How to Fix a Cranky Sun Mail System
Paul Pomes - <ppomes@Qualcomm.com>
Here's a file I put together for local use that appears close to your
situation. Comments welcome.
Paul Pomes
====
How to Fix a Cranky Sun Mail System.
1) Kill the existing sendmail daemon process.
ps waux | grep sendmail
kill <pid> where <pid> is the process id of the daemon.
[Step 2 is only required prior to SunOS 5.5 (aka Solaris 2.5)]
2) Replace the default sendmail executable with the Sun-supplied version
that understands use of the DNS. Zap any frozen config file present.
cd /usr/lib
cp sendmail sendmail.nomx
chmod 755 sendmail.nomx
cp sendmail.mx sendmail
chmod 4511 sendmail
rm -f /usr/lib/sendmail.fc /etc/sendmail.fc /etc/mail/sendmail.fc
3) Establish a /etc/resolv.conf file to direct DNS queries to a server.
The values of "domain" and the "nameserver" lines depends critically
on where you are. At the University of Illinois the value of domain
is typically your department or office name combined with "uiuc.edu".
Long names, e.g., Personnel Services Office, are typically abbreviated
(pso.uiuc.edu). Examples: math.uiuc.edu, life.uiuc.edu, ncsa.uiuc.edu.
Some institutions have a one domain fits all name. An example of
this is the US Army Corps of Engineers, Construction Engineering
Research Lab locally known as US Army CERL. Army policy specifies
that domain names must use their official acronym with the "army.mil"
domain. So CERL's domain name is "cecer.army.mil". Adding a fourth
domain to distinguish internal departments and divisions would have
made the names overly long. Thus all CERL hosts are named
foo.cecer.army.mil.
Selecting nameservers must be done in consultation with your local
network expert. At the University of Illinois (and ONLY here please)
the following values can be used. Let's repeat that - only University
of Illinois hosts should be using our nameservers.
domain foo.uiuc.edu (replace foo with your official domain)
nameserver 128.174.5.59
nameserver 128.174.5.50
nameserver 128.174.5.58
At US Army CERL, use the following:
domain cecer.army.mil
nameserver 129.229.20.254
nameserver 129.229.1.5
N.B., Sun's resolver code is based on BIND v4.8.1 and suffers from several
problems. Chief among those is zero fault tolerance. If the first listed
nameserver is unreachable or dead, the resolver won't try any of the
subsequently listed servers. Re-compiling both sendmail and libresolv.a
from modern sources is the only fix for this.
[SunOS 5.x: make sure you have dns in the hosts line in /etc/nsswitch.conf]
4) Copy the "main" sendmail.cf base file to sendmail.cf.
Under Sun-OS 4.X use
cp /usr/lib/sendmail.main.cf /etc/sendmail.cf
Under Sun-OS 5.X use
cd /etc/mail
cp main.cf sendmail.cf
Now that the base work has been done you have a choice: death or chi-chi.
No, that's another sick joke. Let's stick to Suns and retain what shreds
of dignity we can. Onward.
The next set of steps involve changes to the sendmail.cf file. Invoke the
editor of your choice on /etc/sendmail.cf or /etc/mail/sendmail.cf.
5) Change the value of the $j greeting macro. Macros are defined with
lines beginning with 'D'. Thus the $j macro is defined on a line
beginning with 'Dj'. Change sendmail.cf (nee main.cf) to look like
# my official hostname
# You have two choices here. If you want the gateway machine to identify
# itself as the DOMAIN, use this line:
#Dj$m
# If you want the gateway machine to appear to be INSIDE the domain, use:
#Dj$w.$m
# Unless you are using sendmail.mx (or have a fully-qualified hostname), use:
Dj$w
(Comment out the Dj$m entry and enable the Dj$w entry.)
6) Select the proper mailer for forwarding to a smarter relay. In the
case of a site connected to the Internet, this is the "ddn" mailer.
Change to:
# major relay mailer - typical choice is "ddn" if you are on the
# Defense Data Network (e.g. Arpanet or Milnet)
#DMsmartuucp
DMddn
7) Select the smarter relay to handle messages to unknown destinations.
This MUST be selected on a per-site basis.
At the University of Illinois *ONLY*
# major relay host: use the $M mailer to send mail to other domains
DRux1.cso.uiuc.edu
CRux1.cso.uiuc.edu
At the US Army CERL *ONLY*
# major relay host: use the $M mailer to send mail to other domains
DRmax.cecer.army.mil
CRmax.cecer.army.mil
8) Configure your domain names. Replace the foo.bar.uiuc.edu names below
with your host's FQDN.
#################################################
#
# General configuration information
...
# Example: (bogus examples, ignore)
# DmCS.Podunk.EDU
# Cm cs cs.Podunk.EDU
Dwfoo.bar.uiuc.edu
Dmfoo.bar.uiuc.edu
9) Change the ddn mailer rules in ruleset 0 according to the comments there.
Ruleset 0 is labelled by a line containing only "S0". About 40 lines
further down are the following rulesets.
# Pass other valid names up the ladder to our forwarder
#R$*<@$*.$=T>$* $#$M $@$R $:$1<@$2.$3>$4 user@domain.known
# Replace following with above to only forward "known" top-level domains
#R$*<@$*.$+>$* $#$M $@$R $:$1<@$2.$3>$4 user@any.domain
# if you are on the DDN, then comment-out both of the the lines above
# and use the following instead:
R$*<@$*.$+>$* $#ddn $@ $2.$3 $:$1<@$2.$3>$4 user@any.domain
Follow the comments and comment out the second rule that forwards
only "known" domains and enable the following rule that uses the "ddn"
mailer.
[SunOS 5.x: make sure you have OI set]
Write the sendmail.cf file back out and leave the editor. Now test the
changes by using sendmail in test mode.
10) Test address recognition. Invoke sendmail in address test mode:
/usr/lib/sendmail -bt
Run the following address forms through one at a time. The leading 0
is the starting ruleset. Each address should resolve to "user" using
the "local" mailer. Replace "foo" and "bar.uiuc.edu" with the name
of your host and domain.
0 user
0 user@foo
0 user@foo.bar.uiuc.edu
11) Verify out-going addresses are correct. Use the -v option to Berkeley
mail to check that the return addresses are correct. If -v doesn't
work with your mailer, use sendmail direct.
Mail -v nobody@ucbvax.berkeley.edu < /dev/null
or
/usr/lib/sendmail -v nobody@ucbvax.berkeley.edu < /dev/null
[ucbvax.berkeley.edu does no longer exist, try something else,
e.g., nobody@informatik.uni-kiel.de]
12) Fire up sendmail in daemon mode.
/usr/lib/sendmail -bd -q1h
13) Test in-bound mail. From another host, verify that mail sent to a
user that has no forwarding set up, either via /etc/aliases or
.forward file, actually arrives. Telnet to the SMTP port and verify
that the greeting message uses the fully qualified domain name.
telnet foo.bar.uiuc.edu 25
quit
[Hints],
[Misc]
about e-mail and sendmail.
Claus Aßmann
Please send comments to:
<ca@informatik.uni-kiel.de>