Chapter 5 Mail Delivery Administration
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
Table of Contents
Using the Internet Express Administration utility, you can manage the following delivery components:
Sendmail Mail Transport Agent for sending, distributing, and delivering mail (Section : Sendmail Server Administration).
Majordomo mailing list administrator to create and maintain mailing lists (Section : Majordomo Mailing List Administration).
Mailman mailing list management system (Section : Mailman)
Bogofilter to filter spam (Section : Bogofilter Spam Filter)
There are two administrative interfaces and related macro definitions for the SMTP package, Sendmail.
The older administration interface iuses the classic macros. This interface includes new support for including anti-virus actions. You can access this interface by selecting Sendmail Server from the Administration utility Main menu.
The newer Sendmail administration utility includes a support based on usage of the open source features from sendmail.org, mailers and macros. The new macro base enforces more control over potential spamming and includes more restrictions over relaying. The newer Sendmail administration includes Clam AV anti-virus mail filter, general mail filters, queue support, performance support, and more complete support for Secure Transport Level Security (TLS). You can access this interface by selecting Sendmail Server/ Using Open Source Configuration Rules from the Administration utility Main menu.
Note: During the configuration of the sendmail.cf file, the Sendmail administration checks the network options and if it finds an Internet Protocol version 6 network, it will auto-configure itself for both Internet Protocol versions 6 and 4 networks.
You can set up or modify the Sendmail server configuration as follows:
Standalone—Does not send or receive mail from any other system. A standalone system can send and receive mail from other users on the same system only. See Section : Configuring the System as a Standalone Mail System for instructions.
Client—A system that depends on a mail server for all mail processing. A client system must be connected to the same network as its mail server. See Section : Configuring the System as a Mail Client for instructions.
Server—Central host that performs all mail processing, such as forwarding, routing, addressing, aliasing, and mail delivery. See Section : Configuring the System as a Mail Server for instructions.
You can also configure the following additional server features using the Administration utility:
Mail Protocols (see Section : Configuring Mail Protocols)
Masquerading (see Section : Configuring Masquerading)
Virtual domains (see Section : Configuring Virtual Domains)
Procmail (see Section : Enabling Procmail as a Local Mailer)
Clam Anti-virus (see Section : Enabling Anti-Virus)
Anti-spam (see Section : Configuring Anti-Spam)
LDAP (see Section : Configuring LDAP)
Configure MILTER (Sendmail Server/ Using Open Source Configuration Rules only) (see Section : Configuring Mail Filters (MILTER))
Configure Queues (Sendmail Server/ Using Open Source Configuration Rules only ) (see Section : Configuring Queues)
Configure Queue Performance (Sendmail Server/ Using Open Source Configuration Rules only) (see Section : Configuring Queue Performance)
Configure Trusted Layer Security (TLS) (Sendmail Server/ Using Open Source Configuration Rules only) (see Section : Configuring Trusted Layer Security)
For instructions on specifying mailbox access for the Sendmail server, see Section : Configuring Mailbox Access. For information on viewing the mail log, see Section : Viewing the Sendmail Server Log.
In a TruCluster Server environment, the sendmail daemon runs on all cluster members concurrently. Connections are distributed among the cluster members based on how the cluster alias has been configured. See cluamgr(8).
For information on tuning your system to improve the performance of your mail server, visit the following Tru64 UNIX site:
|
http://h30097.www3.hp.com/technical.html |
|
Refer to Section : Overview of User Accounts for details on creating accounts. For instructions on changing mail delivery types, refer to Section .
To configure a standalone mail system, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
From the Configure Sendmail Server form, choose Standalone and click on Configure.
When the configuration has been successful, the Configure as Standalone page displays a message indicating the Sendmail server has been restarted.
Use the navigation bar to return to the Configure Sendmail Server menu or to the Sendmail Server Administration menu.
To configure your system as mail client, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
From the Configure Sendmail Server menu, choose Client and click on Configure.
On the Configure as Client form, specify the name of the mail server system that will relay all mail and click on Submit.
The system that will act as mail server to this client must be on the same network as the client.
When the configuration has been successful, the Configure Client page displays a message indicating the Sendmail server has been restarted.
Use the navigation bar to return to the Configure Sendmail Server menu or to the Sendmail Server Administration menu.
To configure your system as a mail server, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
From the Configure Sendmail Server menu, choose Server and click on Configure.
On the Configure Server form, you must first configure the Internet Mail Protocol (SMTP). The first time you configure your system as a mail server, the Available Protocols menu offers only the Internet Mail Protocol. Additional protocols are offered after you complete the Internet Mail Protocol configuration.
To configure the Internet Mail Protocol, click on Configure. The Configure Sendmail Protocol form is displayed. Follow these steps:
Click on Host Alias... to specify one or more mail aliases for this server (see Section ).
Select one of the following routing methods:
None—Send mail directly to the addressee.
Internet—Forward mail addressed to systems outside your corporation to the relay system specified in Relay Hostname.
Nonlocal—Forward mail addressed to systems outside your local site to the relay system specified in Relay Hostname.
Local—Forward all mail addressed to any system other than this server to the relay specified in Relay Hostname.
If you select None, continue with step 5. Otherwise, continue with step 4c.
Enter the name of the system that will process mail using the Internet (SMTP) protocol in the Relay Hostname field.
Select a Relay Protocol from among the protocols installed on your system. SMTP is the default.
Click on Submit.
The Administration utility displays a message indicating that the changes have been accepted. Click on Continue to return to the Configure Server form.
A top domain is needed if your organization uses any other protocols besides TCP/IP to deliver mail (for example, DECnet or UUCP). The top domain is used to:
Encapsulate mail addresses for non-IP protocols before sending mail out over the Internet
Determine whether to omit the host name when rewriting the address on the From: line
You can accept the default top domain, or enter another domain in the Top Domain field. (The top domain is usually your company name and Internet domain, for example, hp.com or isc.org.) You can enter from 1 to 21 alphanumeric characters (including special characters). The address cannot start or end with a hyphen (-).
Click on Submit.
The Administration utility displays a message stating that the configuration was successful, and that the Sendmail server has been restarted.
You can return to the Configure Sendmail Server menu to configure additional mail protocols or advanced features, such as masquerading, enabling virtual domains or Procmail, anti-spam, or LDAP (Section : Changing the Sendmail Server Configuration). Use the navigation bar at the top of the screen to return to the Configure Sendmail Server menu.
A host alias is a nickname for your system. If you changed this system's host name (or plan to in the near future), a host alias allows Sendmail to recognize both names—the current host name and the host alias—as synonyms for this system. You can also use host aliases to allow Sendmail to recognize all the system's network interface names as synonyms for this system.
If you configured your system to be a mail server, you can use the Administration utility to create one or more host aliases for any protocol you configure for the server. (You can also create one or more host aliases for your system when you initially configure it as a mail server; see Section : Configuring the System as a Mail Server.)
To set up a host alias for the mail server, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, ensure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Mail Protocols.
On the Configure Server form, do one of the following:
Select a new protocol from Available Protocols, and then click on Configure.
Select a previously configured protocol from Configured Protocols, and then click on Modify.
The Configure Sendmail Protocol form is displayed.
Click on Host Alias.... The Host Alias form is displayed.
To add a new host alias, type the name of the alias in the Alias field and then click on Add. The new alias name is displayed in the Current Alias list box.
To delete an existing host alias, click on the alias name in the Current Alias list box and click on Delete.
When you are finished adding or deleting host aliases for this protocol, click on Submit to return to the Configure Sendmail Protocol form.
Click on Submit. A message is displayed confirming that the changes have been accepted.
Click on OK to return to the Configure Server form.
On the Configure Server form, you can select another protocol to configure. If you are finished configuring protocols, click on Submit.
A message is displayed indicating that the configuration was successfully changed. Click on OK to return to the Configure Sendmail Server menu, and then click on Done.
After you configure your system as a mail server, you can change the configuration, configure additional mail protocols, or configure advanced mail server features as follows:
Under Mail on the Manage Components menu, choose either Sendmail Server or Sendmail Server/ Using Open Source Configuration Rules, depending on which Sendmail administration interface you are using.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, ensure that Server is selected, and click on Configure.
