Chapter 5 Mail Delivery Administration

  Table of Contents

  Glossary

  Index

Using the Internet Express Administration utility, you can manage the following delivery components:

Sendmail Server Administration

There are two administrative interfaces and related macro definitions for the SMTP package, Sendmail.

  • The older administration interface iuses the classic macros. This interface includes new support for including anti-virus actions. You can access this interface by selecting Sendmail Server from the Administration utility Main menu.

  • The newer Sendmail administration utility includes a support based on usage of the open source features from sendmail.org, mailers and macros. The new macro base enforces more control over potential spamming and includes more restrictions over relaying. The newer Sendmail administration includes Clam AV anti-virus mail filter, general mail filters, queue support, performance support, and more complete support for Secure Transport Level Security (TLS). You can access this interface by selecting Sendmail Server/ Using Open Source Configuration Rules from the Administration utility Main menu.

    Note:

    During the configuration of the sendmail.cf file, the Sendmail administration checks the network options and if it finds an Internet Protocol version 6 network, it will auto-configure itself for both Internet Protocol versions 6 and 4 networks.

You can set up or modify the Sendmail server configuration as follows:

For instructions on specifying mailbox access for the Sendmail server, see Section : Configuring Mailbox Access. For information on viewing the mail log, see Section : Viewing the Sendmail Server Log.

In a TruCluster Server environment, the sendmail daemon runs on all cluster members concurrently. Connections are distributed among the cluster members based on how the cluster alias has been configured. See cluamgr(8).

For information on tuning your system to improve the performance of your mail server, visit the following Tru64 UNIX site:

http://h30097.www3.hp.com/technical.html

Refer to Section : Overview of User Accounts for details on creating accounts. For instructions on changing mail delivery types, refer to Section .

Configuring the System as a Standalone Mail System

To configure a standalone mail system, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Sendmail Server.

  3. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  4. From the Configure Sendmail Server form, choose Standalone and click on Configure.

  5. When the configuration has been successful, the Configure as Standalone page displays a message indicating the Sendmail server has been restarted.

    Use the navigation bar to return to the Configure Sendmail Server menu or to the Sendmail Server Administration menu.

Configuring the System as a Mail Client

To configure your system as mail client, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. From the Configure Sendmail Server menu, choose Client and click on Configure.

  4. On the Configure as Client form, specify the name of the mail server system that will relay all mail and click on Submit.

    The system that will act as mail server to this client must be on the same network as the client.

  5. When the configuration has been successful, the Configure Client page displays a message indicating the Sendmail server has been restarted.

    Use the navigation bar to return to the Configure Sendmail Server menu or to the Sendmail Server Administration menu.

Configuring the System as a Mail Server

To configure your system as a mail server, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. From the Configure Sendmail Server menu, choose Server and click on Configure.

  4. On the Configure Server form, you must first configure the Internet Mail Protocol (SMTP). The first time you configure your system as a mail server, the Available Protocols menu offers only the Internet Mail Protocol. Additional protocols are offered after you complete the Internet Mail Protocol configuration.

    To configure the Internet Mail Protocol, click on Configure. The Configure Sendmail Protocol form is displayed. Follow these steps:

    1. Click on Host Alias... to specify one or more mail aliases for this server (see Section ).

    2. Select one of the following routing methods:

      • None—Send mail directly to the addressee.

      • Internet—Forward mail addressed to systems outside your corporation to the relay system specified in Relay Hostname.

      • Nonlocal—Forward mail addressed to systems outside your local site to the relay system specified in Relay Hostname.

      • Local—Forward all mail addressed to any system other than this server to the relay specified in Relay Hostname.

      If you select None, continue with step 5. Otherwise, continue with step 4c.

    3. Enter the name of the system that will process mail using the Internet (SMTP) protocol in the Relay Hostname field.

    4. Select a Relay Protocol from among the protocols installed on your system. SMTP is the default.

  5. Click on Submit.

    The Administration utility displays a message indicating that the changes have been accepted. Click on Continue to return to the Configure Server form.

  6. A top domain is needed if your organization uses any other protocols besides TCP/IP to deliver mail (for example, DECnet or UUCP). The top domain is used to:

    • Encapsulate mail addresses for non-IP protocols before sending mail out over the Internet

    • Determine whether to omit the host name when rewriting the address on the From: line

    You can accept the default top domain, or enter another domain in the Top Domain field. (The top domain is usually your company name and Internet domain, for example, hp.com or isc.org.) You can enter from 1 to 21 alphanumeric characters (including special characters). The address cannot start or end with a hyphen (-).

  7. Click on Submit.

    The Administration utility displays a message stating that the configuration was successful, and that the Sendmail server has been restarted.

  8. You can return to the Configure Sendmail Server menu to configure additional mail protocols or advanced features, such as masquerading, enabling virtual domains or Procmail, anti-spam, or LDAP (Section : Changing the Sendmail Server Configuration). Use the navigation bar at the top of the screen to return to the Configure Sendmail Server menu.

Creating and Deleting Host Aliases for a Mail Server

A host alias is a nickname for your system. If you changed this system's host name (or plan to in the near future), a host alias allows Sendmail to recognize both names—the current host name and the host alias—as synonyms for this system. You can also use host aliases to allow Sendmail to recognize all the system's network interface names as synonyms for this system.

If you configured your system to be a mail server, you can use the Administration utility to create one or more host aliases for any protocol you configure for the server. (You can also create one or more host aliases for your system when you initially configure it as a mail server; see Section : Configuring the System as a Mail Server.)

To set up a host alias for the mail server, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, ensure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Mail Protocols.

  5. On the Configure Server form, do one of the following:

    • Select a new protocol from Available Protocols, and then click on Configure.

    • Select a previously configured protocol from Configured Protocols, and then click on Modify.

    The Configure Sendmail Protocol form is displayed.

  6. Click on Host Alias.... The Host Alias form is displayed.

  7. To add a new host alias, type the name of the alias in the Alias field and then click on Add. The new alias name is displayed in the Current Alias list box.

    To delete an existing host alias, click on the alias name in the Current Alias list box and click on Delete.

  8. When you are finished adding or deleting host aliases for this protocol, click on Submit to return to the Configure Sendmail Protocol form.

  9. Click on Submit. A message is displayed confirming that the changes have been accepted.

    Click on OK to return to the Configure Server form.

  10. On the Configure Server form, you can select another protocol to configure. If you are finished configuring protocols, click on Submit.

    A message is displayed indicating that the configuration was successfully changed. Click on OK to return to the Configure Sendmail Server menu, and then click on Done.

Changing the Sendmail Server Configuration

After you configure your system as a mail server, you can change the configuration, configure additional mail protocols, or configure advanced mail server features as follows:

  1. Under Mail on the Manage Components menu, choose either Sendmail Server or Sendmail Server/ Using Open Source Configuration Rules, depending on which Sendmail administration interface you are using.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, ensure that Server is selected, and click on Configure.

  4. Select one of the following:

Configuring Mail Protocols

When you initially configure your system as a mail server, you are required to configure the SMTP protocol (see Section : Configuring the System as a Mail Server). After configuring the SMTP protocol (and completing the rest of the mail server configuration), you can reconfigure the SMTP protocol, or add the following additional protocols to the mail server configuration:

To configure a mail protocol, do one of the following on the Configure Sendmail Server form:

  • Select the protocol you want from the Available Protocols menu and click on Configure.

  • Select the protocol you want from the Configured Protocols menu and click on Modify.

The configuration form appropriate for the protocol you selected is displayed.

Creating and Deleting Pseudo Domain Aliases

A pseudo domain alias is used by Sendmail to determine the protocol that a mail message requires. The message is properly encapsulated by Sendmail before being sent out over the Internet.

If you configured your system to be a mail server, you can use the Administration utility to create one or more pseudo domain aliases for the MTS, DECnet/OSI, UUCP, and X.25 protocols.

To set up a pseudo domain alias for a protocol, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, ensure that Server is selected and click on Configure.

  4. On the Configure Server form, do one of the following:

    • Select a new protocol from Available Protocols, and then click on Configure.

    • Select a previously configured protocol from Configured Protocols, and then click on Modify.

    The Configure Sendmail Protocol form is displayed.

  5. Click on Pseudo Domain Alias.... The Pseudo Domain Alias form is displayed.

  6. To add a new pseudo domain alias, type the name of the alias in the Alias field, and then click on Add. The new alias name is displayed in the Current Alias list box.

    To delete an existing pseudo domain alias, click on the alias name in the Current Alias list box and click on Delete.

  7. When you are finished adding or deleting pseudo domain aliases for this protocol, click on Submit to return to the protocol configuration form.

  8. Continue to configure the protocol as described in Section : Configuring the MTS Protocol through Section : Configuring the X.25 Protocol.

Configuring the MTS Protocol

To configure the MTS protocol for the Sendmail server, complete the Configure MTS Protocol form as follows:

  1. Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).

  2. Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).

  3. Select one of the following routing methods:

    • Internet—Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/ DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.

    • Direct—Sends mail directly to the addressee. This option is not displayed if the MTS protocol is not installed on this server.

    • Relay—Forwards mail to another system (called the relay host) for processing.

  4. If you chose Relay routing:

    • Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).

    • Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.

  5. Accept the default pseudo domain (mts) or enter another pseudo domain in the Pseudo Domain field.

  6. Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.

    If an error occurs, use the navigation bar to return to the Configure MTS Protocol form.

  7. On the Configure Server form, you can select another protocol to configure.

    If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail Server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.

Configuring the DECnet Phase IV Protocol

If DECnet is installed and configured on your system, you can configure the DECnet Phase IV protocol.

To configure the DECnet Phase IV protocol for the Semdmail server, complete the Configure DNET Protocol form as follows:

  1. Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).

  2. Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).

  3. Select one of the following routing methods:

    • Internet—Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.

    • Direct—Sends mail directly to the addressee. This option is not displayed if the DECnet Phase IV protocol is not installed on this server.

    • Relay—Forwards mail to another system (called the relay host) for processing.

  4. If you chose Relay routing:

    • Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).

    • Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.

  5. Enter the DECnet node address for this server (area.node) for this server in the Node Address field; for example, 32.958.

  6. A pseudo domain is used by Sendmail to determine the protocol that a mail message requires. The message is properly encapsulated by Sendmail before being sent out over the Internet. Accept the default pseudo domain (ENET) or enter another pseudo domain in the Pseudo Domain field.

  7. Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.

    If an error occurs, use the navigation bar to return to the Configure DNET4 Protocol form.

  8. On the Configure Server form, you can select another protocol to configure.

    If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.

Configuring the DECnet/OSI Protocol

If DECnet is installed and configured on your system, you can configure the DECnet/OSI protocol.

To configure the DECet/OSI (Phase V) protocol for the Sendmail server, complete the Configure DNET Protocol form as follows:

  1. Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).

  2. Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).

  3. Select one of the following routing methods:

    • Internet—Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.

    • Direct—Sends mail directly to the addressee. This option is not displayed if the DECnet/OSI protocol is not installed on this server.

    • Relay—Forwards mail to another system (called the relay host) for processing.

  4. If you chose Relay routing:

    • Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).

    • Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.

  5. The default DNS Name Space is the total collection of names that one or more DECdns servers know about, look up, manage, and share. The name space for your site is the token before the colon ( : ) in your Phase V node name. For example, dec is the name space for the address dec:.foo.bar. Accept the default DNS name space or enter another name space in the DNS Name Space field.

  6. A pseudo domain is used by Sendmail to determine the protocol that a mail message requires. The message is properly encapsulated by Sendmail before being sent out over the Internet. Accept the default pseudo domain (D5NET) or enter another pseudo domain in the Pseudo Domain field.

  7. Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.

    If an error occurs, use the navigation bar to return to the Configure DNET5 Protocol form.

  8. On the Configure Server form, you can select another protocol to configure.

    If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.

Configuring the UUCP Protocol

To configure the UUCP protocol for the Sendmail server, complete the Configure UUCP Protocol form as follows:

  1. Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).

  2. Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).

  3. Select one of the following routing methods:

    • Internet — Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.

    • Direct—Sends mail directly to the addressee. This option is not displayed if the UUCP protocol is not installed on this server.

    • Relay—Forwards mail to another system (called the relay host) for processing.

  4. If you chose Relay routing:

    • Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).

    • Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.

  5. Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.

    If an error occurs, use the navigation bar to return to the Configure UUCP Protocol form.

  6. On the Configure Server form, you can select another protocol to configure.

    If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.

Configuring the X.25 Protocol

To configure the X.25 protocol for the Sendmail server, complete the Configure X25 Protocol form as follows:

  1. Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).

  2. Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).

  3. Select one of the following routing methods:

    • Internet—Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.

    • Direct—Sends mail directly to the addressee. This option is not displayed if the X.25 protocol is not installed on this server.

    • Relay—Forwards mail to another system (called the relay host) for processing.

  4. If you chose Relay routing:

    • Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).

    • Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.

  5. Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.

    If an error occurs, use the navigation bar to return to the Configure X25 Protocol form.

  6. On the Configure Server form, you can select another protocol to configure.

    If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.

Configuring Masquerading

Masquerading is the process of transforming the local host name portion of a mail address into that of another host. A masquerading mail message appears to have come from the other host rather than the local host.

Error messages are often returned to the sender address on the message envelope. When many hosts are masquerading as a single host, all error messages are delivered to the central masquerading host.

When you enable masquerading on a configured Sendmail Server, all the host aliases you create will automatically assume the masquerading host name.

Accessing the Configure Masquerading Form

To access the Configure Masquerading form, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, ensure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Masquerading.

Figure 5-1 shows the Configure Masquerading form.

Figure 5-1 Configure Masquerading Form

Configure Masquerading Form
Users Automatically Excluded from Masquerading

The following users are always excluded from masquerading (whether or not you explicitly specify them in the Excluded Users List field or in the Excluded Users File):

  • root

  • postmaster

  • news

  • uucp

  • mailer-daemon

  • rdist

  • nobody

  • daemon

  • pop

  • imap

Configuring Your System for Masquerading

To configure your system for masquerading, follow these steps:

  1. To enable masquerading, turn on the Enable Masquerading checkbox. (To disable masquerading while retaining the masquerading configuration, turn off this checkbox.)

  2. Enter the masquerading host name in the Masquerade As field. This field is required. When masquerading is enabled, all the host aliases for your system (see Section : Creating and Deleting Host Aliases for a Mail Server) will automatically assume this masquerading host name, unless you check Exclude Host Aliases From Masquerading (see step 8). The system can have only one masquerading host name, and must be a valid, fully qualified name.

  3. You can specify additional hosts and domains that you want to assume the masquerading host name by entering the names in the Masquerading Hosts/Domains List field. Separate the names using a space. In Figure 5-1, the host server.xyzcorp.com and the domain xyzcorp.com will assume the masquerading host name xyzcorp.com.

    Note:

    You must specify an entry in the Masquerading Hosts/Domains List field if you intend to exclude host aliases from masquerading (see step 8) or if you want to enable masquerading for subdomains (see step 9). You must specify to Sendmail the hosts and domains you want to masquerade (since the local host name and local aliases will be excluded).

  4. If you have a file containing the names of hosts and/or domains that you would like to assume the masquerading host name, enter the full pathname of that file in the Masquerading Hosts/Domains File field. In Figure 5-1, the file /mydir/masked-hosts.txt contains additional host and domain names to be masqueraded, each on a separate line, as shown in the following example:

    host1.site.domain.com
    host2.site.domain.com
    host3.site.domain.com

    You can specify only one file in the Masquerading Hosts/Domains File field.

  5. To prevent the masquerading host name from appearing in the mail header of messages from particular users, enter those user names in the Excluded Users List field. Separate the names using a space. In Figure 5-1, mail messages from the users julia, sarah, and barbara will not use the masquerading host name.

  6. If you have a file containing the names of users whose mail headers should not use the masquerading host name, enter the full pathname of this file in the Excluded Users File field. Each user name must occupy a separate line in the file, as shown in the following example:

    admin
    peter
    vpr
    rich
    

    You can specify only one file in the Excluded Users File field.

    Notes:

    If a user listed in the Excluded Users List field or contained in the file specified in the Excluded Users File field sends mail to a local user, the sending user's name will be masqueraded.

  7. To use the masquerading host name in all recipients' addresses, check Use Masquerading Hostname in Recipient Addresses. (Recipient addresses include those on the To: and Cc: lines in the message header.)

  8. To exclude your system's host aliases from masquerading, check Exclude Host Aliases From Masquerading. When this item is checked, only the host and domain names specified in Masquerading Hosts/Domains List and in the file specified by Masquerading Hosts/Domains File will be masqueraded.

  9. If you want hosts and subdomains within the domains specified in the Masquerading Hosts/Domains List and Masquerading Hosts/Domains File fields to assume the masquerading host name, check Enable Masquerading for Subdomains. For example, in Figure 5-1, mail from server.xyzcorp.com (a host within the xyzcorp.com domain) will assume the xyzcorp.com masquerading host name.

  10. To masquerade the envelope addresses, check Enable Masquerading for the Envelope. By default, the header addresses are masqueraded; however, by checking this item, the envelope addresses are also masqueraded.

  11. Click on Submit to change the server configuration (or click on Cancel to cancel the changes and return to the Configure Sendmail Server menu).

    The Administration utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted. Click on OK to return to the Configure Sendmail Server menu.

    If there were any errors in the configuration, the Administration utility displays a list of the errors. Click on OK to return to the Configure Masquerading form.

Configuring Virtual Domains

Virtual domains allow multiple aliases to be hosted on a single system. To use virtual domains on your system, you must first create a virtual domain table. The Administration utility expects this file to be named /var/adm/sendmail/virtusertable, but you can override this default when you enable virtual domains. Example 5-1 shows a sample virtual domain table.

Example 5-1 Sample Virtual Domain Table

info@foo.com   foo-info
info@bar.com   bar-info
@baz.org       jane@elsewhere.net

The virtual domain table in Example 5-1 specifies the following:

  • Mail addressed to info@foo.com is delivered to foo-info.

  • Mail addressed to info@bar.com is delivered to bar-info.

  • Mail addressed to anyone at baz.org is delivered to jane@elsewhere.net.

