migrate from sendmail to postfix

seanpeace · 06-05-2009, 04:18 AM

Can anyone help me with migrating ispmanager from sendmail to postfix. Is too complex a process to do? I only have three domains and about 15 mailboxes that I am assuming I will have to rebuild?

Thanks in advance.

slava · 06-05-2009, 07:31 PM

Are you really need that?

You need save /etc/aliases file and /etc/mail/virtusertable and after sendmail installtion restore - put this to /etc/mail/ and rebuild hash .db files (cd /etc/mail ; make)
also you need create /etc/mail/local-host-names with your email domains

seanpeace · 06-09-2009, 06:20 AM

I am having some issues with my hosting provider not being able to diagnose why some email is getting bounced out of sendmail. They all know Exim and Postfix so I want to migrate to one or the other.

Is it easier to do one or the other? Are the instructions the same for both?

Thanks

seanpeace · 06-09-2009, 07:02 AM

Just to cover all my bases. Here is the error I get in the mail log. For some reason sendmail will deliver and email from an address in one minute and then the next it will deny it with this error. I don't know why it will deliver it one time and then not the next.

Jun 8 11:03:15 songvestdev sendmail[24355]: n58F3EdE024355: ruleset=check_rcpt, arg1=<sean@songvest.com>, relay=mercav11.na.sas.com [149.173.6.146], reject=550 5.7.1 <sean@songvest.com>... Relaying denied. Proper authentication required.
Jun 8 11:03:16 songvestdev sendmail[24355]: n58F3EdE024355: from=<Sheri.Rummage@sas.com>, size=4745, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=mercav11.na.sas.com [149.173.6.146]

slava · 06-09-2009, 08:35 AM

Quote:

Relaying denied. Proper authentication required.

You have no enabled in the email client or configured in the Sendmail server authorization.

Sendmail and Postfix authorize from sasl.db and users for SMTP you can see by sasldblistusers2 command.

If you see this - it's ok, check sendmail config, you need lines like this:

Code:

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')

TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Also sendmail must be answer as:

Quote:

ls# telnet server.com 25
Trying 82.146.20.20...
Connected to server.com.
Escape character is '^]'.
220 server.com ESMTP Sendmail 8.14.3/8.14.3; Tue, 9 Jun 2009 05:32:08 GMT
ehlo my.server.com
250-server.com Hello my.ispvds.com [82.146.10.10], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
quit
221 2.0.0 server.com closing connection

CRAM-MD5 LOGIN PLAIN methons you need see.

seanpeace · 06-09-2009, 10:22 PM

I tried the changes but it didn't work.

