|
|
HP-UX Mailing Services Administrator's Guide: HP-UX 11i v1 and HP-UX 11i v2 > Chapter 2 Configuring
and Administering SendmailModifying the Default Sendmail Configuration File |
|
The Sendmail configuration file that is supplied with HP-UX works correctly for most Sendmail configurations, so you probably do not need to modify the configuration file. However, certain modifications to the file are supported. This section describes examples of modifications that you may want to make. The configuration file also contains instructions for making the supported modifications. This section discusses the following topics: The Sendmail configuration file, /etc/mail/sendmail.cf, performs the following functions:
The default configuration file, sendmail.cf, is located in the /usr/newconfig/etc/mail/sendmail.cf directory, and is installed in the /etc/mail/sendmail.cf directory. HP recommends that you leave a copy of the configuration file in the /usr/newconfig directory unmodified, in case you need to reinstall the default configuration settings. To modify the configuration settings in the /etc/mail/sendmail.cf file, perform the following steps:
Issue the following commands, on a standalone system or on the mail server, to restart Sendmail:
You must restart Sendmail if changes are made to any of the following: This section describes Sendmail configuration options. This option restricts the maximum message (in bytes) that sendmail will accept from a remote system. If a message larger that this limit is originated form the local system, the message will be truncated to the limit. To enable this feature uncomment the line: O MaxMessageSize=100000 Mail that is being sent to a domain other than the sender’s domain can be forwarded to a mail gateway. To have nondomain mail forwarded to a mail gateway, edit the DS line in the /etc/mail/sendmail.cf file to specify the host name of the mail gateway:
You can set a limit for the mail header. The maximum header length by default is 32768. To change the mail header length:
If a mail header exceeds the maximum value, the following error message is displayed to the sender:
By default, the maximum number of recipients is 100. You can limit the number of users allowed to receive a single mail message. This helps to prevent the flow of spam on the mail server.
After a message has been sent to the maximum number of recipients allowed, Sendmail sends the error message 452 Too many recipients to the sender of the message. This will work only when all the recipients of the mail message have their mailboxes on the same machine.
Use this option to control the maximum size of a memory-buffered data (df) file before using a disk-based file. The default setting for this option is:
Use this option to control the maximum size of a memory-buffered (xf) transcript before using a disk-based file. The default setting for this option is:
You can specify the maximum depth of an alias recursion in the sendmail.cf file using this option. The default setting for this option is:
You can define the location of the ProcessId (Pid) file using this option. The default setting for this option is:
/etc/mail/sendmail.pid is taken as the default file if this option is not set. If you choose a directory other than /etc/mail for the pid file, ensure that the directory has the same write permissions as those of /etc/mail. You can specify the prefix string for the process title shown in the ps listings using this option. By default, this option is commented. For example, if you set this option in the sendmail.cf file as:
the command ps -ef | grep sendmail | grep -v grep displays sendmail: accepting connections in the output. You can use this option to specify a user who can own important files instead of root. This option necessitates fchown. The default setting for this option is:
You can set the size of the MIME headers and parameters within those headers using this option. You can also use this to protect Mail User Agents (MUA) from buffer overflow attacks. The default setting for this option is unlimited, as shown in the following example:
Use this option to specify the location of the system-wide dead.letter file, which was formerly hardcoded to /var/tmp/dead.letter. The default setting for this option in this version is:
Sendmail does not save mail anywhere if this option is not set. Following are the options that you can configure in Sendmail using the /usr/newconfig/etc/mail/cf/cf/gen_cf script:
This option is equivalent to selecting the following /usr/newconfig/etc/mail/cf/cf/gen_cf script options while generating the /usr/newconfig/etc/mail/cf/cf/sendmail.cf.gen file:
This option generates a sendmail.cf file which is identical to the default sendmail.cf available in the /usr/newconfig/etc/mail/ directory. If this option is used with mutually exclusive options, this option does not turn OFF the relay. The other options take precedence over the RELAY OFF option. Setting this option, will allow any host in your domain as defined by the m class macro ($=m) to relay. By default, only hosts listed as RELAY in the access db file will be allowed to relay. Setting this option, will turn ON the ability to allow relaying based on the MX records of the host portion of an incoming recipient; that is, if an MX record for host foo.com points to your site, you will accept and relay mail addressed to foo.com. This option changes the behavior of the access database and class R macro to lookup individual host names only. By default, names that are listed as RELAY in the access database file and the class R ($=R) macro are domain names, and not host names. The access database (db) is a user-defined file to decide the domains from which you want to receive or reject mail messages. The entries in the access db file are either domain names, IP addresses, hosts names, or e-mail addresses. Every line of the access db file has a key and a value pair. The key can be an IP address, a domain name, a hostname, or an e-mail address. The value part of the database can contain the following values:
The default access db file is /etc/mail/access. You have to make a direct modification to /etc/mail/sendmail.cf if you want to use a non-standard access database filename.