Select one of the following:
Configure Mail Protocols (see Section : Configuring Mail Protocols)
Configure Masquerading (see Section : Configuring Masquerading)
Configure Virtual Domains (see Section : Configuring Virtual Domains)
Enable/Disable Procmail (see Section : Enabling Procmail as a Local Mailer)
Clam Anti-virus (see Section : Enabling Anti-Virus)
Configure Anti-Spam (see Section : Configuring Anti-Spam)
Configure LDAP (see Section : Configuring LDAP)
Configure MILTER (Sendmail Server/ Using Open Source Configuration Rules only) (see Section : Configuring Mail Filters (MILTER))
Configure Queues (Sendmail Server/ Using Open Source Configuration Rules only ) (see Section : Configuring Queues)
Configure Queue Performance (Sendmail Server/ Using Open Source Configuration Rules only) (see Section : Configuring Queue Performance)
Configure Trusted Layer Security (TLS) (Sendmail Server/ Using Open Source Configuration Rules only) (see Section : Configuring Trusted Layer Security)
When you initially configure your system as a mail server, you are required to configure the SMTP protocol (see Section : Configuring the System as a Mail Server). After configuring the SMTP protocol (and completing the rest of the mail server configuration), you can reconfigure the SMTP protocol, or add the following additional protocols to the mail server configuration:
Message Transport System (see Section : Configuring the MTS Protocol)
DECnet Phase IV (see Section : Configuring the DECnet Phase IV Protocol)
DECnet/OSI (Phase V) (see Section : Configuring the DECnet/OSI Protocol)
UNIX-to-UNIX Copy Program (UUCP) (see Section : Configuring the UUCP Protocol)
X.25 (PSInet) (see Section : Configuring the X.25 Protocol)
To configure a mail protocol, do one of the following on the Configure Sendmail Server form:
Select the protocol you want from the Available Protocols menu and click on Configure.
Select the protocol you want from the Configured Protocols menu and click on Modify.
The configuration form appropriate for the protocol you selected is displayed.
A pseudo domain alias is used by Sendmail to determine the protocol that a mail message requires. The message is properly encapsulated by Sendmail before being sent out over the Internet.
If you configured your system to be a mail server, you can use the Administration utility to create one or more pseudo domain aliases for the MTS, DECnet/OSI, UUCP, and X.25 protocols.
To set up a pseudo domain alias for a protocol, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, ensure that Server is selected and click on Configure.
On the Configure Server form, do one of the following:
Select a new protocol from Available Protocols, and then click on Configure.
Select a previously configured protocol from Configured Protocols, and then click on Modify.
The Configure Sendmail Protocol form is displayed.
Click on Pseudo Domain Alias.... The Pseudo Domain Alias form is displayed.
To add a new pseudo domain alias, type the name of the alias in the Alias field, and then click on Add. The new alias name is displayed in the Current Alias list box.
To delete an existing pseudo domain alias, click on the alias name in the Current Alias list box and click on Delete.
When you are finished adding or deleting pseudo domain aliases for this protocol, click on Submit to return to the protocol configuration form.
Continue to configure the protocol as described in Section : Configuring the MTS Protocol through Section : Configuring the X.25 Protocol.
To configure the MTS protocol for the Sendmail server, complete the Configure MTS Protocol form as follows:
Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).
Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).
Select one of the following routing methods:
Direct—Sends mail directly to the addressee. This option is not displayed if the MTS protocol is not installed on this server.
Relay—Forwards mail to another system (called the relay host) for processing.
If you chose Relay routing:
Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).
Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.
Accept the default pseudo domain (mts) or enter another pseudo domain in the Pseudo Domain field.
Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.
If an error occurs, use the navigation bar to return to the Configure MTS Protocol form.
On the Configure Server form, you can select another protocol to configure.
If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail Server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.
If DECnet is installed and configured on your system, you can configure the DECnet Phase IV protocol.
To configure the DECnet Phase IV protocol for the Semdmail server, complete the Configure DNET Protocol form as follows:
Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).
Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).
Select one of the following routing methods:
Internet—Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.
Direct—Sends mail directly to the addressee. This option is not displayed if the DECnet Phase IV protocol is not installed on this server.
Relay—Forwards mail to another system (called the relay host) for processing.
If you chose Relay routing:
Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).
Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.
Enter the DECnet node address for this server (area.node) for this server in the Node Address field; for example, 32.958.
A pseudo domain is used by Sendmail to determine the protocol that a mail message requires. The message is properly encapsulated by Sendmail before being sent out over the Internet. Accept the default pseudo domain (ENET) or enter another pseudo domain in the Pseudo Domain field.
Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.
If an error occurs, use the navigation bar to return to the Configure DNET4 Protocol form.
On the Configure Server form, you can select another protocol to configure.
If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.
If DECnet is installed and configured on your system, you can configure the DECnet/OSI protocol.
To configure the DECet/OSI (Phase V) protocol for the Sendmail server, complete the Configure DNET Protocol form as follows:
Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).
Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).
Select one of the following routing methods:
Internet—Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.
Direct—Sends mail directly to the addressee. This option is not displayed if the DECnet/OSI protocol is not installed on this server.
Relay—Forwards mail to another system (called the relay host) for processing.
If you chose Relay routing:
Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).
Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.
The default DNS Name Space is the total collection of names that one or more DECdns servers know about, look up, manage, and share. The name space for your site is the token before the colon ( : ) in your Phase V node name. For example, dec is the name space for the address dec:.foo.bar. Accept the default DNS name space or enter another name space in the DNS Name Space field.
A pseudo domain is used by Sendmail to determine the protocol that a mail message requires. The message is properly encapsulated by Sendmail before being sent out over the Internet. Accept the default pseudo domain (D5NET) or enter another pseudo domain in the Pseudo Domain field.
Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.
If an error occurs, use the navigation bar to return to the Configure DNET5 Protocol form.
On the Configure Server form, you can select another protocol to configure.
If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.
To configure the UUCP protocol for the Sendmail server, complete the Configure UUCP Protocol form as follows:
Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).
Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).
Select one of the following routing methods:
Internet — Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.
Direct—Sends mail directly to the addressee. This option is not displayed if the UUCP protocol is not installed on this server.
Relay—Forwards mail to another system (called the relay host) for processing.
If you chose Relay routing:
Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).
Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.
Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.
If an error occurs, use the navigation bar to return to the Configure UUCP Protocol form.
On the Configure Server form, you can select another protocol to configure.
If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.
To configure the X.25 protocol for the Sendmail server, complete the Configure X25 Protocol form as follows:
Create one or more pseudo domain aliases, if needed (see Section : Creating and Deleting Pseudo Domain Aliases).
Create one or more host aliases, if needed (see Section : Creating and Deleting Host Aliases for a Mail Server).
Select one of the following routing methods:
Internet—Forwards mail over the Internet to an unspecified gateway. The Internet depends on BIND/DNS to select an appropriate relay; therefore, you do not need to specify a relay host name for Internet routing.
Direct—Sends mail directly to the addressee. This option is not displayed if the X.25 protocol is not installed on this server.
Relay—Forwards mail to another system (called the relay host) for processing.
If you chose Relay routing:
Enter the name of the relay system in the Relay Hostname field. You can enter from 1 to 21 alphanumeric characters (including special characters). The name cannot start or end with a hyphen (-).
Select the relay protocol (the protocol that will be used to forward mail to the relay) from the Relay Protocol pull-down menu. SMTP is the default.
Click on Submit. A message is displayed indicating that the changes have been accepted. Click on Continue to return to the Configure Sendmail Server form.
If an error occurs, use the navigation bar to return to the Configure X25 Protocol form.
On the Configure Server form, you can select another protocol to configure.
If you are finished configuring protocols, click on Submit. A message is displayed confirming that the configuration was successful, and that the Sendmail server has been restarted. Use the navigation bar to return to the Configure Sendmail Server menu.
Masquerading is the process of transforming the local host name portion of a mail address into that of another host. A masquerading mail message appears to have come from the other host rather than the local host.
Error messages are often returned to the sender address on the message envelope. When many hosts are masquerading as a single host, all error messages are delivered to the central masquerading host.
When you enable masquerading on a configured Sendmail Server, all the host aliases you create will automatically assume the masquerading host name.
To access the Configure Masquerading form, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, ensure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Masquerading.
Figure 5-1 shows the Configure Masquerading form.
The following users are always excluded from masquerading (whether or not you explicitly specify them in the Excluded Users List field or in the Excluded Users File):
root
postmaster
news
uucp
mailer-daemon
rdist
nobody
daemon
pop
imap
To configure your system for masquerading, follow these steps:
To enable masquerading, turn on the Enable Masquerading checkbox. (To disable masquerading while retaining the masquerading configuration, turn off this checkbox.)
Enter the masquerading host name in the Masquerade As field. This field is required. When masquerading is enabled, all the host aliases for your system (see Section : Creating and Deleting Host Aliases for a Mail Server) will automatically assume this masquerading host name, unless you check Exclude Host Aliases From Masquerading (see step 8). The system can have only one masquerading host name, and must be a valid, fully qualified name.
You can specify additional hosts and domains that you want to assume the masquerading host name by entering the names in the Masquerading Hosts/Domains List field. Separate the names using a space. In Figure 5-1, the host server.xyzcorp.com and the domain xyzcorp.com will assume the masquerading host name xyzcorp.com.
If you have a file containing the names of hosts and/or domains that you would like to assume the masquerading host name, enter the full pathname of that file in the Masquerading Hosts/Domains File field. In Figure 5-1, the file /mydir/masked-hosts.txt contains additional host and domain names to be masqueraded, each on a separate line, as shown in the following example:
host1.site.domain.com host2.site.domain.com host3.site.domain.com
You can specify only one file in the Masquerading Hosts/Domains File field.