It scanned the message but then it usually sends it to the virtual user x. In this log it never sends it to the virtual user meaning no delivered message. They all now bounce with the authentication error.
Jun 9 14:17:25 songvestdev sendmail[2188]: AUTH=server, relay=adsl-074-167-251-118.sip.rmo.bellsouth.net [74.167.251.118], authid=sean@songvest.com, mech=LOGIN, bits=0
Jun 9 14:17:25 songvestdev sendmail[2188]: n59IHOrC002188: from=, size=12617, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MSA, relay=adsl-074-167-251-118.sip.rmo.bellsouth.net [74.167.251.118]
Jun 9 14:17:25 songvestdev sendmail[2188]: n59IHOrC002188: to=, delay=00:00:00, mailer=esmtp, pri=42617, stat=queued
Jun 9 14:17:27 songvestdev MailScanner[1903]: New Batch: Scanning 1 messages, 13138 bytes
Jun 9 14:17:27 songvestdev dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:71.65.231.77, lip=::ffff:68.169.44.214
Jun 9 14:17:27 songvestdev dovecot: POP3(brian@songvest.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 9 14:17:27 songvestdev dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:71.65.231.77, lip=::ffff:68.169.44.214
Jun 9 14:17:28 songvestdev dovecot: POP3(brian.casto@group19.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Jun 9 14:17:29 songvestdev MailScanner[1903]: Expanding TNEF archive at /var/spool/MailScanner/incoming/1903/n59IHOrC002188/winmail.dat
Jun 9 14:17:29 songvestdev MailScanner[1903]: Message n59IHOrC002188 added TNEF contents Logo Small1.JPG,msg-1903-11.txt
Jun 9 14:17:29 songvestdev MailScanner[1903]: Message n59IHOrC002188 has had TNEF winmail.dat removed
Jun 9 14:17:29 songvestdev MailScanner[1903]: Virus and Content Scanning: Starting
Jun 9 14:17:34 songvestdev MailScanner[1903]: ----------- SCAN SUMMARY -----------
Jun 9 14:17:34 songvestdev MailScanner[1903]: Known viruses: 571999
Jun 9 14:17:34 songvestdev MailScanner[1903]: Engine version: 0.95.1
Jun 9 14:17:34 songvestdev MailScanner[1903]: Scanned directories: 2
Jun 9 14:17:34 songvestdev MailScanner[1903]: Scanned files: 3
Jun 9 14:17:34 songvestdev MailScanner[1903]: Infected files: 0
Jun 9 14:17:34 songvestdev MailScanner[1903]: Data scanned: 0.00 MB
Jun 9 14:17:34 songvestdev MailScanner[1903]: Data read: 0.00 MB (ratio 0.00:1)
Jun 9 14:17:34 songvestdev MailScanner[1903]: Time: 4.902 sec (0 m 4 s)
Jun 9 14:17:34 songvestdev MailScanner[1903]: Uninfected: Delivered 1 messages
Jun 9 14:17:38 songvestdev dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:99.242.247.41, lip=::ffff:68.169.44.214

seanpeace · 06-09-2009, 10:22 PM

divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #

dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 20.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
dnl # FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl
GENERICS_DOMAIN_FILE( `/etc/mail/generics-domains')dnl
define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl
TRUST_AUTH_MECH( `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confSERVER_CERT', `/etc/mail/ssl/certs/sendmail.crt')dnl
define(`confSERVER_KEY', `/etc/mail/ssl/private/sendmail.key')dnl
define(`confCACERT', `/etc/mail/ssl/certs/sendmail.crt')dnl
define(`confCACERT_PATH', `/etc/mail/ssl/certs/CA')dnl

dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl # dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableSAS LDBFile')dnl

FEATURE(`delay_checks')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl

seanpeace · 06-10-2009, 05:07 AM

250-server.com Hello my.ispvds.com [82.146.10.10], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH LOGIN PLAIN

I do not get either of these.
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

slava · 06-10-2009, 07:17 AM

Quote:

Originally Posted by seanpeace

I do not get either of these.
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN

I seen your IP in logs before and check:

Code:

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP

You have not installed cyrus-sasl-md5 you need install this by

Code:

yum install cyrus-sasl-md5

and after then restart sendmail (cd /etc/make ; make restart)

slava · 06-10-2009, 07:38 AM

Quote:

Jun 9 14:17:29 songvestdev MailScanner[1903]: Expanding TNEF archive at /var/spool/MailScanner/incoming/1903/n59IHOrC002188/winmail.dat
Jun 9 14:17:29 songvestdev MailScanner[1903]: Message n59IHOrC002188 added TNEF contents Logo Small1.JPG,msg-1903-11.txt

I do not see MailScanner in the your sendmail config, it's very strange
Are you have stoped postfix and running sendmail?

For sendmail work on CentOS Linux (you do not write what you system in the first message) you need files like this

Code:

# pwd 
/etc/mail

# cat local-host-names 
example.com

# cat virtusertable
user@example.com        virtuser_501
@example.com    error:nouser No such user here

# cat /etc/aliases
...
...
virtuser_501:   \virtuser_501

For rebuild /etc/aliases.db you need use newaliases command, for rebuild /etc/mail/virtusertable.db and sendmail.cf - cd /etc/mail ; make

In the attachment - sendmail.mc from worked system with CentOS Linux and ISPmanager.