    The user name from the original address is passed as %1 (for example, @foo.org%1@elsewhere.net). This allows mail sent to someone@baz.org to be delivered to someone@elsewhere.net.

All the host names on the left-hand side of the table (in Example 5-1, foo.com, bar.com, and baz.org) must be in the host alias list (see Section : Creating and Deleting Host Aliases for a Mail Server).

You must also set up name servers for the virtual addresses that get mapped to the real addresses. You can use Domain Name System (DNS) configuration to complete the following:

  1. Select an available domain name.

  2. Establish two machines as primary and secondary name servers for this domain.

  3. Configure MX records for this domain.

  4. Register this domain with InterNIC.

See the Tru64 UNIX manual Network Administration: Services for more information about configuring DNS.

After you create the virtual domain table, use the makemap command to create an address mapping database, based on the data in the table; for example:

# makemap btree virtusertable < virtusertable

This command creates the virtusertable.db file in BTREE format. Sendmail uses these files to determine whether the address on a mail messages has been mapped to a virtual domain. For more information on the makemap command, see the makemap(8) reference page.

After creating the database files, you can use the Administration utility to configure virtual domains on your system, as follows:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure the Sendmail Server menu, choose Configure Virtual Domains.

  5. On the Configure Virtual Domains form, set the Use Virtual Domains checkbox to enable virtual domains. (You can turn off this checkbox to disable virtual domains while retaining the virtual domains configuration.)

  6. Enter the complete pathname for the virtual user table you created using the makemap command. (The default is /var/adm/sendmail/virtusertable.)

  7. Enter the host aliases that are mapped in the Virtual Domain database in the Virtual Hosts/Domains list. If you configure virtual domains, then all the host aliases in this list will be checked for mapping in the virtusertable.

  8. Set the Suppress Errors in the Absence of the Database File checkbox to allow database lookups to fail silently if the table_name.dir and table_name.pag files (where table_name is the file name for your virtual user table) do not exist. (This parameter corresponds to the -o option on the K configuration line in the sendmail.cf file.)

  9. Ordinarily, Sendmail strips all nonescaped quotation marks and removes any backslashes (\) from a key before looking it up in the virtual user table. For example:

    “Bob \”bigboy\”Roberts \(esq\)"@bob.com

    is ordinarily converted to:

    Bob "bigboy" Roberts (esq)@bob.com

    To preserve quotation marks and escape characters (those preceded by a backslash) in keys before database lookup, turn off the Strip Quotation Marks from Keys checkbox . (This parameter corresponds to the -q option on the K configuration line in the sendmail.cf file.)

  10. Ordinarily, Sendmail converts a key to all lowercase letters before looking it up in the virtual user table. If keys in the virtual user table are case-sensitive, turn off the Convert Keys to Lowercase checkbox to prevent conversion to lowercase. (This parameter corresponds to the -f option on the K configuration line in the sendmail.cf file.)

  11. Click on Submit to change the server configuration.

    When the Suppress Errors in the Absence of the Database Files checkbox is not checked, the Administration utility checks that the filename.dir and filename.pag files exist (where filename is the name of the virtual user table you specified in the Database File Name field).

    If there are no errors, the utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted. Click on OK to return to the Configure SMTP Server menu.

    If there were any errors in the configuration, the Administration utility displays a list of the errors. Click on OK to return to the Configure Virtual Domains form.

Enabling Procmail as a Local Mailer

When you enable your Sendmail server to use /usr/bin/procmail as a local mailer, Procmail is used as a replacement for the local mailer (for example, /bin/mail, /usr/bin/mail, mail.local, rmail, and so on) to deliver to /var/spool/mail. Procmail allows system-wide mail filtering. (For more information, see the procmail(1) reference page.)

To configure your system to use Procmail as a local mailer, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Enable/Disable Procmail.

  5. On the Enable/Disable Procmail form, if Procmail is not currently enabled, click on Enable. Otherwise, click on Disable.

The Administration utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted. Use the navigation bar to return to the Configure SMTP Server menu.

Enabling Anti-Virus

Clam AntiVirus is an anti-virus toolkit for UNIX, designed for e-mail scanning on mail gateways. It provides a flexible and scalable multi-threaded daemon for e-mail scanning. Clam AV is licensed under the GNU General Public Licence and it is POSIX compliant, and portable. It detects viruses, worms and trojans and scans within archives and compressed files.

Amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners. Amavisd-new is Perl component ensuring high reliability, portability and maintainability. Amavisd-new uses several external programs and Perl modules for its operation. If there are any security vulnerabilities in them, the entire setup could be affected.

To enable Clam AV and Amavisd-new, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Enable/Disable Clamav and Amavis.

  5. On the Enable/Disable form, if Clamav and Amavis are not currently enabled, click on Enable. Otherwise, click on Disable.

Configuring Anti-Spam

The Administration utility allows you to configure the following features of Sendmail to prevent mail from spam sites (also called unsolicited bulk e-mail) from reaching your system:

Configuring Relaying

By default, your Sendmail server configuration does not relay messages from a site outside your domain to another site outside your domain. To remove this restriction, or to control the relaying of mail messages on your SMTP server to and from specific domains, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Anti-Spam.

  5. From the Configure Anti-Spam menu, choose Configure Relaying.

The Configure Relaying page lets you set the following relaying options:

  • In the Relaying Domains List field, specify the list of domain names or IP addresses, to and from which your Sendmail server is allowed to transmit messages. Separate entries in this field with blank spaces.

  • If you have a file containing the domain names and IP addresses to which you want to restrict relaying, enter the full pathname for the file in the Relaying Domains File field.

  • Set the Allow Relaying from Any Host in Local Domain checkbox to allow any host in your domain to relay. By default, only hosts listed as OK in the accessdb database are allowed to relay messages.

  • Set the Allow Relaying Based on Sender's MX Records checkbox to permit your server to relay messages from senders who list your server in their MX records. The MX record consists of lists of hosts that can accept messages for the specified destination. For example, if your server received a message from user@domain.com and domain.com lists your server in its MX records, your server accepts the message.

  • Set the Exclude Subdomains from Relaying checkbox to restrict relaying to specific host names (rather than permit relaying based on subdomain). Usually, relaying is based on domain names. The names listed as RELAY in the accessdb file and entries in the Relaying Domains List field (or contained in the Relaying Domains File) are domain names. If you specify, for example, that example.com is a relaying domain, then messages to and from example.com, abc.example.com, user.dept.xyz.example.com are all accepted for relaying. When the Exclude Subdomains from Relaying checkbox is set, Sendmail looks up individual host names before determining whether or not to relay a message.

  • Set the Allow Relaying from Local Host checkbox to relay a message when the sender's return path domain (for example, MAIL FROM: <user@domain.name>) is a local domain.

  • Under normal behavior, if a message header lists a recipient as user%site@anothersite and anothersite is included in the Relaying Domains list (or Relaying Domains file), Sendmail strips @anothersite and rechecks user@site for relaying. Set the Disable Checks For Relay Forwarding checkbox to prevent this behavior.

    Note:

    Setting this checkbox may allow spam mail to relay through your server if it is not set up properly.

  • Set the Check for Blacklist Recipients in Access Database checkbox when you want to block incoming mail for certain recipient user names, host names, or IP addresses. For example, you can block incoming mail addressed to nobody, host example1.domain.name, or user guest@example2.domain.name, as specified in the accessdb file. (See Section : Configuring the Access Database for information on the accessdb file.)

  • Set the Allow Unrestricted Relaying checkbox, to accept mail from outside your domain and send it to another host outside your domain. When this checkbox is set, your site will allow mail relaying from any site to any site.

  • Set the Reject Mail from Server in Realtime Blackhole List checkbox to reject mail from any server listed in the Realtime Blackhole List. For more information on the Mail Abuse Protection System (MAPS) and the Realtime Blackhole List, see

    http://mail-abuse.org/rbl/

When you are through setting the Configure Relaying options, click on Submit. A success message confirms that relaying has been configured on your system and that your Sendmail server has been restarted.

Configuring the Access Database

The Sendmail server uses an access database for the following purposes:

  • To reject mail from specific domains and addresses (RHS: REJECT or a specific error message)

  • Accept mail even though it might be rejected by subsequent checks (RHS: OK)

  • Permit mail to be relayed (RHS: RELAY)

The access database uses e-mail addresses, domain names, and network numbers as keys, and uses values to indicate how the Sendmail server should handle mail based on these keys. Example 5-2 shows the syntax of entries in an access database.

Example 5-2 Sample Access Database for the Sendmail Server

spammer@dummy.com REJECT
cyberspammer.com REJECT
cyberspammer.com 550 We don't accept mail from spammers!
okay.cyberspammer.com OK
bulkmailer@dummy.com DISCARD
206.117.147 REJECT
sendmail.org OK
128.32 RELAY

As shown in Example 5-2, the Sendmail server handles incoming mail as follows:

  • Rejects mail from spammer@dummy.com

  • Accepts mail from host okay at cyberspammer.com (but rejects mail from all other hosts at that domain and returns the specified message)

  • Discards mail from bulkmailer@dummy.com using the $#discard mailer

  • Rejects mail from any host on the 206.117.147.* network

  • Accepts mail from all users at sendmail.org

  • Relays messages from the 128.32.*.* network

To create an access database:

  1. Create an access database file in /var/adm/sendmail/accessdb using the format shown in Example 5-2.

  2. After you create the access table in a text file, use the makemap command to create the database map, based on the data in the table. For example:

    # makemap btree accessdb < accessdb

    This command creates the accessdb.db file in BTREE format. Sendmail uses this file to determine whether to accept or reject the relaying of mail messages. For more information on the makemap command, see the makemap(8) reference page.

