Sendmail - Seneca CollegeWhy is sendmail so complex? One single binary for many different systems...
-
Upload
vuonghuong -
Category
Documents
-
view
228 -
download
4
Transcript of Sendmail - Seneca CollegeWhy is sendmail so complex? One single binary for many different systems...
MTA and Post Office
MTA is similar to a Post Office in many ways, but superior in the following:
● Delivery typically takes seconds rather than days.● Address changes (forwarding) take effect immediately, and
mail can be forwarded anywhere in the world.● Host addresses are looked up dynamically. Therefore,
machines can be moved or renamed, and email delivery will still succeed.
● Mail can be delivered through programs that access other networks. This would be like the post office using United Parcel Service to deliver an overnight letter.
What is a MTA?
● A mail transfer agent (MTA) is a highly specialized program that delivers mail and transports it between machines, like the post office.
● Usually, there is only one MTA on a machine. ● Popular MTA used on UNIX/Linux system:
– sendmail– postfix– qmail
Why is sendmail so complex?
● One single binary for many different systems● Support different email address formats● Support different Transport Protocols:
– smtp– uucp– etc.
● Support different local mailers
The three important parts
● The configuration file - defines the location and behavior of the other parts and contains rules for rewriting addresses.
● A queue directory - holds mail until it can be delivered.
● An aliases file - allows alternative names for users and creation of mailing lists.
sendmail.cf
● contains all the information sendmail needs to do its job:– file locations, – permissions, – modes of operation, and– Rewriting rules and rule sets
The Sendmail Queue
The sendmail queue is a directory that holds mail until it can be delivered. A mail message may be queued:
● When the destination machine is unreachable or down.
● When a mail message has many recipients. Those that fail are queued for later delivery.
● When a mail message is expensive. ● When safety is of concern. The sendmail program
can be configured to queue all mail messages to minimize the risk of loss should the machine crash.
Aliases and Mailing List
● Aliases allow mail that is sent to one address to be redirected to another address.
● They also allow mail to be appended to files or piped through programs, and they form the basis of mailing lists.
● The heart of aliasing is the aliases(5) file (often stored in database format for faster lookups).
● Aliasing is also available to the individual user via a file called .forward in the user's home directory.
Testing Sendmail
Use the following command:sendmail -d0.1 -bt < /dev/null
Version 8.8.4Compiled with: LOG MATCHGECOS NETINET NETUNIX NEWDB USERDB XDEBUGSYSTEM IDENTITY (after readcf): (short domain name) $w = here.us.edu (canonical domain name) $j = $w (subdomain name) $m = us.edu (node name) $k = here
More Tests
Output of the following command:/usr/sbin/sendmail d0.1 bp < /dev/null
Version 8.14.1 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG
MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = localhost (canonical domain name) $j = localhost.localdomain (subdomain name) $m = localdomain (node name) $k = localhost.localdomain========================================================
Sendmail operating mode switch (-b)
Sendmail can be operated in different modes with the -b switch:
● -bp: print the outgoing mail queue● -bi: rebuild alias database● -bv: verify only, don't collect or deliver● -bt: test mode: resolve addresses only
Sendmail -bp
● Display the contents of its queue directory● Same as the command mailq● If the queue is empty, it prints the following:
/var/spool/mqueue is empty Total requests: 0
● If there is mail waiting in the queue, it prints: /var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ----------Sender/Recipient--lAQ0UQKT005449* 5 Sun Nov 25 19:30 <[email protected]>
<[email protected]> Total requests: 1
● The first line shows detail about the message● A second line may appear giving a reason for
failure if there was one● The subsequent line shows the recipient address
sendmail -bi
● Rebuild the aliases database from the aliases file.
● Same as the command newaliases● There will be a delay while sendmail rebuilds
the aliases database before printing a summary similar to the following:
/etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
● Any mistakes in an alias file will also be printed
sendmail -bv
● A handly command-line switch for checking aliases
● This switch causes sendmail to recursively look up an alias and report the ultimate real name that it found.