To prevent the masquerading host name from appearing in the mail header of messages from particular users, enter those user names in the Excluded Users List field. Separate the names using a space. In Figure 5-1, mail messages from the users julia, sarah, and barbara will not use the masquerading host name.
If you have a file containing the names of users whose mail headers should not use the masquerading host name, enter the full pathname of this file in the Excluded Users File field. Each user name must occupy a separate line in the file, as shown in the following example:
admin peter vpr rich
You can specify only one file in the Excluded Users File field.
Notes: If a user listed in the Excluded Users List field or contained in the file specified in the Excluded Users File field sends mail to a local user, the sending user's name will be masqueraded.
To use the masquerading host name in all recipients' addresses, check Use Masquerading Hostname in Recipient Addresses. (Recipient addresses include those on the To: and Cc: lines in the message header.)
To exclude your system's host aliases from masquerading, check Exclude Host Aliases From Masquerading. When this item is checked, only the host and domain names specified in Masquerading Hosts/Domains List and in the file specified by Masquerading Hosts/Domains File will be masqueraded.
If you want hosts and subdomains within the domains specified in the Masquerading Hosts/Domains List and Masquerading Hosts/Domains File fields to assume the masquerading host name, check Enable Masquerading for Subdomains. For example, in Figure 5-1, mail from server.xyzcorp.com (a host within the xyzcorp.com domain) will assume the xyzcorp.com masquerading host name.
To masquerade the envelope addresses, check Enable Masquerading for the Envelope. By default, the header addresses are masqueraded; however, by checking this item, the envelope addresses are also masqueraded.
Click on Submit to change the server configuration (or click on Cancel to cancel the changes and return to the Configure Sendmail Server menu).
The Administration utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted. Click on OK to return to the Configure Sendmail Server menu.
If there were any errors in the configuration, the Administration utility displays a list of the errors. Click on OK to return to the Configure Masquerading form.
Virtual domains allow multiple aliases to be hosted on a single system. To use virtual domains on your system, you must first create a virtual domain table. The Administration utility expects this file to be named /var/adm/sendmail/virtusertable, but you can override this default when you enable virtual domains. Example 5-1 shows a sample virtual domain table.
Example 5-1 Sample Virtual Domain Table
|
info@foo.com foo-info info@bar.com bar-info @baz.org jane@elsewhere.net |
|
The virtual domain table in Example 5-1 specifies the following:
Mail addressed to info@foo.com is delivered to foo-info.
Mail addressed to info@bar.com is delivered to bar-info.
Mail addressed to anyone at baz.org is delivered to jane@elsewhere.net.
The user name from the original address is passed as %1 (for example, @foo.org%1@elsewhere.net). This allows mail sent to someone@baz.org to be delivered to someone@elsewhere.net.
All the host names on the left-hand side of the table (in Example 5-1, foo.com, bar.com, and baz.org) must be in the host alias list (see Section : Creating and Deleting Host Aliases for a Mail Server).
You must also set up name servers for the virtual addresses that get mapped to the real addresses. You can use Domain Name System (DNS) configuration to complete the following:
Select an available domain name.
Establish two machines as primary and secondary name servers for this domain.
Configure MX records for this domain.
Register this domain with InterNIC.
See the Tru64 UNIX manual Network Administration: Services for more information about configuring DNS.
After you create the virtual domain table, use the makemap command to create an address mapping database, based on the data in the table; for example:
|
# makemap btree virtusertable < virtusertable |
|
This command creates the virtusertable.db file in BTREE format. Sendmail uses these files to determine whether the address on a mail messages has been mapped to a virtual domain. For more information on the makemap command, see the makemap(8) reference page.
After creating the database files, you can use the Administration utility to configure virtual domains on your system, as follows:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure the Sendmail Server menu, choose Configure Virtual Domains.
On the Configure Virtual Domains form, set the Use Virtual Domains checkbox to enable virtual domains. (You can turn off this checkbox to disable virtual domains while retaining the virtual domains configuration.)
Enter the complete pathname for the virtual user table you created using the makemap command. (The default is /var/adm/sendmail/virtusertable.)
Enter the host aliases that are mapped in the Virtual Domain database in the Virtual Hosts/Domains list. If you configure virtual domains, then all the host aliases in this list will be checked for mapping in the virtusertable.
Set the Suppress Errors in the Absence of the Database File checkbox to allow database lookups to fail silently if the table_name.dir and table_name.pag files (where table_name is the file name for your virtual user table) do not exist. (This parameter corresponds to the -o option on the K configuration line in the sendmail.cf file.)
Ordinarily, Sendmail strips all nonescaped quotation marks and removes any backslashes (\) from a key before looking it up in the virtual user table. For example:
“Bob \”bigboy\”Roberts \(esq\)"@bob.com
is ordinarily converted to:
Bob "bigboy" Roberts (esq)@bob.com
To preserve quotation marks and escape characters (those preceded by a backslash) in keys before database lookup, turn off the Strip Quotation Marks from Keys checkbox . (This parameter corresponds to the -q option on the K configuration line in the sendmail.cf file.)
Ordinarily, Sendmail converts a key to all lowercase letters before looking it up in the virtual user table. If keys in the virtual user table are case-sensitive, turn off the Convert Keys to Lowercase checkbox to prevent conversion to lowercase. (This parameter corresponds to the -f option on the K configuration line in the sendmail.cf file.)
Click on Submit to change the server configuration.
When the Suppress Errors in the Absence of the Database Files checkbox is not checked, the Administration utility checks that the filename.dir and filename.pag files exist (where filename is the name of the virtual user table you specified in the Database File Name field).
If there are no errors, the utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted. Click on OK to return to the Configure SMTP Server menu.
If there were any errors in the configuration, the Administration utility displays a list of the errors. Click on OK to return to the Configure Virtual Domains form.
When you enable your Sendmail server to use /usr/bin/procmail as a local mailer, Procmail is used as a replacement for the local mailer (for example, /bin/mail, /usr/bin/mail, mail.local, rmail, and so on) to deliver to /var/spool/mail. Procmail allows system-wide mail filtering. (For more information, see the procmail(1) reference page.)
To configure your system to use Procmail as a local mailer, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Enable/Disable Procmail.
On the Enable/Disable Procmail form, if Procmail is not currently enabled, click on Enable. Otherwise, click on Disable.
The Administration utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted. Use the navigation bar to return to the Configure SMTP Server menu.
Clam AntiVirus is an anti-virus toolkit for UNIX, designed for e-mail scanning on mail gateways. It provides a flexible and scalable multi-threaded daemon for e-mail scanning. Clam AV is licensed under the GNU General Public Licence and it is POSIX compliant, and portable. It detects viruses, worms and trojans and scans within archives and compressed files.
Amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners. Amavisd-new is Perl component ensuring high reliability, portability and maintainability. Amavisd-new uses several external programs and Perl modules for its operation. If there are any security vulnerabilities in them, the entire setup could be affected.
To enable Clam AV and Amavisd-new, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Enable/Disable Clamav and Amavis.
On the Enable/Disable form, if Clamav and Amavis are not currently enabled, click on Enable. Otherwise, click on Disable.
The Administration utility allows you to configure the following features of Sendmail to prevent mail from spam sites (also called unsolicited bulk e-mail) from reaching your system:
Configure relaying (see Section : Configuring Relaying)
Configure access database (see Section : Configuring the Access Database)
Configure checking on sender's information (see Section : Configuring Checking on Sender's Information)
By default, your Sendmail server configuration does not relay messages from a site outside your domain to another site outside your domain. To remove this restriction, or to control the relaying of mail messages on your SMTP server to and from specific domains, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Anti-Spam.
From the Configure Anti-Spam menu, choose Configure Relaying.
The Configure Relaying page lets you set the following relaying options:
In the Relaying Domains List field, specify the list of domain names or IP addresses, to and from which your Sendmail server is allowed to transmit messages. Separate entries in this field with blank spaces.
If you have a file containing the domain names and IP addresses to which you want to restrict relaying, enter the full pathname for the file in the Relaying Domains File field.
Set the Allow Relaying from Any Host in Local Domain checkbox to allow any host in your domain to relay. By default, only hosts listed as OK in the accessdb database are allowed to relay messages.
Set the Allow Relaying Based on Sender's MX Records checkbox to permit your server to relay messages from senders who list your server in their MX records. The MX record consists of lists of hosts that can accept messages for the specified destination. For example, if your server received a message from user@domain.com and domain.com lists your server in its MX records, your server accepts the message.