After creating an access database, you can specify sendmail.cf options for this database using the Administration utility.

To configure the access database, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Anti-SPAM.

  5. From the Configure Anti-SPAM menu, choose Configure Access Database. The Configure Access Database form is displayed (Figure 5-2).

    Figure 5-2 Configuring an Access Database

    Configuring an Access Database
  6. On the Configure Access Database form, set the Use Access Database checkbox to enable access database lookups. (You can turn off this checkbox to disable database lookups while retaining the access database configuration.)

  7. Enter the complete pathname for the access database you created but do not include the extension. (The default pathname is /var/adm/sendmail/accessdb.)

  8. Set the Suppress Errors in the Absence of the Database File checkbox to prevent Sendmail from performing a database lookup if the access database does not exist. (This parameter corresponds to the -o option on the K configuration line in the sendmail.cf file.)

  9. Ordinarily, Sendmail strips all nonescaped quotation marks and removes any backslashes (\) from a key before looking it up in the access database. For example:

    “Bob \”bigboy\”Roberts \(esq\)"@bob.com

    is ordinarily converted to:

    Bob "bigboy" Roberts (esq)@bob.com

    To preserve quotation marks and escape characters (those preceded by a backslash) in keys before database lookup, turn off the Strip Quotation Marks from Keys checkbox. (This parameter corresponds to the -q option on the K configuration line in the sendmail.cf file.)

  10. Ordinarily, Sendmail converts a key to all lowercase letters before looking it up in the access database. If keys in the virtual user table are case-sensitive, turn off the Convert Keys to Lowercase checkbox to prevent conversion to lowercase. (This parameter corresponds to the -f option on the K configuration line in the sendmail.cf file.)

  11. Click on Submit to change the server configuration (or click on Cancel to cancel the changes and return to the Configure Sendmail Server menu).

    When the Suppress Errors in the Absence of the Database File checkbox is not checked, the Administration utility checks that the access database file exists (as specified in the Database File Name field).

    If there are no errors, the utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted.

    If there were any errors in the configuration, the Administration utility displays a list of the errors.

  12. To block incoming mail for certain recipient user names, host names, or IP addresses, return to the Configuring Relaying page (Section : Configuring Relaying) and set the Check for Blacklist Recipients in Access Database checkbox.

Configuring Checking on Sender's Information

To configure checking on sender's information, follow these steps:

  • Set the Accept Mail from Unqualified Senders checkbox when you want to accept messages that do not include a domain name in the sender's address (that is, the sender's host name is not fully qualified). If this checkbox is not set, the Sendmail server rejects any message containing a sender address that is not fully qualified.

  • Set the Accept Mail from Unresolvable Domains checkbox when you want to accept messages that are from addresses that the Domain Name System (DNS) server cannot locate and resolve. If this checkbox is not set, the Sendmail server rejects any message containing an unresolvable domain name in the sender address.

Configuring LDAP

You can configure the Sendmail server to identify users based on the information in an LDAP directory. When you complete the Configure LDAP form during Sendmail server configuration, the Administration utility creates a K line entry in the sendmail.cf file that defines how the Sendmail daemon is to search the LDAP directory to authenticate users.

For information on managing the LDAP Directory servers, see Chapter 11.

To configure the Sendmail server to use LDAP, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure the Sendmail Server menu, choose Configure LDAP.

  5. On the Configure LDAP form, check the Enable LDAP Look-Up checkbox to enable the Sendmail server to look up user information in an LDAP directory. (You can uncheck this checkbox to disable LDAP directory lookups while retaining the LDAP configuration.)

  6. In the LDAP Search Base field, specify the directory in your LDAP tree in which you want to begin searching. Use a space to separate the entries in this field. For example:

    ou=People o=XYZCompany c=US

    This field corresponds to the -b option in the K line in sendmail.cf.

  7. In the List of LDAP Servers field, enter the names of servers at your site that support LDAP. Use a space to separate entries in this field. The LDAP libraries attempt to connect to these servers in the order you list them. For example:

    dirserver1.xyz.com dirserver2.xyz.com

    This field corresponds to the -h option in the K line in sendmail.cf.

  8. In the List of LDAP Search Strings field, specify one or more attributes that you want to search on. (The maximum number of attributes that you can search is 1023.) Use a space to separate attributes. (The base directory you specified in the LDAP Search Base field in step 6, combined with the strings supplied in this field, should define a search that returns at most one entry.) For example:

    uid cn

    This field corresponds to the -k option in the K line in sendmail.cf.

  9. In the List of LDAP Attributes Returned field, specify one or more attributes that will get populated from the LDAP directory when your search is successful. You can specify at most 63 attributes. Use a space to separate attributes. The ldapsearch command returns all the attributes that it can successfully populate. For example:

    mailForwardingAddress mail uid

    If a mailForwardingAddress and mail attribute exists, it will return both. Each one will then be treated as a separate address and will be individually processed.

    This field corresponds to the -v option in the K line in sendmail.cf.

  10. Set the Suppress LDAP Errors checkbox to prevent Sendmail from performing a database lookup if the ldap database does not exist. (This parameter corresponds to the -o option on the K configuration line in the sendmail.cf file.)

Figure 5-3 shows the Configure LDAP form.

Figure 5-3 Configuring the Sendmail Server to Use LDAP for Address Lookups

Configuring the Sendmail Server to Use LDAP for Address Lookups

Configuring Mail Filters (MILTER)

The Sendmail daemon distributed in this Internet Express release is compiled to interface with any mail filters compiled with the sendmail.org provided milter library (known as libmilter). The milter library is included with this release. To include it with a filter compilation, use the –lmilter flag on the compile or link command line. (See the example included in Appendix A.)

A filter has a name and a socket interface. A filter uses one of four types of sockets: local, unix, inet and inet6. This socket must not already exist. It will be created at run time.

Here are a few examples:

  • Filter Name: sample1

    Socket: local:/var/run/f1.sock

    A local file filter, using a local UNIX socket

  • Filter Name: sample2

    Socket: inet:1099@remotehost.com

    A network socket accessed via IPv4 port number 1099 on remotehost.

  • Filter Name: sample3

    Socket: inet6:1066@myhost.com

    A network socket accessed via IPv6 port number inet:1066 on myhost.com.

Filters can reject or defer mail if the connection to the filter fails. It may also have definitions for various time outs on filter related events.

For example: Filter Name: sample4

Socket: inet:1066@myhost.com,T=C:5m;S:10s;R:10s;E:5m

In this example, a network socket is accessed via IPv4 port number inet:1066 on myhost.com with the default timeouts defined.

Timeout FieldTimeout FieldDefault Timeout
E The overall timeout from sending end of message to filter to the final end of message reply.5 minutes
RThe timeout for reading a reply from the filter.10 seconds
SThe timeout for sending information from the mail transfer agent to a filter. 10 seconds
CThe connection timeout.5 minutes

Mail filters can be managed within the Internet Express Administration utility. The Administration interface allows the addition, modification or deletion of a mail filter.

Adding a Mail Filter

To add a mail filter, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure MILTER.

  5. In the Filter Name field, enter a name for the new filter.

  6. In the Socket Type field, enter the type. Choices are: local, unix, inet and inet6.

  7. In the drop-down box If Filter is Unavailable, choose either Reject Connection or Temporary Fail.

  8. Enter desired values in the Timeouts fields.

  9. Click on Submit to add the filter.

Modifying a Mail Filter

To modify a mail filter, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure MILTER.

  5. In the Existing Filters list, choose the filter to be modified.

  6. Click Modify.

  7. Modify the values as desired.

  8. Click on Submit to change the filter.

Deleting a Mail Filter

To delete a mail filter, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure MILTER.

  5. In the Existing Filters list, choose the filter to be deleted.

  6. Click Delete.

  7. On the confirmation page, click Continue.

Filters Included with Internet Express

Bogofilter and Clam AV anti-virus filters are supplied with this release. Clam AV anti-virus can be enabled using the Administration Utility (see Section : Enabling Anti-Virus). For information about Bogofilter, see Section : Bogofilter Spam Filter.

Creating a New Mail Filter

Appendix A includes the code for a sample mail filter code called sample.c. To compile it, use the following command:

# cc –I/usr/internet/include -o sample sample.c libmilter.a libsm.a -pthread

Any new filter must be thread-safe. Depending on how many threads will run, the per-process limits in the new filter may have to be changed.

Adding the Sample Filter Using the Administration Utility

Access the Add New Filter menu, as described in Section : Adding a Mail Filter. Enter the appropriate information for the filter, for example:

Filter Name: sample Socket: local:/var/run/f1.sock

Socket: local:/var/run/f1.sock

When you click on Submit, the new filter interface is added to the current Sendmail configuration file.