● It also verifies whether or not the expanded aliases are in fact deliverable
sendmail -v
● The -v command-line switch tells sendmail to run in verbose mode
● It prints a detail description of all the steps it takes in delivering a mail message
● The -v switch is most useful when sending mail to remote machines. It shows the SMTP conversations as they occur and can help in tracking down why a mail message fails to reach its destination.
sendmail -d
● The -d command-line switch produce debugging output
● Can be modified to display specific debugging information by adding a numeric argument:– Output information about the queue
sendmail -d40 username < /dev/null– Output general debugging information
sendmail -d0.1 -bp– Output more debugging information
sendmail -d0.11 -bp
sendmail.cf
● Is read and parsed by sendmail every time it starts
● Contains information that is necessary for sendmail to run
● Lists the locations of important files and specifies the default permissions for those files
● Contains options that modify sendmail's behavior
● Contains rules and rule sets for rewriting addresses
The sendmail.cf file's configuration commands
● V – Define configuration file version
● M – Define a mail delivery agent
● D – Define a macro
● R – Define a rewriting rule
● S – Declare the start of a rule-set
● C – Define a class macro
● F – Define a class macro from a file or pipe
The sendmail.cf file's configuration commands (2)
● O – Define an option
● H – Define a header
● P – Define delivery priorities
● T – Declare trusted users
● K – Declare a keyed database
The version command V
● Was introduced beginning with V8.1● To prevent older versions of sendmail from
breaking when reading new style sendmail.cf files
● Has the form “Vlevel/vendor” like “V10/Berkeley”
● In the V command, level is a positive integer, and /vendor is a string
Mail Delivery Agent command M
● The M command defines a mail delivery agent, which is a program that delivers the mail.
● Examples:Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9,
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
Msmtp, P=[IPC], F=mDFMux, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990
P - delivery Program, F - flags, S - sender rules R � recipient rules L � max line length E � End of line string
Macros Command D
● The D command defines a macro● A macro's name is either a single letter or
curly-brace-enclosed multiple characters● Each macro has text as a value● Examples:
DRmercury.seneca.on.caD{REMOTE}mercury.senecac.on.ca
● The values stored in R and REMOTE can be accessed elsewhere in the sendmail.cf file using $R and ${REMOTE}
Rule command R
● Rules are used to rewrite or transform mail addresses from one form to another
● The R command is used to define a rewriting rule:R$- $@ $1 @ $R user -> user @ remote
● Mail addresses are compared to the rule on the left ($-)
● If the address matches that rule, it is rewritten on the basis of the rule on the right ($@ $1 $@ $R)
● The text at the far right is a comment
Rule Set command S
● The s command starts a rule set:S3 <- rule set 3Sfinal <- rule set final (symbolic name >=V8.7)
● The S command organizes rules into sets● All the R commands (rules) that follow an S
command belong to that rule set● A rule set ends when another S command
appears to define another rule set
Class Macro command C
● The C command defines a class macro which can have multiple values
● The name of a class is either a single letter or a curly-brace-enclosed multicharacter name:CW localhost webhostC{MY_NAMES} localhost webhost (>=V8.7)
● The values stored in W and {MY_NAMES} can be accessed elsewhere in the sendmail.cf file using $=W and $={MY_NAMES}
File Class Macro command F
● The F command defines a file class macro which takes values from the file specified:FW/etc/mynamesF{MY_NAMES}/etc/mynames
● W and {MY_NAMES} obtain their values from the file /etc/mynames
● File class macro can also take its list of values from the output of a program:FM|/bin/hostnameF{MY_NAMES}|/bin/hostname
Option command O
● The O command sets sendmail options● Options
– Specify the location of key files– Set timeouts– Define how sendmail should act– Define how sendmail should handle errors
● Examples:O QueueDirectory= /var/spool/mqueue
● The above QueueDirectory option defines the name of the directory in which outgoing mail will be queued as /var/spool/mqueue.