Set the Exclude Subdomains from Relaying checkbox to restrict relaying to specific host names (rather than permit relaying based on subdomain). Usually, relaying is based on domain names. The names listed as RELAY in the accessdb file and entries in the Relaying Domains List field (or contained in the Relaying Domains File) are domain names. If you specify, for example, that example.com is a relaying domain, then messages to and from example.com, abc.example.com, user.dept.xyz.example.com are all accepted for relaying. When the Exclude Subdomains from Relaying checkbox is set, Sendmail looks up individual host names before determining whether or not to relay a message.
Set the Allow Relaying from Local Host checkbox to relay a message when the sender's return path domain (for example, MAIL FROM: <user@domain.name>) is a local domain.
Under normal behavior, if a message header lists a recipient as user%site@anothersite and anothersite is included in the Relaying Domains list (or Relaying Domains file), Sendmail strips @anothersite and rechecks user@site for relaying. Set the Disable Checks For Relay Forwarding checkbox to prevent this behavior.
Note: Setting this checkbox may allow spam mail to relay through your server if it is not set up properly.
Set the Check for Blacklist Recipients in Access Database checkbox when you want to block incoming mail for certain recipient user names, host names, or IP addresses. For example, you can block incoming mail addressed to nobody, host example1.domain.name, or user guest@example2.domain.name, as specified in the accessdb file. (See Section : Configuring the Access Database for information on the accessdb file.)
Set the Allow Unrestricted Relaying checkbox, to accept mail from outside your domain and send it to another host outside your domain. When this checkbox is set, your site will allow mail relaying from any site to any site.
Set the Reject Mail from Server in Realtime Blackhole List checkbox to reject mail from any server listed in the Realtime Blackhole List. For more information on the Mail Abuse Protection System (MAPS) and the Realtime Blackhole List, see
When you are through setting the Configure Relaying options, click on Submit. A success message confirms that relaying has been configured on your system and that your Sendmail server has been restarted.
The Sendmail server uses an access database for the following purposes:
To reject mail from specific domains and addresses (RHS: REJECT or a specific error message)
Accept mail even though it might be rejected by subsequent checks (RHS: OK)
Permit mail to be relayed (RHS: RELAY)
The access database uses e-mail addresses, domain names, and network numbers as keys, and uses values to indicate how the Sendmail server should handle mail based on these keys. Example 5-2 shows the syntax of entries in an access database.
Example 5-2 Sample Access Database for the Sendmail Server
|
spammer@dummy.com REJECT cyberspammer.com REJECT cyberspammer.com 550 We don't accept mail from spammers! okay.cyberspammer.com OK bulkmailer@dummy.com DISCARD 206.117.147 REJECT sendmail.org OK 128.32 RELAY |
|
As shown in Example 5-2, the Sendmail server handles incoming mail as follows:
Rejects mail from spammer@dummy.com
Accepts mail from host okay at cyberspammer.com (but rejects mail from all other hosts at that domain and returns the specified message)
Discards mail from bulkmailer@dummy.com using the $#discard mailer
Rejects mail from any host on the 206.117.147.* network
Accepts mail from all users at sendmail.org
Relays messages from the 128.32.*.* network
Create an access database file in /var/adm/sendmail/accessdb using the format shown in Example 5-2.
After you create the access table in a text file, use the makemap command to create the database map, based on the data in the table. For example:
# makemap btree accessdb < accessdbThis command creates the accessdb.db file in BTREE format. Sendmail uses this file to determine whether to accept or reject the relaying of mail messages. For more information on the makemap command, see the makemap(8) reference page.
After creating an access database, you can specify sendmail.cf options for this database using the Administration utility.
To configure the access database, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Anti-SPAM.
From the Configure Anti-SPAM menu, choose Configure Access Database. The Configure Access Database form is displayed (Figure 5-2).
On the Configure Access Database form, set the Use Access Database checkbox to enable access database lookups. (You can turn off this checkbox to disable database lookups while retaining the access database configuration.)
Enter the complete pathname for the access database you created but do not include the extension. (The default pathname is /var/adm/sendmail/accessdb.)
Set the Suppress Errors in the Absence of the Database File checkbox to prevent Sendmail from performing a database lookup if the access database does not exist. (This parameter corresponds to the -o option on the K configuration line in the sendmail.cf file.)
Ordinarily, Sendmail strips all nonescaped quotation marks and removes any backslashes (\) from a key before looking it up in the access database. For example:
“Bob \”bigboy\”Roberts \(esq\)"@bob.com
is ordinarily converted to:
Bob "bigboy" Roberts (esq)@bob.com
To preserve quotation marks and escape characters (those preceded by a backslash) in keys before database lookup, turn off the Strip Quotation Marks from Keys checkbox. (This parameter corresponds to the -q option on the K configuration line in the sendmail.cf file.)
Ordinarily, Sendmail converts a key to all lowercase letters before looking it up in the access database. If keys in the virtual user table are case-sensitive, turn off the Convert Keys to Lowercase checkbox to prevent conversion to lowercase. (This parameter corresponds to the -f option on the K configuration line in the sendmail.cf file.)
Click on Submit to change the server configuration (or click on Cancel to cancel the changes and return to the Configure Sendmail Server menu).
When the Suppress Errors in the Absence of the Database File checkbox is not checked, the Administration utility checks that the access database file exists (as specified in the Database File Name field).
If there are no errors, the utility displays a message confirming that the configuration has been changed, and indicates that the Sendmail server has been restarted.
If there were any errors in the configuration, the Administration utility displays a list of the errors.
To block incoming mail for certain recipient user names, host names, or IP addresses, return to the Configuring Relaying page (Section : Configuring Relaying) and set the Check for Blacklist Recipients in Access Database checkbox.
To configure checking on sender's information, follow these steps:
Set the Accept Mail from Unqualified Senders checkbox when you want to accept messages that do not include a domain name in the sender's address (that is, the sender's host name is not fully qualified). If this checkbox is not set, the Sendmail server rejects any message containing a sender address that is not fully qualified.
Set the Accept Mail from Unresolvable Domains checkbox when you want to accept messages that are from addresses that the Domain Name System (DNS) server cannot locate and resolve. If this checkbox is not set, the Sendmail server rejects any message containing an unresolvable domain name in the sender address.
You can configure the Sendmail server to identify users based on the information in an LDAP directory. When you complete the Configure LDAP form during Sendmail server configuration, the Administration utility creates a K line entry in the sendmail.cf file that defines how the Sendmail daemon is to search the LDAP directory to authenticate users.
For information on managing the LDAP Directory servers, see Chapter 11.
To configure the Sendmail server to use LDAP, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure the Sendmail Server menu, choose Configure LDAP.
On the Configure LDAP form, check the Enable LDAP Look-Up checkbox to enable the Sendmail server to look up user information in an LDAP directory. (You can uncheck this checkbox to disable LDAP directory lookups while retaining the LDAP configuration.)
In the LDAP Search Base field, specify the directory in your LDAP tree in which you want to begin searching. Use a space to separate the entries in this field. For example:
ou=People o=XYZCompany c=US
This field corresponds to the -b option in the K line in sendmail.cf.
In the List of LDAP Servers field, enter the names of servers at your site that support LDAP. Use a space to separate entries in this field. The LDAP libraries attempt to connect to these servers in the order you list them. For example:
dirserver1.xyz.com dirserver2.xyz.com
This field corresponds to the -h option in the K line in sendmail.cf.
In the List of LDAP Search Strings field, specify one or more attributes that you want to search on. (The maximum number of attributes that you can search is 1023.) Use a space to separate attributes. (The base directory you specified in the LDAP Search Base field in step 6, combined with the strings supplied in this field, should define a search that returns at most one entry.) For example:
uid cn
This field corresponds to the -k option in the K line in sendmail.cf.
In the List of LDAP Attributes Returned field, specify one or more attributes that will get populated from the LDAP directory when your search is successful. You can specify at most 63 attributes. Use a space to separate attributes. The ldapsearch command returns all the attributes that it can successfully populate. For example:
mailForwardingAddress mail uid
If a mailForwardingAddress and mail attribute exists, it will return both. Each one will then be treated as a separate address and will be individually processed.
This field corresponds to the -v option in the K line in sendmail.cf.
Set the Suppress LDAP Errors checkbox to prevent Sendmail from performing a database lookup if the ldap database does not exist. (This parameter corresponds to the -o option on the K configuration line in the sendmail.cf file.)
Figure 5-3 shows the Configure LDAP form.
The Sendmail daemon distributed in this Internet Express release is compiled to interface with any mail filters compiled with the sendmail.org provided milter library (known as libmilter). The milter library is included with this release. To include it with a filter compilation, use the –lmilter flag on the compile or link command line. (See the example included in Appendix A.)
A filter has a name and a socket interface. A filter uses one of four types of sockets: local, unix, inet and inet6. This socket must not already exist. It will be created at run time.
Filter Name: sample1
Socket: local:/var/run/f1.sock
A local file filter, using a local UNIX socket
Filter Name: sample2
Socket: inet:1099@remotehost.com
A network socket accessed via IPv4 port number 1099 on remotehost.