Testing the New Filter

The sample filter takes one argument, -p, which indicates the local port on which to create a listening socket (the UNIX domain socket located in /var/run/example1.sock).

./sample -p local:/var/run/example1.sock

If the sample filter returns immediately to a command line, there was problem. Check the following items:

  1. Whether the command line had errors

  2. If the local socket was created

  3. The syslog for any errors

  4. Use the command netstat -a to verify the filter process is listening on the correct local socket.

To test the filter, e-mail messages must be piped to the filter via Sendmail. There are two means of doing this: by using sendmail -bs, or by telnet localhost 25. See the following example:

# sendmail -bs
220 example.hp.com ESMTP Sendmail 8.13.5/8.13.5; Thu, 23 Feb 2006 13:05:23 -0500 (EST)
HELO localhost
250 example.dec.com Hello test@localhost, pleased to meet you
MAIL From: <test>
250 2.1.0 <test>... Sender ok
RCPT To:
250 2.1.5 <root>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
From: test@example.hp.com
To: root@example.hp.com
Subject: testing sample filter

Example text of a message
.
250 2.0.0 bD213442 Message accepted for delivery
QUIT
221 2.0.0 example.hp.com closing connection
221 2.0.0 example.hp.com closing connection
#

In this example, the lines beginning with numbers are output by Sendmail, and the bold lines are typed input. A successful test will create a file in /tmp /msg.XXXXXXXX (where the Xs represent any combination of letters and numbers) and it will the message body and headers from the text entered above.

Both syslog and Sendmail can be used to help debug any problems. First look in syslog for any related error messages. Additional log messages can be added by raising the logging level of sendmail by use of the LogLevel option.

Configuring Queues

Queue groups are supported using the Sendmail menu of the Administration Utility. A queue group has a name and a directory path where the e-mail messages will be stored temporarily. The directory path must be a subdirectory of the sendmail variable called, QueueDirectory. Its default path is /var/spool/mqueue.

You can use the Administration Utility to add, modify or delete a queue.

Adding a Queue

To add a queue group, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Queues.

  5. In the New Queue field, enter a name for the new queue group.

  6. Click Add.

  7. The Flags argument specifies whether queues are processed in parallel in the background, or in serial mode. Specifying "f" as the flags argument defines the parallel processing queue mode.

  8. The nice value argument is the operating system priority that queues are processed. The default value is set to give all processes an equal chance of running.

  9. In the Interval Between Queue Runs field, specify the time interval to wait between active runs. Intervals are specified using short strings such 1h (1 hour), 30s (30 seconds), 1d (1 day) and 2w (2 weeks).

  10. In the Path field, enter the queue directory. It defaults to the /var/spool/mqueue directory.

  11. In the Parallel Runners field, enter specifies the maximum queue processors per queue group. By default there is one per queue.

  12. In the Max Jobs field, specify the maximum number of mail messages to process on a given queue run.

  13. In the Max Recipients field, specify the default limit for the number of recipients allowed per envelope. Leaving the field blank or setting it to zero will impose no limit on the message processing.

  14. Click on Submit to add the queue group.

After a queue is created, you can use the mailq command to list all valid queues and mail queued for transfer.

If multiple queues are used, separate Sendmail daemon commands should be scheduled to periodically check and transfer any queued mail. The following example illustrates the point:

# sendmail –bt –q queue-name

Modifying a Queue Group

To modify the values for a queue group, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Queues.

  5. In the list of existing queues, choose the queue group to be modified.

  6. Click Modify.

  7. Modify the values as desired.

  8. Click on Submit to change the queue.

Deleting a Queue Group

To delete a queue group, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Queues.

  5. In the list of existing queues, choose the queue to be deleted.

  6. Click Delete.

  7. On the confirmation page, click Continue.

Configuring Queue Performance

The Queue Performance menu option allows you to set local values for default options found in Sendmail. Table 5-1, Table 5-2, Table 5-3 and Table 5-4 describe these values.

Table 5-1 General Queue Properties

ValueDescriptionDefault
Default Queue DirectoryLocation where mail is queued and any additional queues are defined with this path/var/spool/mqueue
Queue File ModeDefault permissions for files placed in the queue directory/var/spool/mqueue
Queue File ModeHow to sort messages in the mail queue (priority, host, time, file, random, or file modification time)priority
Queue TimeoutLimit lifetime of a message in the queue5d (5 days)
Queue FactorFactor used to compute the load factor ; used for determining when to queue mail because of high system load600,000
Queue Load AverageWhen the load average (average number of processes in a run queue over the last minute) exceeds this value, mail is queued rather than deliver them8 times number of CPUs present
Queue Refuse Load AverageWhen the load average (average number of processes in a run queue over the last minute) exceeds this value, sendmail refuses new connections12 times the number of CPUs present
MaxQueueChildrenLimit number of concurrent queue processors0 (no limit)
MinQueueAgeSkip queue processing if the wait time interval has not passed0 (disabled)
Recipient FactorUsed to penalize large recipient lists30,000
 

Table 5-2 Queue Timers

Timeout ItemsDescriptionDefault Value
Queue ReturnBounce if message is undelivered5 days
Q-R Normal(for a normal message)None
Q-R Urgent(for an urgent message)None
Q-R Nonurgent(for a nonurgent message)None
Queue WarnWarn if message is undelivered4 hours
Q-W Normal(for a normal message)None
Q-R Urgent(for an urgent message)None
 

Table 5-3 describes the Sendmail timers (timeouts waiting on an SMTP protocol event,

Table 5-3 Sendmail Timers

TimerDescriptionDefault Value
MailTimeout on MAIL FROM:5 to 10 minutes
rcptTimeout on RCPT TO:1 hour
datainitTimeout on DATA acknowledgement5 minutes
datablockTimeout on DATA block readNo default
datafinalTimeout on DATA acknowledgement of final dot1 hour
commandTimeout on wait of next command1 hour
InitialTimeout on initial greeting messageNone
HeloTimeout on HELO or EHLONone
RsetTimeout on RSET acknowledgement5 minutes
QuitTimeout on QUIT acknowledgement2 minutes
MiscTimeout on other SMTP commands2 minutes
IdentTimeout on ident protocol 0/disabled
FileopenTimeout on NFS file open5 minutes
 

Table 5-4 Sendmail Tunable Parameters

ParameterDescriptionDefault Value
MinFreeBlocksMinimum file space needed for Sendmail to operate100
MaxHeaderLengthMaximum size of the header section32768 bytes
MaxMessageSizeMaximum message length0
MaxMimeHeadersMaximum length of the MIME headers0/0
 

To configure the Sendmail queue performance, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Queue Performance.

    A form is displayed, showing the current performance values.

  5. Modify the timers and other parameters as desired.

  6. Click Submit.

Configuring Trusted Layer Security

Sendmail includes support for enhanced security: Secure Socket Layer (SSL) and Transport Layer Security (TLS). SSL and now TLS (successor to SSL) are used to establish a trusted connection. Sendmail's usage of TLS is not end-to-end encryption. Certificates in X.509 form are used to form this trusted connection.

To use TLS, sendmail needs a source of random information. This Internet Express release includes both Tru64 UNIX Version 5.1A and 5.1B sendmail binaries to allow access of the appropriate random number generators. In version 5.1B, the Sendmail binary uses the native /dev/random device, while the Tru64 UNIX Version 5.1A operating system version includes support for egd. egd is a Perl-based persistent daemon that gathers and then sources to Sendmail a flow of pseudorandom information. This information is used for encryption actions.

In addition to access of random information, the system administrator must have a set of digital certificates that defines the authority (local or remote), server and client identification. Certificates follow a hierarchical model, the X.509 Certificate Authority.

Server certificates are used for incoming connections, and client certificates are used for outbound connections. A single certificate can be shared for both functions.

Certificates contain identity information. Here is an example:

/C=US /ST=New Hampshire /L=Nashua /O=OurCompany.org /CN=OurCompany CA

[additional abbreviated information]

Table 5-5 Certificate Defaults

Certicate AuthorityAbbreviation 
Certificate Authority Certificate Authority (signs certificates)CA
Certificate IssuerOne that issues certificates (a CA)CI
CertificateThe public part of the key pair (identity information)cert
KeyPrivate part of the key pairkey
Distinguished nameunique nameDN
Common nameCommon (not necessarily unique) Hostname, or user's full nameCN
 

A TLS certificate can be bought from a certification authority, or it can be created locally for use. Commercial companies such as VeriSign, Equivax and Thawte provide certification related functions. Once the commercial transaction has taken place, store the certificate information in the /var/adm/sendmail/certs/cacert.pem.

If you have commercial certificates or has created his own Certificate Authority, review the Certificate Authority section in Appendix A.

The following fields in the Sendmail TLS menu must be completed to allow proper functioning of the TLS between server and server, or server and client.

Servers and clients have certificate and key files. The Certificate Authority Certificate is the top level identifier that ties the machines identity to a well known (trusted) authority. The server certificate is used for inbound connections and identifies the server to the connector. The client certificate identifies connecting client to the remote mail server. The client certificate can be the same as the server certificate. The server and client keys are the private keys used in the security transaction.