06-05-2009, 04:18 AM	#1
seanpeace Junior Member Join Date: Jun 2009 Posts: 25	migrate from sendmail to postfix Can anyone help me with migrating ispmanager from sendmail to postfix. Is too complex a process to do? I only have three domains and about 15 mailboxes that I am assuming I will have to rebuild? Thanks in advance.

06-09-2009, 06:20 AM	#3
seanpeace Junior Member Join Date: Jun 2009 Posts: 25	Yes, we need to migrate I am having some issues with my hosting provider not being able to diagnose why some email is getting bounced out of sendmail. They all know Exim and Postfix so I want to migrate to one or the other. Is it easier to do one or the other? Are the instructions the same for both? Thanks

06-09-2009, 07:02 AM	#4
seanpeace Junior Member Join Date: Jun 2009 Posts: 25	Before I try to migrate Just to cover all my bases. Here is the error I get in the mail log. For some reason sendmail will deliver and email from an address in one minute and then the next it will deny it with this error. I don't know why it will deliver it one time and then not the next. Jun 8 11:03:15 songvestdev sendmail[24355]: n58F3EdE024355: ruleset=check_rcpt, arg1=<sean@songvest.com>, relay=mercav11.na.sas.com [149.173.6.146], reject=550 5.7.1 <sean@songvest.com>... Relaying denied. Proper authentication required. Jun 8 11:03:16 songvestdev sendmail[24355]: n58F3EdE024355: from=<Sheri.Rummage@sas.com>, size=4745, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=mercav11.na.sas.com [149.173.6.146]

06-09-2009, 10:22 PM	#6
seanpeace Junior Member Join Date: Jun 2009 Posts: 25	Did not work I tried the changes but it didn't work. It scanned the message but then it usually sends it to the virtual user x. In this log it never sends it to the virtual user meaning no delivered message. They all now bounce with the authentication error. Jun 9 14:17:25 songvestdev sendmail[2188]: AUTH=server, relay=adsl-074-167-251-118.sip.rmo.bellsouth.net [74.167.251.118], authid=sean@songvest.com, mech=LOGIN, bits=0 Jun 9 14:17:25 songvestdev sendmail[2188]: n59IHOrC002188: from=, size=12617, class=0, nrcpts=1, msgid=, proto=ESMTP, daemon=MSA, relay=adsl-074-167-251-118.sip.rmo.bellsouth.net [74.167.251.118] Jun 9 14:17:25 songvestdev sendmail[2188]: n59IHOrC002188: to=, delay=00:00:00, mailer=esmtp, pri=42617, stat=queued Jun 9 14:17:27 songvestdev MailScanner[1903]: New Batch: Scanning 1 messages, 13138 bytes Jun 9 14:17:27 songvestdev dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:71.65.231.77, lip=::ffff:68.169.44.214 Jun 9 14:17:27 songvestdev dovecot: POP3(brian@songvest.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 9 14:17:27 songvestdev dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:71.65.231.77, lip=::ffff:68.169.44.214 Jun 9 14:17:28 songvestdev dovecot: POP3(brian.casto@group19.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Jun 9 14:17:29 songvestdev MailScanner[1903]: Expanding TNEF archive at /var/spool/MailScanner/incoming/1903/n59IHOrC002188/winmail.dat Jun 9 14:17:29 songvestdev MailScanner[1903]: Message n59IHOrC002188 added TNEF contents Logo Small1.JPG,msg-1903-11.txt Jun 9 14:17:29 songvestdev MailScanner[1903]: Message n59IHOrC002188 has had TNEF winmail.dat removed Jun 9 14:17:29 songvestdev MailScanner[1903]: Virus and Content Scanning: Starting Jun 9 14:17:34 songvestdev MailScanner[1903]: ----------- SCAN SUMMARY ----------- Jun 9 14:17:34 songvestdev MailScanner[1903]: Known viruses: 571999 Jun 9 14:17:34 songvestdev MailScanner[1903]: Engine version: 0.95.1 Jun 9 14:17:34 songvestdev MailScanner[1903]: Scanned directories: 2 Jun 9 14:17:34 songvestdev MailScanner[1903]: Scanned files: 3 Jun 9 14:17:34 songvestdev MailScanner[1903]: Infected files: 0 Jun 9 14:17:34 songvestdev MailScanner[1903]: Data scanned: 0.00 MB Jun 9 14:17:34 songvestdev MailScanner[1903]: Data read: 0.00 MB (ratio 0.00:1) Jun 9 14:17:34 songvestdev MailScanner[1903]: Time: 4.902 sec (0 m 4 s) Jun 9 14:17:34 songvestdev MailScanner[1903]: Uninfected: Delivered 1 messages Jun 9 14:17:38 songvestdev dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:99.242.247.41, lip=::ffff:68.169.44.214