Filter Name: sample3
Socket: inet6:1066@myhost.com
A network socket accessed via IPv6 port number inet:1066 on myhost.com.
Filters can reject or defer mail if the connection to the filter fails. It may also have definitions for various time outs on filter related events.
For example: Filter Name: sample4
Socket: inet:1066@myhost.com,T=C:5m;S:10s;R:10s;E:5m
In this example, a network socket is accessed via IPv4 port number inet:1066 on myhost.com with the default timeouts defined.
| Timeout Field | Timeout Field | Default Timeout |
| E | The overall timeout from sending end of message to filter to the final end of message reply. | 5 minutes |
| R | The timeout for reading a reply from the filter. | 10 seconds |
| S | The timeout for sending information from the mail transfer agent to a filter. | 10 seconds |
| C | The connection timeout. | 5 minutes |
Mail filters can be managed within the Internet Express Administration utility. The Administration interface allows the addition, modification or deletion of a mail filter.
To add a mail filter, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure MILTER.
In the Filter Name field, enter a name for the new filter.
In the Socket Type field, enter the type. Choices are: local, unix, inet and inet6.
In the drop-down box If Filter is Unavailable, choose either Reject Connection or Temporary Fail.
Enter desired values in the Timeouts fields.
Click on Submit to add the filter.
To modify a mail filter, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure MILTER.
In the Existing Filters list, choose the filter to be modified.
Click Modify.
Modify the values as desired.
Click on Submit to change the filter.
To delete a mail filter, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure MILTER.
In the Existing Filters list, choose the filter to be deleted.
Click Delete.
On the confirmation page, click Continue.
Bogofilter and Clam AV anti-virus filters are supplied with this release. Clam AV anti-virus can be enabled using the Administration Utility (see Section : Enabling Anti-Virus). For information about Bogofilter, see Section : Bogofilter Spam Filter.
Appendix A includes the code for a sample mail filter code called sample.c. To compile it, use the following command:
# cc –I/usr/internet/include -o sample sample.c libmilter.a libsm.a -pthread
Any new filter must be thread-safe. Depending on how many threads will run, the per-process limits in the new filter may have to be changed.
Access the Add New Filter menu, as described in Section : Adding a Mail Filter. Enter the appropriate information for the filter, for example:
Filter Name: sample Socket: local:/var/run/f1.sock
Socket: local:/var/run/f1.sock
When you click on Submit, the new filter interface is added to the current Sendmail configuration file.
The sample filter takes one argument, -p, which indicates the local port on which to create a listening socket (the UNIX domain socket located in /var/run/example1.sock).
./sample -p local:/var/run/example1.sock
If the sample filter returns immediately to a command line, there was problem. Check the following items:
Whether the command line had errors
If the local socket was created
The syslog for any errors
Use the command netstat -a to verify the filter process is listening on the correct local socket.
To test the filter, e-mail messages must be piped to the filter via Sendmail. There are two means of doing this: by using sendmail -bs, or by telnet localhost 25. See the following example:
|
|
|
In this example, the lines beginning with numbers are output by Sendmail, and the bold lines are typed input. A successful test will create a file in /tmp /msg.XXXXXXXX (where the Xs represent any combination of letters and numbers) and it will the message body and headers from the text entered above.
Both syslog and Sendmail can be used to help debug any problems. First look in syslog for any related error messages. Additional log messages can be added by raising the logging level of sendmail by use of the LogLevel option.
Queue groups are supported using the Sendmail menu of the Administration Utility. A queue group has a name and a directory path where the e-mail messages will be stored temporarily. The directory path must be a subdirectory of the sendmail variable called, QueueDirectory. Its default path is /var/spool/mqueue.
You can use the Administration Utility to add, modify or delete a queue.
To add a queue group, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Queues.
In the New Queue field, enter a name for the new queue group.
Click Add.
The Flags argument specifies whether queues are processed in parallel in the background, or in serial mode. Specifying "f" as the flags argument defines the parallel processing queue mode.
The nice value argument is the operating system priority that queues are processed. The default value is set to give all processes an equal chance of running.
In the Interval Between Queue Runs field, specify the time interval to wait between active runs. Intervals are specified using short strings such 1h (1 hour), 30s (30 seconds), 1d (1 day) and 2w (2 weeks).
In the Path field, enter the queue directory. It defaults to the /var/spool/mqueue directory.
In the Parallel Runners field, enter specifies the maximum queue processors per queue group. By default there is one per queue.
In the Max Jobs field, specify the maximum number of mail messages to process on a given queue run.
In the Max Recipients field, specify the default limit for the number of recipients allowed per envelope. Leaving the field blank or setting it to zero will impose no limit on the message processing.
Click on Submit to add the queue group.
After a queue is created, you can use the mailq command to list all valid queues and mail queued for transfer.
If multiple queues are used, separate Sendmail daemon commands should be scheduled to periodically check and transfer any queued mail. The following example illustrates the point:
To modify the values for a queue group, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Queues.
In the list of existing queues, choose the queue group to be modified.
Click Modify.
Modify the values as desired.
Click on Submit to change the queue.
To delete a queue group, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Queues.
In the list of existing queues, choose the queue to be deleted.
Click Delete.
On the confirmation page, click Continue.
The Queue Performance menu option allows you to set local values for default options found in Sendmail. Table 5-1, Table 5-2, Table 5-3 and Table 5-4 describe these values.
Table 5-1 General Queue Properties
| Value | Description | Default |
| Default Queue Directory | Location where mail is queued and any additional queues are defined with this path | /var/spool/mqueue |
| Queue File Mode | Default permissions for files placed in the queue directory | /var/spool/mqueue |
| Queue File Mode | How to sort messages in the mail queue (priority, host, time, file, random, or file modification time) | priority |
| Queue Timeout | Limit lifetime of a message in the queue | 5d (5 days) |
| Queue Factor | Factor used to compute the load factor ; used for determining when to queue mail because of high system load | 600,000 |
| Queue Load Average | When the load average (average number of processes in a run queue over the last minute) exceeds this value, mail is queued rather than deliver them | 8 times number of CPUs present |
| Queue Refuse Load Average | When the load average (average number of processes in a run queue over the last minute) exceeds this value, sendmail refuses new connections | 12 times the number of CPUs present |
| MaxQueueChildren | Limit number of concurrent queue processors | 0 (no limit) |
| MinQueueAge | Skip queue processing if the wait time interval has not passed | 0 (disabled) |
| Recipient Factor | Used to penalize large recipient lists | 30,000 |
Table 5-2 Queue Timers
| Timeout Items | Description | Default Value |
| Queue Return | Bounce if message is undelivered | 5 days |
| Q-R Normal | (for a normal message) | None |
| Q-R Urgent | (for an urgent message) | None |
| Q-R Nonurgent | (for a nonurgent message) | None |
| Queue Warn | Warn if message is undelivered | 4 hours |
| Q-W Normal | (for a normal message) | None |
| Q-R Urgent | (for an urgent message) | None |
Table 5-3 describes the Sendmail timers (timeouts waiting on an SMTP protocol event,
Table 5-3 Sendmail Timers
| Timer | Description | Default Value |
| Timeout on MAIL FROM: | 5 to 10 minutes | |
| rcpt | Timeout on RCPT TO: | 1 hour |
| datainit | Timeout on DATA acknowledgement | 5 minutes |
| datablock | Timeout on DATA block read | No default |
| datafinal | Timeout on DATA acknowledgement of final dot | 1 hour |
| command | Timeout on wait of next command | 1 hour |
| Initial | Timeout on initial greeting message | None |
| Helo | Timeout on HELO or EHLO | None |
| Rset | Timeout on RSET acknowledgement | 5 minutes |
| Quit | Timeout on QUIT acknowledgement | 2 minutes |
| Misc | Timeout on other SMTP commands | 2 minutes |
| Ident | Timeout on ident protocol | 0/disabled |
| Fileopen | Timeout on NFS file open | 5 minutes |
Table 5-4 Sendmail Tunable Parameters
| Parameter | Description | Default Value |
| MinFreeBlocks | Minimum file space needed for Sendmail to operate | 100 |
| MaxHeaderLength | Maximum size of the header section | 32768 bytes |
| MaxMessageSize | Maximum message length | 0 |
| MaxMimeHeaders | Maximum length of the MIME headers | 0/0 |
To configure the Sendmail queue performance, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Queue Performance.
A form is displayed, showing the current performance values.
Modify the timers and other parameters as desired.
Click Submit.
Sendmail includes support for enhanced security: Secure Socket Layer (SSL) and Transport Layer Security (TLS). SSL and now TLS (successor to SSL) are used to establish a trusted connection. Sendmail's usage of TLS is not end-to-end encryption. Certificates in X.509 form are used to form this trusted connection.