Table 5-6 TLS Certificate Values

Field NameDefault
Certificate Authority Certificate Directory (CA)/var/adm/sendmail/certs
Certificate Authority Certificate$CA/CA.cert.pem
Server Certificate File$CA/server.cert.pem
Server Key File$CA/server.key.pem
Client Certificate File$CA/client.cert.pem
Client Key File$CA/client.cert.pem
 

To configure the values for TLS, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.

  2. From the Sendmail Server Administration menu, choose Configure Sendmail Server.

  3. On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.

  4. From the Configure Sendmail Server menu, choose Configure Trusted Layer Security (TLS).

    A form is displayed, showing the current performance values.

  5. Click in the Enable TLS for Server Connections checkbox to enable TLS.

  6. Modify the values in the fields as desired. See Table 5-6.

  7. Click in the Disable Client Verification checkbox to disable client verification,

  8. Click Submit.

In addition, all remote systems that the server will connect to using TLS, must enable TLS to complete the transmission loop in a secure manner.

After the fields are completed, TLS support can be enabled. To debug a non-working connection, check the mail log for error messages.

Enabling Support Using the Access Database

Secure connections to servers and clients can be defined by adding lines to the access database (access db text file) and then running makemap to create the updated access_db file.

Here are four examples that offer or do not offer TLS support for certain connections. Each line illustrates the line format used in the access database. The line format for the text file is:

First field  <tab>     second field    <tab>      third field

By default, STARTLS is requested on all outgoing connections and offered on incoming connections when certificates are configured. By placing a line in the access database, STARTLS can be turned off.

Try_TLS: general.mymachine.com	         YES
Try_TLS: mymachine.com	                 NO         
Try_TLS:   42.0		                 NO
Try_TLS:    127.0	                 NO

Here, STARTLS is offered to general.mymachine.com. It is not offered to mymachine.com, any address starting with 42.0 or 127.0

To turn on TLS support for connecting as a client, the access_db line format is as follows:

                                                   VERIFY
  TLS_Srv:           host-name or address          ENCR:bits 
                                                   VERIFY:BITS

The third fields shown here are optional.

To turn on TLS support for connecting as the server the access_db file format line is:

                                                       VERIFY  
 TLS_Clt:             host-name or address             ENCR:bits  
                                                       VERIFY:bits 

The third fields shown here are optional.

Here are some additional client examples:

Access database text line 
TLS_Serv:abc.hp.comStartTLS connection as client to system abc
TLS_Serv:abc.hp.com VERIFY StartTLS connection and certificate verification required
TLS_Serv:abc.hp.com ENCR:64Must encrypt with at least 64 bits
TLS_Serv:abc.hp.com VERIFY:64Certificate verification and encryption strength of at least 64 bits

Here are some additional server examples:

Access database text line 
TLS_Clt:nbc.hp.comStartTLS connection as server to system nbc
TLS_Clt:nbc.hp.com VERIFY StartTLS connection and certificate verification required
StartTLS connection and certificate verification requiredMust encrypt with at least 32 bits
TLS_Clt:nbc.hp.com VERIFY:32Certificate verification and encryption strength of at least 32 bits

Additional access database tags allow the fine tuning of TLS connections:

TEMP+ or PERM+ shorthands are used to mark an entry as temporary or permanent failure/rejection.

Access database text line 
TLS_Clt:cbs.hp.comStartTLS connection as server to system cbs
TLS_Clt:cbs.hp.com PERM+VERIFY StartTLS connection and certificate verification required (failure marked as permanent)
TLS_Clt:cbs.hp.com TEMP+ENCR:64Must encrypt with at least 64 bits (failure marked as temporary )
TLS_Clt:cbs.hp.com TEMP+VERIFY:32Certificate verification and encryption strength of at least 32 bits (failure marked as temporary)

The other modifiers include the CN, CS and CI tags. This tag class is started with a ‘+’ sign and additional tags are separated by ‘++’. CN is shorthand for the Common name of the client or server certification (the fully qualified domain name of the server). CS is shorthand for the Common server certification (the fully qualified domain name of the server). CI is shorthand for the Common client certification (the fully qualified domain name of the client).

CN:name means CN must be ‘name’
CN—CN means CN must the name of the server
CS:name means the Domain name must be ‘name’
CI:name means the CI Domain name must be ‘name
Summary of TLS options available for use in the access data file
First fieldSecond (or more) fieldAdditional fieldsOptional
Try_TLSAddress, or host, or domain informationYES or NO 
TLS_Srv: (TLS Server Side)host-name or address

optional

  • VERIFY |

  • ENCR:bits |

  • VERIFY:bits

  • CN:name

  • CN—CN

  • CS:name

  • CI:name

TLS_Clt: (TLS Client Side) host-name or address

optional

  • VERIFY |

  • ENCR:bits |

  • VERIFY:bits

  • CN:name

  • CN—CN

  • CS:name

  • CI:name

TLS_Rcpt: (TLS Client Side) user@, domain, subdomain

optional

  • VERIFY |

  • ENCR:bits |

  • VERIFY:bits

  • CN:name

  • CN—CN

  • CS:name

  • CI:name

Srv_Features: (Server Features)Blank, address, hostname

S, or A or s v a

Upper case options

  • S- Do not offer STARTTLS

  • V- Do not request STARTTLS client cert

  • A- Do not offer SMTPAUTH

Lower case (s,v or a) means offer/request TLS:

  • s - Offer STARTTLS

  • v - Request STARTTLS client cert

  • a - Offer SMTPAUTH

 
CERTISSUERCert Issuer informationRELAY or SUBJECT 
CERTSUBJECTCert Issuer informationRELAY or SUBJECT 
  • CN: Common name of the client or server certification (the fully qualified domain name of the server)

  • CS: Common server certification (the fully qualified domain name of the server)

  • CI: Common client certification (the fully qualified domain name of the client)

  • CN:name: CN must be ‘name’

  • CN—CN: CN must the name of the server

  • CS:name: Domain name must be ‘name’

  • CI:name: CI Domain name must be ‘name’

Controlling the Sendmail Server

To control the Sendmail server, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Start/Stop the Sendmail Server.

  3. If the server is currently running, you can:

    • Stop the server by clicking on Stop.

    • Restart the server by clicking on Restart.

    If the server is currently stopped, you can start the server by clicking on Start.

Configuring Mailbox Access

The mailbox is a file that resides in the /usr/spool/mail directory and contains new and unread mail messages. Access to the mailbox directory is controlled by two attributes, locking style and mount point.

To configure mailbox access on your system, follow these steps:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose Configure Mailbox Access.

  3. On the Configure Mailbox Access form, select a lock style from the Lock Style pull-down menu:

    • File System R/W Lock (see lockf(3))—This locking mechanism provides the best performance. Select this style if you are not using NFS to export or import the mailbox directory, or if the NFS server for the mailbox directory uses the Tru64 UNIX operating system. If you are not sure, select Create .lock Files.

    • Create .lock Files—Select this style if the system on which the mailbox directory resides does not use the Tru64 UNIX operating system.

    • Both—Select this style if you are NFS exporting the mailbox directory or if you are sure that the NFS server was configured to use both lockf and .lock files.

  4. Select a sharing style from the Mailbox Sharing pull-down menu:

    • Local /usr/spool/mail—The mailbox directory resides on this system and NFS is not used.

    • NFS Export /usr/spool/mail—The mailbox directory on this system should be distributed by NFS to client systems.

    • NFS Import /usr/spool/mail—The mailbox directory is NFS mounted from another system.

  5. If you specified that the mailbox sharing style is NFS Import, you must specify the name of the system that serves this directory in the Mailbox Server field.

  6. Click on Submit to change the server configuration.

    The Administration utility displays a message confirming that the mailbox options have been set.

    If there were any errors in the configuration, the Administration utility displays a list of the errors. Click on the Continue button to return to the Configure Mailbox Access form. Otherwise, use the navigation bar to return to the Configure Mailbox Access form or to the Sendmail Server Administration menu.

Viewing the Sendmail Server Log

The entries in the server log file are generated from data in the /var/adm/syslog.dated directories.

To view the Sendmail server log file:

  1. Under Mail on the Manage Components menu, choose Sendmail Server.

  2. From the Sendmail Server Administration menu, choose View Sendmail Server Log.

Majordomo Mailing List Administration

On your local system, you can use the Administration utility to:

The Administration utility allows you to perform some list management functions (as described in Section : Changing a Majordomo Mailing List Configuration). You must perform other management functions (such as subscribing users) through the Majordomo e-mail interface.

Documentation on Majordomo commands is located in the /usr/internet/docs/majordomo/ directory.

Creating a Majordomo Mailing List

To create a Majordomo list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. On the Majordomo Mailing List Administration menu, enter a unique name in the New Mailing List field, then click on Add. The names of existing list are displayed in Existing Mailing Lists field.

  4. Enter the e-mail address of the person who owns or will maintain the list.

    The list owner is defined as an alias in the mail aliases file.

  5. Type a description of the purpose of the list (the list charter) in the Informational Message field. When someone sends an e-mail message to the list alias with the word “info” in the body of the message, this text is returned in the reply message.

    The charter text is stored in the /data/majordomo/lists/listname.info file, where listname is the name of the list you supplied in step 3.

