen to the > network. > dnl # > dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl > dnl # > dnl # enable both ipv6 and ipv4 in sendmail: > dnl # > dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, > Family=inet6') > dnl # > dnl # We strongly recommend not accepting unresolvable domains if you > want to > dnl # protect yourself from spam. However, the laptop and users on > computers > dnl # that do not have 24x7 DNS do need this. > dnl # > FEATURE(`accept_unresolvable_domains')dnl > dnl # > dnl FEATURE(`relay_based_on_MX')dnl > dnl # > dnl # Also accept email sent to "localhost.localdomain" as local email. > dnl # > LOCAL_DOMAIN(`mail.zapak-corp.com')dnl > LOCAL_DOMAIN(`mail.crazykart.in')dnl > dnl # > dnl # The following example makes mail from this host and any additional > dnl # specified domains appear to be sent from mydomain.com > dnl # > MASQUERADE_AS(`zapak-corp.com')dnl > dnl # > dnl # masquerade not just the headers, but the envelope as well > dnl # > dnl FEATURE(masquerade_envelope)dnl > dnl # > dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com > as well > dnl # > dnl FEATURE(masquerade_entire_domain)dnl > dnl # > dnl MASQUERADE_DOMAIN(localhost)dnl > dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl > dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl > dnl MASQUERADE_DOMAIN(mydomain.lan)dnl > dnl # Clamav scan option > dnl # define(`_FFR_MILTER')dnl > INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.socket, > T=S:4m;R:4m;E:10m') > define(`confINPUT_MAIL_FILTERS',`clmilter')dnl > MAILER(smtp)dnl > MAILER(procmail)dnl > > ==== xxx ==== > > --- In [email protected] <linuxvadapav%40yahoogroups.com>, > "Viket Trivedi" <[EMAIL PROTECTED]> > wrote: > > > > On Tue, Sep 2, 2008 at 2:19 PM, DoOrsOfpErcEpTioN [EMAIL PROTECTED]: > > > Hi, > > > > The users on sendmail/qmail or any other mailing system will be > unix/linux > > users only. > > The domain name is configured in the sendmail configurations only. so > the > > username will never be [EMAIL PROTECTED] format. > > it will be xyz only. > > Just curious, did you try mentioning user in the access file and > making > > configuratiion again and testing. > > Also as i had asked, can you share sendmail.mc file if possible. > > > > > > [Non-text portions of this message have been removed] > > > > [Non-text portions of this message have been removed] > > > Hi, Was going trough your sendmail.mc file. can you please tell if anything was present in your access file. also let me know if you have any user as trusted user. Regards, Viket [Non-text portions of this message have been removed]