To use TLS, sendmail needs a source of random information. This Internet Express release includes both Tru64 UNIX Version 5.1A and 5.1B sendmail binaries to allow access of the appropriate random number generators. In version 5.1B, the Sendmail binary uses the native /dev/random device, while the Tru64 UNIX Version 5.1A operating system version includes support for egd. egd is a Perl-based persistent daemon that gathers and then sources to Sendmail a flow of pseudorandom information. This information is used for encryption actions.
In addition to access of random information, the system administrator must have a set of digital certificates that defines the authority (local or remote), server and client identification. Certificates follow a hierarchical model, the X.509 Certificate Authority.
Server certificates are used for incoming connections, and client certificates are used for outbound connections. A single certificate can be shared for both functions.
Certificates contain identity information. Here is an example:
|
|
|
[additional abbreviated information]
Table 5-5 Certificate Defaults
| Certicate Authority | Abbreviation | |
| Certificate Authority | Certificate Authority (signs certificates) | CA |
| Certificate Issuer | One that issues certificates (a CA) | CI |
| Certificate | The public part of the key pair (identity information) | cert |
| Key | Private part of the key pair | key |
| Distinguished name | unique name | DN |
| Common name | Common (not necessarily unique) Hostname, or user's full name | CN |
A TLS certificate can be bought from a certification authority, or it can be created locally for use. Commercial companies such as VeriSign, Equivax and Thawte provide certification related functions. Once the commercial transaction has taken place, store the certificate information in the /var/adm/sendmail/certs/cacert.pem.
If you have commercial certificates or has created his own Certificate Authority, review the Certificate Authority section in Appendix A.
The following fields in the Sendmail TLS menu must be completed to allow proper functioning of the TLS between server and server, or server and client.
Servers and clients have certificate and key files. The Certificate Authority Certificate is the top level identifier that ties the machines identity to a well known (trusted) authority. The server certificate is used for inbound connections and identifies the server to the connector. The client certificate identifies connecting client to the remote mail server. The client certificate can be the same as the server certificate. The server and client keys are the private keys used in the security transaction.
Table 5-6 TLS Certificate Values
| Field Name | Default |
| Certificate Authority Certificate Directory (CA) | /var/adm/sendmail/certs |
| Certificate Authority Certificate | $CA/CA.cert.pem |
| Server Certificate File | $CA/server.cert.pem |
| Server Key File | $CA/server.key.pem |
| Client Certificate File | $CA/client.cert.pem |
| Client Key File | $CA/client.cert.pem |
To configure the values for TLS, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server/Using Open Source Configuration Rules.
From the Sendmail Server Administration menu, choose Configure Sendmail Server.
On the Configure Sendmail Server menu, make sure that Server is selected and click on Configure.
From the Configure Sendmail Server menu, choose Configure Trusted Layer Security (TLS).
A form is displayed, showing the current performance values.
Click in the Enable TLS for Server Connections checkbox to enable TLS.
Modify the values in the fields as desired. See Table 5-6.
Click in the Disable Client Verification checkbox to disable client verification,
Click Submit.
In addition, all remote systems that the server will connect to using TLS, must enable TLS to complete the transmission loop in a secure manner.
After the fields are completed, TLS support can be enabled. To debug a non-working connection, check the mail log for error messages.
Secure connections to servers and clients can be defined by adding lines to the access database (access db text file) and then running makemap to create the updated access_db file.
Here are four examples that offer or do not offer TLS support for certain connections. Each line illustrates the line format used in the access database. The line format for the text file is:
|
|
|
By default, STARTLS is requested on all outgoing connections and offered on incoming connections when certificates are configured. By placing a line in the access database, STARTLS can be turned off.
|
|
|
Here, STARTLS is offered to general.mymachine.com. It is not offered to mymachine.com, any address starting with 42.0 or 127.0
To turn on TLS support for connecting as a client, the access_db line format is as follows:
|
|
|
The third fields shown here are optional.
To turn on TLS support for connecting as the server the access_db file format line is:
|
|
|
The third fields shown here are optional.
Here are some additional client examples:
| Access database text line | |
|---|---|
| TLS_Serv:abc.hp.com | StartTLS connection as client to system abc |
| TLS_Serv:abc.hp.com VERIFY | StartTLS connection and certificate verification required |
| TLS_Serv:abc.hp.com ENCR:64 | Must encrypt with at least 64 bits |
| TLS_Serv:abc.hp.com VERIFY:64 | Certificate verification and encryption strength of at least 64 bits |
Here are some additional server examples:
| Access database text line | |
|---|---|
| TLS_Clt:nbc.hp.com | StartTLS connection as server to system nbc |
| TLS_Clt:nbc.hp.com VERIFY | StartTLS connection and certificate verification required |
| StartTLS connection and certificate verification required | Must encrypt with at least 32 bits |
| TLS_Clt:nbc.hp.com VERIFY:32 | Certificate verification and encryption strength of at least 32 bits |
Additional access database tags allow the fine tuning of TLS connections:
TEMP+ or PERM+ shorthands are used to mark an entry as temporary or permanent failure/rejection.
| Access database text line | |
|---|---|
| TLS_Clt:cbs.hp.com | StartTLS connection as server to system cbs |
| TLS_Clt:cbs.hp.com PERM+VERIFY | StartTLS connection and certificate verification required (failure marked as permanent) |
| TLS_Clt:cbs.hp.com TEMP+ENCR:64 | Must encrypt with at least 64 bits (failure marked as temporary ) |
| TLS_Clt:cbs.hp.com TEMP+VERIFY:32 | Certificate verification and encryption strength of at least 32 bits (failure marked as temporary) |
The other modifiers include the CN, CS and CI tags. This tag class is started with a ‘+’ sign and additional tags are separated by ‘++’. CN is shorthand for the Common name of the client or server certification (the fully qualified domain name of the server). CS is shorthand for the Common server certification (the fully qualified domain name of the server). CI is shorthand for the Common client certification (the fully qualified domain name of the client).
| CN:name means CN must be ‘name’ |
| CN—CN means CN must the name of the server |
| CS:name means the Domain name must be ‘name’ |
| CI:name means the CI Domain name must be ‘name |
| Summary of TLS options available for use in the access data file | |||
|---|---|---|---|
| First field | Second (or more) field | Additional fields | Optional |
| Try_TLS | Address, or host, or domain information | YES or NO | |
| TLS_Srv: (TLS Server Side) | host-name or address | optional
|
|
| TLS_Clt: (TLS Client Side) | host-name or address | optional
|
|
| TLS_Rcpt: (TLS Client Side) | user@, domain, subdomain | optional
|
|
| Srv_Features: (Server Features) | Blank, address, hostname | S, or A or s v a Upper case options
Lower case (s,v or a) means offer/request TLS:
| |
| CERTISSUER | Cert Issuer information | RELAY or SUBJECT | |
| CERTSUBJECT | Cert Issuer information | RELAY or SUBJECT | |
CN: Common name of the client or server certification (the fully qualified domain name of the server)
CS: Common server certification (the fully qualified domain name of the server)
CI: Common client certification (the fully qualified domain name of the client)
CN:name: CN must be ‘name’
CN—CN: CN must the name of the server
CS:name: Domain name must be ‘name’
CI:name: CI Domain name must be ‘name’
To control the Sendmail server, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Start/Stop the Sendmail Server.
If the server is currently running, you can:
Stop the server by clicking on Stop.
Restart the server by clicking on Restart.
If the server is currently stopped, you can start the server by clicking on Start.
The mailbox is a file that resides in the /usr/spool/mail directory and contains new and unread mail messages. Access to the mailbox directory is controlled by two attributes, locking style and mount point.
To configure mailbox access on your system, follow these steps:
Under Mail on the Manage Components menu, choose Sendmail Server.
From the Sendmail Server Administration menu, choose Configure Mailbox Access.
On the Configure Mailbox Access form, select a lock style from the Lock Style pull-down menu:
File System R/W Lock (see lockf(3))—This locking mechanism provides the best performance. Select this style if you are not using NFS to export or import the mailbox directory, or if the NFS server for the mailbox directory uses the Tru64 UNIX operating system. If you are not sure, select Create .lock Files.
Create .lock Files—Select this style if the system on which the mailbox directory resides does not use the Tru64 UNIX operating system.
Both—Select this style if you are NFS exporting the mailbox directory or if you are sure that the NFS server was configured to use both lockf and .lock files.
Select a sharing style from the Mailbox Sharing pull-down menu:
Local /usr/spool/mail—The mailbox directory resides on this system and NFS is not used.
NFS Export /usr/spool/mail—The mailbox directory on this system should be distributed by NFS to client systems.
NFS Import /usr/spool/mail—The mailbox directory is NFS mounted from another system.
If you specified that the mailbox sharing style is NFS Import, you must specify the name of the system that serves this directory in the Mailbox Server field.
Click on Submit to change the server configuration.
The Administration utility displays a message confirming that the mailbox options have been set.