  6. Click on Submit.

The created list will be listname@hostname, where hostname is the host name of the local system.

The Administration utility confirms on a separate page that the list has been created. A link to the Modify Configuration Parameters form (see Section : Changing a Majordomo Mailing List Configuration) is provided for your convenience.

Changing a Majordomo Mailing List Configuration

Using the Administration utility, you change the following parameters for a Majordomo mailing list:

In the following sections, the Majordomo tag that is associated with each field on these forms is included. For each list, the tag and the value you specify are stored in the Majordomo configuration file for that list. The list configuration files reside in the /data/majordomo/lists/ directory; there is one configuration file per Majordomo list (listname.config). The configuration file for a list is created the first time you change the list configuration.

Changing List Owner or Charter

To change the list owner or charter of a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Mailing List Owner or Information Message.

  5. You can change the e–mail address of the person who will maintain the mailing list, or provide new charter text, or both.

  6. Click on Submit.

Changing Administration Parameters

To change administration parameters for a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Administration Parameters.

  5. When Monitor Administrative Requests (administrivia) is set to yes, Majordomo forwards these requests (for example, subscribe or unsubscribe) to the list maintainer instead of the list members.

  6. You can change the Administration Password (admin_password), which controls access to handling administrative tasks on the list.

  7. Click on Submit.

Changing Subscription Parameters

To change subscription parameters for a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Subscription Parameters.

  5. When Send Welcome Message and List Charter to New Users (welcome) is set to Yes, a welcome message (and optional introductory file) will be sent to the newly subscribed user.

  6. Welcome Mail Sender Address (sender) is the envelope and sender address for the resent mail. The string @resend_host is appended to the value you enter in this field to form a complete address. For Majordomo, it provides the sender address for the welcome mail message generated as part of the subscribe command.

  7. You can set Subscribe Policy (subscribe_policy) to one of the following values:

    • open to subscribe self—Allows people to subscribe themselves to the list.

    • closed to approval required—Requires maintainer approval for all subscribe requests to the list.

    • auto to unrestricted—Allows anybody to subscribe anybody to the list without maintainer approval.

    • open+confirm to subscribe self w/ confirmation—Allows people to subscribe themselves to the list. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be included with another subscribe command.

    • closed+confirm to approval required w/ confirmation—Requires maintainer approval for all subscribe requests to the list. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be included with another subscribe command.

    • auto+confirm to unrestricted w/ confirmation—Allows anybody to subscribe anybody to the list without maintainer approval. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be included with another subscribe command.

  8. You can set Unsubscribe Policy (unsubscribe_policy) to one of the following values:

    • open to unsubscribe self—Allows people to unsubscribe themselves from the list.

    • closed to approval required—Requires maintainer approval for all unsubscribe requests to the list. If the file listname.closed exists, it is the same as specifying the value closed.

    • auto to unrestricted—Allows anybody to unsubscribe anybody to the list without maintainer approval. The existence of the file listname.auto is the same as specifying the value this value.

    • unsubscribe self w/ confirmation—Allows people to unsubscribe themselves from the list. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be sent back in with another unsubscribe command. This value overrides the value supplied by any existing files.

    • approval required w/ confirmation—Requires maintainer approval for all unsubscribe requests to the list. Majordomo sends a reply back to the subscriber that includes an authentication number that must be sent back in with another unsubscribe command. This value overrides the value supplied by any existing files.

  9. Click on Submit.

Changing Message Content Parameters

To change message content parameters for a mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select the mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Message Content Parameters.

  5. The value you specify in the Word Prefixed to All Subject Lines (subject_prefix) field is prefixed to the subject line, if it is not already in the subject. The text is expanded before being used. The following expansion tokens are defined:

    • $LIST—Name of the current list

    • $SENDER—Sender as taken from the from line

    • $VERSION—Version of Majordomo

  6. The Additional Headers Appended to All Posted Messages (message_headers) text will be appended to the headers of all messages posted to the list. The text is expanded before being used. The following expansion tokens are defined:

    • $LIST—Name of the current list

    • $SENDER—Sender as taken from the from line

    • $VERSION—Version of Majordomo

  7. The value specified in the Precedence Header (precedence) field is added as a precedence header in outgoing messages.

  8. The text you enter in the Text Prepended to the Beginning of All Posted Messages (message_fronter) field is prepended to the beginning of all messages posted to the list. The text is expanded before being used. The following expansion tokens are defined:

    • $LIST—Name of the current list

    • $SENDER—Sender as taken from the from line

    • $VERSION—Version of Majordomo

    If used in a digest, only the expansion token _SUBJECTS_ is available, and it expands to the list of message subjects in the digest.

  9. The text you enter in the Text Appended to the End of All Posted Messages (message_footer) is appended to the end of all messages posted to the list. The text is expanded before being used. The following expansion tokens are defined:

    • $LIST—Name of the current list

    • $SENDER—Sender as taken from the from line

    • $VERSION—Version of Majordomo

    If used in a digest, no expansion tokens are provided.

  10. Specify a maximum article length in the Maximum Article Length (maxlength) field. The default maximum article length is 40,000 characters.

  11. Click on Submit.

Changing Digest Parameters

To change digest parameters for a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Digest Parameters.

  5. The value in the Digest Name (digest_name) field serves as the subject line for the digest. The volume and issue are appended to the digest name.

  6. Current Digest Volume Number (digest_volume) is the current volume number.

  7. Current Digest Issue Number (digest_issue) is the issue number of the next issue.

  8. The number you specify in the Create New Digest When Oldest Article (in Days) Reaches (digest_maxdays) field causes a new digest to be automatically generated when the age of the oldest article in the queue exceeds this number of days.

  9. The number you specify in the Create New Digest When Size (in Lines) Reaches (digest_maxlines) field causes a new digest to be automatically generated when the size of the digest exceeds this number of lines.

  10. Click on Submit.

Changing Command Access Parameters

To change command access parameters for a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Command Access Parameters.

  5. You can set any of the fields on this form to one of the following values:

    • open to unrestricted access—Allows anyone access to this command

    • closed to no access—Completely disables the command for everyone

    • list to list member access—Allows only list members access; if restrict_post is defined, only the addresses in those files are allowed access

    The tags associated with the fields on this form are as follows:

    • Access To Which Command—which_access

    • Access To Who Command—who_access

    • Access To Intro Command—intro_access

    • Access To Info Command—info_access

    • Access To Index Command—index_access

    • Access To Get Command—get_access

  6. Click on Submit.

Changing Moderated List Parameters

To change the moderated list parameters for a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Moderated List Parameters.

  5. When Moderated? (moderate) is set to Yes, all postings to the list must be approved by the moderator.

  6. Specify the e-mail address of the moderator in the Moderator (moderator) field to send bounced messages to the moderator instead of the list owner.

  7. Click on Submit.

Changing List Restriction Parameters

To change the list restriction parameters for a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify List Restriction Parameters.

  5. If the header of a posted message contains a string matching any of the regular expressions you enter in the Header Strings Prompting Review (taboo_headers) field, the message will be bounced for review.

  6. If the body of a posted message contains a string matching any of the regular expressions you enter in the Message Text Prompting Review (taboo_body) field, the message will be bounced for review.

  7. If the e-mail address of a requestor matches any of the regular expressions you enter in the List Is Advertised to These Users (advertise) field, the list will be listed in the output of a lists command. Failure to match any regular expression excludes the list from the output. The regular expressions entered in the List Is Not Advertised to These Users (noadvertise) field override those specified in this field.

  8. If the e-mail address of a requestor matches any of the regular expressions you enter in the List Is Not Advertised to These Users (noadvertise), the list is excluded from the output of a lists command. The regular expressions entered in this field override those entered in List Is Advertised to These Users (advertise).

  9. Enter the name of one or more files, separated by either a colon (:) or a space, in the Files Defining Addresses That Can Post to the List (restrict_post) field. Only addresses listed in these files can post to the mailing list. By default, these files are relative to the lists directory. These files are also checked when any of the following tags are set to list:

    • get_access

    • index_access

    • info_access

    • intro_access

    • which_access

    • who_access

    You cannot create these files unless you have access to the machine running resend. This mechanism will be replaced in a future version of Majordomo.

  10. Click on Submit.

Changing Address Processing Parameters

To change the address processing parameters for a Majordomo mailing list, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  3. Select mailing list you want to modify from the Existing Mailing Lists list.

  4. From the Modify Majordomo Mailing List menu, choose Modify Address Processing Parameters.

  5. When Assume Domain is Synonym for Hostname (mungedomain) is set to Yes, addresses of the form user@host.domain.name are considered equivalent to addresses of the form user@domain.name. This allows a user to subscribe to a list using the domain address rather than the address assigned to a particular machine in the domain. This field affects the interpretation of addresses for subscribe, unsubscribe, and all private options.

  6. The value you enter in the Hostname Appended to Address Strings When Resent (resend_host) field is the host name that is appended to all address strings specified for resend.

  7. When Remove Comments from Addresses on the List (strip) is set to Yes, only the raw e-mail address is added to the list file; extraneous text and comments are stripped off. If the file .strip exists, it is the same as setting this field to Yes.

  8. Click on Submit.

Deleting a Majordomo List

To delete a Majordomo list, follow these steps:

  1. Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.