06-09-2009, 10:22 PM	#7
seanpeace Junior Member Join Date: Jun 2009 Posts: 25	Here is my config file divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl dnl # dnl # Do not advertize sendmail version. dnl # dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST', `smtp.your.provider')dnl dnl # define(`confDEF_USER_ID', ``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl define(`confAUTH_OPTIONS', `A')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # dnl define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # Please remember that saslauthd needs to be running for AUTH. dnl # dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # cd /usr/share/ssl/certs; make sendmail.pem dnl # Complete usage: dnl # make -C /usr/share/ssl/certs usage dnl # dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap dnl # dnl # dnl define(`confTO_QUEUEWARN', `4h')dnl dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The following limits the number of processes sendmail can fork to accept dnl # incoming messages or process its message queues to 20.) sendmail refuses dnl # to accept connections once it has reached its quota of child processes. dnl # dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl dnl # dnl # Limits the number of new connections per second. This caps the overhead dnl # incurred due to forking new sendmail processes. May be useful against dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address dnl # limit would be useful but is not available as an option at this writing.) dnl # dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment dnl # the following 2 definitions and activate below in the MAILER section the dnl # cyrusv2 mailer. dnl # dnl define(`confLOCAL_MAILER', `cyrusv2')dnl dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl dnl # dnl # The following causes sendmail to additionally listen to port 587 for dnl # mail from MUAs that authenticate. Roaming users who can't reach their dnl # preferred sendmail daemon due to port 25 being blocked or redirected find dnl # this useful. dnl # DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl dnl # dnl # The following causes sendmail to additionally listen to port 465, but dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. dnl # dnl # For this to work your OpenSSL certificates must be configured. dnl # dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl dnl # dnl # The following causes sendmail to additionally listen on the IPv6 loopback dnl # device. Remove the loopback address restriction listen to the network. dnl # dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl dnl # dnl # enable both ipv6 and ipv4 in sendmail: dnl # dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') dnl # dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # dnl # Also accept email sent to "localhost.localdomain" as local email. dnl # LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS(`mydomain.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @.mydomainalias.com as well dnl # dnl FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl GENERICS_DOMAIN_FILE( `/etc/mail/generics-domains')dnl define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl TRUST_AUTH_MECH( `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confSERVER_CERT', `/etc/mail/ssl/certs/sendmail.crt')dnl define(`confSERVER_KEY', `/etc/mail/ssl/private/sendmail.key')dnl define(`confCACERT', `/etc/mail/ssl/certs/sendmail.crt')dnl define(`confCACERT_PATH', `/etc/mail/ssl/certs/CA')dnl dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableSAS LDBFile')dnl FEATURE(`delay_checks')dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl Last edited by seanpeace; 06-10-2009 at 05:08 AM.*