If there were any errors in the configuration, the Administration utility displays a list of the errors. Click on the Continue button to return to the Configure Mailbox Access form. Otherwise, use the navigation bar to return to the Configure Mailbox Access form or to the Sendmail Server Administration menu.
On your local system, you can use the Administration utility to:
Create Majordomo mailing lists (see Section : Creating a Majordomo Mailing List)
Change configuration parameters for Majordomo mailing lists (see Section : Changing a Majordomo Mailing List Configuration)
Delete Majordomo mailing lists (see Section : Deleting a Majordomo List)
The Administration utility allows you to perform some list management functions (as described in Section : Changing a Majordomo Mailing List Configuration). You must perform other management functions (such as subscribing users) through the Majordomo e-mail interface.
Documentation on Majordomo commands is located in the /usr/internet/docs/majordomo/ directory.
To create a Majordomo list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
On the Majordomo Mailing List Administration menu, enter a unique name in the New Mailing List field, then click on Add. The names of existing list are displayed in Existing Mailing Lists field.
Enter the e-mail address of the person who owns or will maintain the list.
The list owner is defined as an alias in the mail aliases file.
Type a description of the purpose of the list (the list charter) in the Informational Message field. When someone sends an e-mail message to the list alias with the word “info” in the body of the message, this text is returned in the reply message.
The charter text is stored in the /data/majordomo/lists/listname.info file, where listname is the name of the list you supplied in step 3.
Click on Submit.
The created list will be listname@hostname, where hostname is the host name of the local system.
The Administration utility confirms on a separate page that the list has been created. A link to the Modify Configuration Parameters form (see Section : Changing a Majordomo Mailing List Configuration) is provided for your convenience.
Using the Administration utility, you change the following parameters for a Majordomo mailing list:
List owner or charter (see Section : Changing List Owner or Charter)
Administration parameters (see Section : Changing Administration Parameters)
Subscription parameters (see Section : Changing Subscription Parameters)
Message content parameters (see Section : Changing Message Content Parameters)
Digest parameters (see Section : Changing Digest Parameters)
Command access parameters (see Section : Changing Command Access Parameters)
Moderated list parameters (see Section : Changing Moderated List Parameters)
List restriction parameters (see Section : Changing List Restriction Parameters)
Address processing parameters (see Section : Changing Address Processing Parameters)
In the following sections, the Majordomo tag that is associated with each field on these forms is included. For each list, the tag and the value you specify are stored in the Majordomo configuration file for that list. The list configuration files reside in the /data/majordomo/lists/ directory; there is one configuration file per Majordomo list (listname.config). The configuration file for a list is created the first time you change the list configuration.
To change the list owner or charter of a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Mailing List Owner or Information Message.
You can change the e–mail address of the person who will maintain the mailing list, or provide new charter text, or both.
Click on Submit.
To change administration parameters for a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Administration Parameters.
When Monitor Administrative Requests (administrivia) is set to yes, Majordomo forwards these requests (for example, subscribe or unsubscribe) to the list maintainer instead of the list members.
You can change the Administration Password (admin_password), which controls access to handling administrative tasks on the list.
Click on Submit.
To change subscription parameters for a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Subscription Parameters.
When Send Welcome Message and List Charter to New Users (welcome) is set to Yes, a welcome message (and optional introductory file) will be sent to the newly subscribed user.
Welcome Mail Sender Address (sender) is the envelope and sender address for the resent mail. The string @resend_host is appended to the value you enter in this field to form a complete address. For Majordomo, it provides the sender address for the welcome mail message generated as part of the subscribe command.
You can set Subscribe Policy (subscribe_policy) to one of the following values:
open to subscribe self—Allows people to subscribe themselves to the list.
closed to approval required—Requires maintainer approval for all subscribe requests to the list.
auto to unrestricted—Allows anybody to subscribe anybody to the list without maintainer approval.
open+confirm to subscribe self w/ confirmation—Allows people to subscribe themselves to the list. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be included with another subscribe command.
closed+confirm to approval required w/ confirmation—Requires maintainer approval for all subscribe requests to the list. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be included with another subscribe command.
auto+confirm to unrestricted w/ confirmation—Allows anybody to subscribe anybody to the list without maintainer approval. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be included with another subscribe command.
You can set Unsubscribe Policy (unsubscribe_policy) to one of the following values:
open to unsubscribe self—Allows people to unsubscribe themselves from the list.
closed to approval required—Requires maintainer approval for all unsubscribe requests to the list. If the file listname.closed exists, it is the same as specifying the value closed.
auto to unrestricted—Allows anybody to unsubscribe anybody to the list without maintainer approval. The existence of the file listname.auto is the same as specifying the value this value.
unsubscribe self w/ confirmation—Allows people to unsubscribe themselves from the list. Majordomo sends a reply back to the subscriber, which includes an authentication number that must be sent back in with another unsubscribe command. This value overrides the value supplied by any existing files.
approval required w/ confirmation—Requires maintainer approval for all unsubscribe requests to the list. Majordomo sends a reply back to the subscriber that includes an authentication number that must be sent back in with another unsubscribe command. This value overrides the value supplied by any existing files.
Click on Submit.
To change message content parameters for a mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select the mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Message Content Parameters.
The value you specify in the Word Prefixed to All Subject Lines (subject_prefix) field is prefixed to the subject line, if it is not already in the subject. The text is expanded before being used. The following expansion tokens are defined:
$LIST—Name of the current list
$SENDER—Sender as taken from the from line
$VERSION—Version of Majordomo
The Additional Headers Appended to All Posted Messages (message_headers) text will be appended to the headers of all messages posted to the list. The text is expanded before being used. The following expansion tokens are defined:
$LIST—Name of the current list
$SENDER—Sender as taken from the from line
$VERSION—Version of Majordomo
The value specified in the Precedence Header (precedence) field is added as a precedence header in outgoing messages.
The text you enter in the Text Prepended to the Beginning of All Posted Messages (message_fronter) field is prepended to the beginning of all messages posted to the list. The text is expanded before being used. The following expansion tokens are defined:
$LIST—Name of the current list
$SENDER—Sender as taken from the from line
$VERSION—Version of Majordomo
If used in a digest, only the expansion token _SUBJECTS_ is available, and it expands to the list of message subjects in the digest.
The text you enter in the Text Appended to the End of All Posted Messages (message_footer) is appended to the end of all messages posted to the list. The text is expanded before being used. The following expansion tokens are defined:
$LIST—Name of the current list
$SENDER—Sender as taken from the from line
$VERSION—Version of Majordomo
If used in a digest, no expansion tokens are provided.
Specify a maximum article length in the Maximum Article Length (maxlength) field. The default maximum article length is 40,000 characters.
Click on Submit.
To change digest parameters for a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Digest Parameters.
The value in the Digest Name (digest_name) field serves as the subject line for the digest. The volume and issue are appended to the digest name.
Current Digest Volume Number (digest_volume) is the current volume number.
Current Digest Issue Number (digest_issue) is the issue number of the next issue.
The number you specify in the Create New Digest When Oldest Article (in Days) Reaches (digest_maxdays) field causes a new digest to be automatically generated when the age of the oldest article in the queue exceeds this number of days.
The number you specify in the Create New Digest When Size (in Lines) Reaches (digest_maxlines) field causes a new digest to be automatically generated when the size of the digest exceeds this number of lines.
Click on Submit.
To change command access parameters for a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Command Access Parameters.
You can set any of the fields on this form to one of the following values:
open to unrestricted access—Allows anyone access to this command
closed to no access—Completely disables the command for everyone
The tags associated with the fields on this form are as follows:
Access To Which Command—which_access
Access To Who Command—who_access
Access To Intro Command—intro_access
Access To Info Command—info_access
Access To Index Command—index_access
Access To Get Command—get_access
Click on Submit.
To change the moderated list parameters for a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Moderated List Parameters.
When Moderated? (moderate) is set to Yes, all postings to the list must be approved by the moderator.
Specify the e-mail address of the moderator in the Moderator (moderator) field to send bounced messages to the moderator instead of the list owner.
Click on Submit.
To change the list restriction parameters for a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify List Restriction Parameters.
If the header of a posted message contains a string matching any of the regular expressions you enter in the Header Strings Prompting Review (taboo_headers) field, the message will be bounced for review.
If the body of a posted message contains a string matching any of the regular expressions you enter in the Message Text Prompting Review (taboo_body) field, the message will be bounced for review.
If the e-mail address of a requestor matches any of the regular expressions you enter in the List Is Advertised to These Users (advertise) field, the list will be listed in the output of a lists command. Failure to match any regular expression excludes the list from the output. The regular expressions entered in the List Is Not Advertised to These Users (noadvertise) field override those specified in this field.
If the e-mail address of a requestor matches any of the regular expressions you enter in the List Is Not Advertised to These Users (noadvertise), the list is excluded from the output of a lists command. The regular expressions entered in this field override those entered in List Is Advertised to These Users (advertise).