More options
Sets the SMTP protocol optionsO PrivacyOptions=authwarnings,novrfy,noexpn, restrictqrun– novrfy – disables the VRFY command– noexpn – disables the EXPN command– authwarnings – tells sendmail to insert X-
Authenticatio-Warning: headers in message– restrictqrun – only the root user and the owner of
the queue directory are allowed to run the queuemore options: public, noreceipts, goaway, needmailhelo, needexpnhelo, needvrfyhelo, restrictmailq
More SMTP Options
DaemonPortOptions=optionsO DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA– Name = MTA or MSA– Port = number or name found in /etc/services,
the default is port 25 for MTA and port 587 for MSA
– Addr=mask (default to all)– Family=addressfamily (default to INET)– Listen=n, no of queued connection (default 10)– SndBufSize=n (send buffer size)– RcvBufSize=n (receive buffer size)
Header command H
● The H command is used to specify which mail headers to include in a mail message and its format.
● Examples:H?P?Return-Path: <$g>HReceived: $?sfrom $s $.$?_($?s$|from $.$_)H?D?Resent-Date: $aH?D?Date: $aH?F?Resent-From: $?x$x <$g>$|$g$.H?F?From: $?x$x <$g>$|$g$.H?x?Full-Name: $xH?M?Resent-Message-Id: <$t.$i@$j>H?M?Message-Id: <$t.$i@$j>
Priority command P
● The P command sets the beginning priority for a mail message.
● The priority is used to determine a message's order when the mail queue is processed.
● Examples:Pfirst-class=0Pspecial-delivery=100Plist=-30Pbulk=-60Pjunk=-100
Trusted user command T
● The T command lists those users that are trusted to override the From: address in a mail message.
● To allow software that runs as a different user ID to send message with a different user ID in the From: line in the message header.
● Examples:TrootTdaemonTuucp(root, daemon, and uucp are trusted users)
Keyed database command K
● The K command is used to define external databases that can be accessed by sendmail
● The K command declares a database with a symbolic name with a given type and its location
● Examples:Karith arithKmacro macroKmailertable hash -o /etc/mail/mailertable.dbKvirtuser hash -o /etc/mail/virtusertable.dbKaccess hash -T<TMPF> -o /etc/mail/access.db
● The symbolic name could be used in the RHS of rules.
Predefined Macro
● v – version of the currently running sendmail● w – The short hostname● j – The canonical hostname ● m – the domain name● b – date in RFC1123 format● - - Identification informationTo output all defined macros:● sendmail -d35.9 -bt < /dev/null
Address Rewrite Rules
● R and S commands● LHS and RHS of rewriting rules● Useful Macros Definition
– $j : the fully qualified domain name of this host– $w : the hostname component of the FQDN– $m : the domain name component of the FQDN
LHS of Rules
● $@ : match exactily zero tokens● $* : match zero or more tokens● $+ : match one or more tokens● $- : match exactly one token● $=x: match any phrase in class x● $~: match any word not in class x** A token is a string of characters delimited by spaces.
RHS of Rules
● $n – the n’th token from the lefthand side● $[name$] – resolve hostname to canonical
name● …
Separation Characters
● Can be changed:. : @ [ ]
● Cannot be changed:( ) < > , ; \ “ \r \n
These separation characters are used to break an address into tokens.
Simple Rule Pattern
$* < $+ > This rule matches zero or more tokens,
followed by the < character, followed by one or more tokens, followed by the > character.
[email protected] does not match<[email protected]> match
Address Test Mode
● /usr/sbin/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)Enter <ruleset> <address>
● Allow you to test the result of a specific rule set
● Allow you to display the rules in a given rule set
● More on Sendmail Lab part 2