  2. Select one or more list names from the Existing Mailing Lists list.

  3. Click on Delete.

  4. Verify your choices and click on Submit.

The Administration utility confirms the deletion on a separate page.

Mailman

Mailman is used to manage mailing and e-newsletter lists. The Web facility provided for Mailman makes the account/list management easy. Users can use the Web facility to perform activities such as subscribe/unsubscribe, view the members of the list, and post a message. List administrators can use the Web facility for wide range of operations including archiving, membership management, language options, and handling moderator requests.

Administrative activities are carried out by a list administrator or moderator for a mailing list. These activities include lists creation, list membership management and administrative options. For additional information, see the Mailman documentation located at http://usr/internet/docs/mailman directories.

The following sections describe these topics:

Create a Mailing List

The Mailman administration page is used for list creation. To create a list:

  1. To access Mailman from the Internet Express Administration utility, choose Mailman Mailing Lists.

    Alternatively, access the Mailman administration page directly by entering http://hostname:port-number/mailman/admin in your Web browser.

  2. The Mailman Administration welcome menu is displayed.

  3. To create a new list, click on create a new mailing list.

    A confirmation screen is displayed, with options for proceeding to the list administration page or to create another list.

The list owner will receive a mail describing the list created and the list password. The root account will receive mail describing the created list.

The /var/adm/sendmail/aliases file must be updated as described in the received mail.

Creating the Initial Mailman List Using a Script

The newlist script creates the mailman mailing list. This list is the one from which password reminders will appear to originate. Execute the following command and follow the prompts:

# cd /usr/internet/mailman 
# bin/newlist mailman 
Enter the email of the person running the list:  
user@yourhost.adomain.com 
Initial mailman password: 

Deleting a Mailing List

To delete a Mailman mailing list:

  1. Log in as mailman/root.

  2. Use the following command to delete the created Mailman list:

    /usr/internet/mailman/bin/rmlist

  3. Update the file /var/adm/sendmail/aliases as displayed in the command output.

Managing Mailman

The administrative pages for Mailman are accessed using the following URL: http://:yourhostname.adomain.com:8081/mailman

Managing Mailing Lists

When a list is created, the list owner will receive a welcome note informing the URL to visit for administrative activities along with the list password. The URL has the following format:

http://hostname/mailman/admin/listname

The screen will prompt for the list administrator's password. Enter it in the blank and then click the button to access the Mailing List Administration menu (Figure 5-4). If a list password is misplaced, only the system administrator can reset it.

Figure 5-4 Mailman Mailing List Administration Menu

Mailman Mailing List Administration Menu

The Mailing List Administration menu enables the list adminstrator to set a variety of configuration options. To set an option:

  1. Click on the category name.

    The menu is refreshed with the fields relevant to the configuration option chosen.

  2. Fill out the form as desired. The menu provides help links for each option.

  3. To complete the process, click on Submit Your Changes.

Mailman Scripts

The installation of Mailman sets up a group of crontab entries, host definitions, and alias definitions that are used by the package. The site-wide password needs to be set using the mmsitepass script:

# su - mailman 
$ bin/mmsitepass newpass

The Mailman environment can be started and stopped by the following commands.

To start Mailman:

 /usr/internet/mailman/scripts/mailman start

To stop Mailman:

 /usr/internet/mailman/scripts/mailman stop

Mailman is started by default at system boot time.

Mailman Log Files

The log information related to subscription, error, post or sendmail can be accessed in the directory /usr/internet/mailman/log.

Bogofilter Spam Filter

Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of good and bad words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with a fast algorithm, uses the Berkeley DB for fast startup and lookups, is coded directly in C, and is tuned for speed, so it can be used for production by sites that process a lot of mail.

The bogofilter related commands are part of the sendmail setld subset (IAESMTP). If this subset is installed, the various bogofilter user level commands (bogofilter, bogolexer, bogoupgrade, and bogoutil) have been installed. The commands are located in the /usr/local/bin directory.

bogofilter(1) - Fast Bayesian spam filter
bogolexer(1) - Utility program for separating email messages into tokens
bogoupgrade(1) - Upgrades bogofilter database to current version
bogoutil(1) - Dumps, loads, and maintains bogofilter database files

Training Bogofilter

Bogofilter must be trained before it can be used as a spam filter mechanism. Users must start by saving their delivered e-mail into two groups: spam e-mail messages and valid e-mail messages.

The saved group of spam messages is first fed to bogofilter for registration. As each message is read, bogofilter breaks down the message into word tokens, and uses this input to score and then populate its database, marking each item as spam related. The following command is used to register a set of spam messages collected in mbox:

$ bogofilter -s -M mbox # spam messages

Second, the non-spam message group is fed to bogofilter. Again, each message is broken down into word tokens, scored and recorded in the bogofilter database as non-spam. The following command is used to register a set of non-spam messages collected in mbox:

$ bogofilter -n -M mbox # non-spam messages

At the end of each training run, bogofilter saves its updated database in a file called .bogofilter/wordlist.db.

Over the course of time, spam message content will change. Periodic training runs with new spam and valid message sets are necessary to keep bogofilter's internal database current.

Filtering with Bogofilter

Once the bogofilter database has been primed, the command can be used to filter new messages. When a mail text message is filtered using a bogofilter trained database, bogofilter will return a value of 0 for spam, 1 for non-spam, 2 for unsure, and 3 for I/O or other errors. Here is an example:

$ bogofilter new-messages

You can use the bogofilter command line to set many options that determine how bogofilter operates (see bogofilter(1) for more details). The file /usr/internet/etc/bogofilter.cf can be used to set additional parameters that affect its operation. In the file /usr/internet/etc/bogofilter.cf.example are samples of all of the parameters. Status and logging messages can be customized.

Filter Integration with Other Tools

The following sections describe how bogofilter can be integerated with other e-mail tools.

Using Bogofilter with procmail

The following procmail rule will take mail on stdin and save it to file spam if bogofilter thinks it is spam:

:0HB:
* ? bogofilter
spam

This similar rule will also register the tokens in the mail according to the bogofilter classification:

:0HB:
* ? bogofilter -u
spam

If bogofilter fails (returning 3) the message will be treated as non-spam.

The following recipe accomplishes the following:

  • Spam-bins anything that bogofilter rates as spam

  • Registers the words in messages rated as spam as such

  • Registers the words in messages rated as non-spam as such

With this in place, it will normally only be necessary for the user to intervene (with -Ns or -Sn) when bogofilter miscategorizes something.

# filter mail through bogofilter, tagging it as spam and
# updating the wordlist

:0fw
| bogofilter -u -e -p


# if bogofilter failed, return the mail to the queue, the MTA will
# retry to deliver it later
# 75 is the value for EX_TEMPFAIL in /usr/include/sysexits.h

:0e
{ EXITCODE=75 HOST }


# file the mail to spam-bogofilter if it's spam.

:0:
* ^X-Bogosity: Yes, tests=bogofilter
spam-bogofilter

Mutt Integration with Bogofilter

The following .muttrc lines will create mutt macros for dispatching mail to bogofilter.

macro index d "<enter command> unset wait_key\n\
<pipe-entry> bogofilter -n\n\
<enter-command>set wait_key\n\
<delete-message>" "delete message as non-spam"
macro index \ed "<enter-command> unset wait_key\n\
<pipe-entry> bogofilter -s\n\
<enter-command> set wait_key\n\
<delete-message>" "delete message as spam"

Pine Integration with Bogofilter

Using bogofilter with Pine involves the following setup process.

First, enable the UNIX pipe commands in your Pine configuration file. From Pine's main menu:

  1. Enter S (Setup)

  2. Enter C (Config)

  3. Go to the list under Advanced Command Preferences and use the down-arrow key to highlight enable-unix-pipe-cmd.

  4. If necessary, "set" this preference by entering X.

  5. Enter E (Exit Setup)

  6. Enter Y (Save Changes)

Then, edit your ~/.procmailrc file and add the following lines:

:0fw
| bogofilter -u -e -p
:0e
{ EXITCODE=75 HOST }

:0:
* ^X-Bogosity: Yes, tests=bogofilter
mail/incoming.spam

Then, bogofilter still needs to be trained to differentiate spam and non-spam messages.

  1. While executing Pine, open your INBOX (or the folder where you save incoming messages) and for each spam message highlight the message in the message index, press the | key, and enter bogofilter -s.

  2. For each non-spam message: highlight the message in the message index, press the | key and enter bogofilter -n.

Mail Transport Agent (MTA) Integration with Bogofilter

Bogofilter can also be integrated into any MTA to filter all incoming mail. While the specific implementation is MTA dependent, the general steps are as follows:

  1. Install bogofilter on the mail server.

  2. Prime the bogofilter databases with a spam and non-spam corpus. Since bogofilter will be serving a larger community, it is important to prime it with a representative set of messages.

  3. Set up the MTA to invoke bogofilter on each message. While this is an MTA specific step, you'll probably need to use the -p, -u, and -e options.

  4. Set up a mechanism for users to register spam/non-spam messages, as well as to correct misclassifications. The most generic solution is to set up alias email addresses to which users bounce messages.

For sendmail integration, follow the procmail example from Section : Using Bogofilter with procmail.