Enter the name of one or more files, separated by either a colon (:) or a space, in the Files Defining Addresses That Can Post to the List (restrict_post) field. Only addresses listed in these files can post to the mailing list. By default, these files are relative to the lists directory. These files are also checked when any of the following tags are set to list:
get_access
index_access
info_access
intro_access
which_access
who_access
You cannot create these files unless you have access to the machine running resend. This mechanism will be replaced in a future version of Majordomo.
Click on Submit.
To change the address processing parameters for a Majordomo mailing list, follow these steps:
From the Administration utility Main menu, choose Manage Components.
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select mailing list you want to modify from the Existing Mailing Lists list.
From the Modify Majordomo Mailing List menu, choose Modify Address Processing Parameters.
When Assume Domain is Synonym for Hostname (mungedomain) is set to Yes, addresses of the form user@host.domain.name are considered equivalent to addresses of the form user@domain.name. This allows a user to subscribe to a list using the domain address rather than the address assigned to a particular machine in the domain. This field affects the interpretation of addresses for subscribe, unsubscribe, and all private options.
The value you enter in the Hostname Appended to Address Strings When Resent (resend_host) field is the host name that is appended to all address strings specified for resend.
When Remove Comments from Addresses on the List (strip) is set to Yes, only the raw e-mail address is added to the list file; extraneous text and comments are stripped off. If the file .strip exists, it is the same as setting this field to Yes.
Click on Submit.
To delete a Majordomo list, follow these steps:
Under Mail on the Manage Components menu, choose Majordomo Mailing Lists.
Select one or more list names from the Existing Mailing Lists list.
Click on Delete.
Verify your choices and click on Submit.
The Administration utility confirms the deletion on a separate page.
Mailman is used to manage mailing and e-newsletter lists. The Web facility provided for Mailman makes the account/list management easy. Users can use the Web facility to perform activities such as subscribe/unsubscribe, view the members of the list, and post a message. List administrators can use the Web facility for wide range of operations including archiving, membership management, language options, and handling moderator requests.
Administrative activities are carried out by a list administrator or moderator for a mailing list. These activities include lists creation, list membership management and administrative options. For additional information, see the Mailman documentation located at http://usr/internet/docs/mailman directories.
The following sections describe these topics:
Create a mailing list (Section : Create a Mailing List)
Delete a mailing list (Section : Deleting a Mailing List)
Access the List Management screen to perform list mangement activities (Section : Managing Mailing Lists)
Use scripts (Section : Mailman Scripts)
Mailman log files (Section : Mailman Log Files)
The Mailman administration page is used for list creation. To create a list:
To access Mailman from the Internet Express Administration utility, choose Mailman Mailing Lists.
Alternatively, access the Mailman administration page directly by entering http://hostname:port-number/mailman/admin in your Web browser.
The Mailman Administration welcome menu is displayed.
To create a new list, click on create a new mailing list.
A confirmation screen is displayed, with options for proceeding to the list administration page or to create another list.
The list owner will receive a mail describing the list created and the list password. The root account will receive mail describing the created list.
The /var/adm/sendmail/aliases file must be updated as described in the received mail.
The newlist script creates the mailman mailing list. This list is the one from which password reminders will appear to originate. Execute the following command and follow the prompts:
|
# cd /usr/internet/mailman # bin/newlist mailman Enter the email of the person running the list: user@yourhost.adomain.com Initial mailman password: |
|
The administrative pages for Mailman are accessed using the following URL: http://:yourhostname.adomain.com:8081/mailman
When a list is created, the list owner will receive a welcome note informing the URL to visit for administrative activities along with the list password. The URL has the following format:
|
|
http://hostname/mailman/admin/listname
The screen will prompt for the list administrator's password. Enter it in the blank and then click the button to access the Mailing List Administration menu (Figure 5-4). If a list password is misplaced, only the system administrator can reset it.
The Mailing List Administration menu enables the list adminstrator to set a variety of configuration options. To set an option:
The installation of Mailman sets up a group of crontab entries, host definitions, and alias definitions that are used by the package. The site-wide password needs to be set using the mmsitepass script:
|
# su - mailman $ bin/mmsitepass newpass |
|
The Mailman environment can be started and stopped by the following commands.
|
/usr/internet/mailman/scripts/mailman start
|
|
|
/usr/internet/mailman/scripts/mailman stop
|
|
Bogofilter is a Bayesian spam filter. In its normal mode of operation, it takes an email message or other text on standard input, does a statistical check against lists of good and bad words, and returns a status code indicating whether or not the message is spam. Bogofilter is designed with a fast algorithm, uses the Berkeley DB for fast startup and lookups, is coded directly in C, and is tuned for speed, so it can be used for production by sites that process a lot of mail.
The bogofilter related commands are part of the sendmail setld subset (IAESMTP). If this subset is installed, the various bogofilter user level commands (bogofilter, bogolexer, bogoupgrade, and bogoutil) have been installed. The commands are located in the /usr/local/bin directory.
| bogofilter(1) - Fast Bayesian spam filter |
| bogolexer(1) - Utility program for separating email messages into tokens |
| bogoupgrade(1) - Upgrades bogofilter database to current version |
| bogoutil(1) - Dumps, loads, and maintains bogofilter database files |
Bogofilter must be trained before it can be used as a spam filter mechanism. Users must start by saving their delivered e-mail into two groups: spam e-mail messages and valid e-mail messages.
The saved group of spam messages is first fed to bogofilter for registration. As each message is read, bogofilter breaks down the message into word tokens, and uses this input to score and then populate its database, marking each item as spam related. The following command is used to register a set of spam messages collected in mbox:
$ bogofilter -s -M mbox # spam messages
Second, the non-spam message group is fed to bogofilter. Again, each message is broken down into word tokens, scored and recorded in the bogofilter database as non-spam. The following command is used to register a set of non-spam messages collected in mbox:
$ bogofilter -n -M mbox # non-spam messages
At the end of each training run, bogofilter saves its updated database in a file called .bogofilter/wordlist.db.
Over the course of time, spam message content will change. Periodic training runs with new spam and valid message sets are necessary to keep bogofilter's internal database current.
Once the bogofilter database has been primed, the command can be used to filter new messages. When a mail text message is filtered using a bogofilter trained database, bogofilter will return a value of 0 for spam, 1 for non-spam, 2 for unsure, and 3 for I/O or other errors. Here is an example:
You can use the bogofilter command line to set many options that determine how bogofilter operates (see bogofilter(1) for more details). The file /usr/internet/etc/bogofilter.cf can be used to set additional parameters that affect its operation. In the file /usr/internet/etc/bogofilter.cf.example are samples of all of the parameters. Status and logging messages can be customized.
The following sections describe how bogofilter can be integerated with other e-mail tools.
The following procmail rule will take mail on stdin and save it to file spam if bogofilter thinks it is spam:
|
|
|
This similar rule will also register the tokens in the mail according to the bogofilter classification:
|
|
|
If bogofilter fails (returning 3) the message will be treated as non-spam.
The following recipe accomplishes the following:
Spam-bins anything that bogofilter rates as spam
Registers the words in messages rated as spam as such
Registers the words in messages rated as non-spam as such
With this in place, it will normally only be necessary for the user to intervene (with -Ns or -Sn) when bogofilter miscategorizes something.
|
|
|
The following .muttrc lines will create mutt macros for dispatching mail to bogofilter.
|
|
|
Using bogofilter with Pine involves the following setup process.
First, enable the UNIX pipe commands in your Pine configuration file. From Pine's main menu:
Enter S (Setup)
Enter C (Config)
Go to the list under Advanced Command Preferences and use the down-arrow key to highlight enable-unix-pipe-cmd.
If necessary, "set" this preference by entering X.
Enter E (Exit Setup)
Enter Y (Save Changes)
Then, edit your ~/.procmailrc file and add the following lines:
|
|
|
Then, bogofilter still needs to be trained to differentiate spam and non-spam messages.
While executing Pine, open your INBOX (or the folder where you save incoming messages) and for each spam message highlight the message in the message index, press the | key, and enter bogofilter -s.
For each non-spam message: highlight the message in the message index, press the | key and enter bogofilter -n.
Bogofilter can also be integrated into any MTA to filter all incoming mail. While the specific implementation is MTA dependent, the general steps are as follows:
Install bogofilter on the mail server.
Prime the bogofilter databases with a spam and non-spam corpus. Since bogofilter will be serving a larger community, it is important to prime it with a representative set of messages.
Set up the MTA to invoke bogofilter on each message. While this is an MTA specific step, you'll probably need to use the -p, -u, and -e options.
Set up a mechanism for users to register spam/non-spam messages, as well as to correct misclassifications. The most generic solution is to set up alias email addresses to which users bounce messages.
For sendmail integration, follow the procmail example from Section : Using Bogofilter with procmail.