This option allow Sendmail to relay mail messages when the sender of the mail message is a valid user on that machine. Consider a valid user abc on host 1. A user cbz on host 2 can connect to host 1 as user abc and send mail to another user xyz on host 3. This means that host 1 is now acting as a local relay agent. You must enable this option only if absolutely necessary because it opens a window for spammers. Specifically, spammers can send mail to your mail server that claims to be from your domain (either directly or through a routed address), and you can then go ahead and relay it out to arbitrary hosts on the Internet. This feature enables Sendmail to block incoming mail messages destined to certain recipient user names, host names, or addresses. This feature also restricts you from sending mail messages to addresses with an error message or REJECT value in the access database file. For example, if you have the following entries in the access database file:
These entries prevent a recipient of badlocaluser@mydomain.com, any user at host.mydomain.com, and the single address user@otherhost.mydomain.com from receiving mail.
The entries in the access db file indicate that Sendmail cannot send mail messages to spammer@aol.com or to the domain cyberspammer.com. Setting this option, allows Sendmail to accept all those MAIL FROM: parameters that are not fully qualified, that is, if the host portion of the argument to MAIL FROM: command cannot be located in the host name service (for example, DNS). This option allows Sendmail to accept all those MAIL FROM: parameters where the mail address of the sender does not include a domain name. Normally, MAIL FROM: commands in the SMTP session are refused if the connection is a network and the sender address does not include a domain name. Setting this option, turns ON the rejection of hosts found in the Realtime Blackhole List. The default list is maintained on the server $def_rbl. This option has now been deprecated. This option turns off the default behavior of rechecking all those recipients using the % addressing. For example, if the recipient address is user%site@othersite, the default behavior without the loose_relay_check option is that Sendmail will check if any othersite is an allowed relay host specified in either class R macro or the access db file. If a site is an allowed relay host, the check_rcpt ruleset strips @othersite and checks user@site for relaying. Sendmail does not recheckif this option is set to ON. This option is not required for most installations. This option allows your mail server to relay any received mails. You must be careful before enabling this option. You can use this option to generate the configuration file without the DaemonPortOptions option for the Message Submission Agent (MSA) daemon. If you use this option, the sendmail.cf configuration file will not contain the following line:
The dnsbl option avoids the possible confusion between RealtimeBlackhole List and other DNS-based Blacklist servers, such as ORBS. It takes the name of the Blacklist server and also an optional rejection message as arguments. You can include dnsbl multiple times in the sendmail.cf file, thereby allowing sites to subscribe to multiple Blacklist servers. The Blacklist server verifies the IP address of the incoming connection and rejects all the SMTP commands if the address is blacklisted. An error message is also displayed. You can use this option to facilitate relaying through a user machine. The sender name, which is listed as RELAY in the access map (tagged with From:), can be specified using this option. The domain portion of the mail sender is also checked when the optional argument domain is provided. This option delays the anti-spam checks by Sendmail until it issues the SMTP RCPT command. Mail from certain addresses that might have been blocked by other anti-spam checks are received. In these cases, deferred checks are not done. By using delay_checks, the rulesets check_mail and check_relay are not called when a client connects or issues a MAIL command, respectively. Instead, those rulesets are called by the check_rcpt ruleset; they are skipped if a sender has been authenticated using a trusted mechanism, for example, one that is defined via the list of AuthMechanisms. If check_mail returns an error, the RCPT TO command is rejected with that error. If it returns some other result starting with $#, then check_relay is skipped. If the sender address (or a part of it) is listed in the access map and it has a RHS of OK or RELAY, then check_relay is skipped. You can use this option to implement the LDAP-based email recipient routing. This provides a method for rerouting addresses with a domain portion in class {LdapRoute} either to a different mail host or to a different address. For more information, see “LDAP-Based Routing”. This option includes a "mailer table" which can be used to override routing for particular domains (which are not in local host names). If the genericstable is enabled and GENERICS_DOMAIN or GENERICS_DOMAIN_FILE is used, this feature will cause addresses to be searched in the map if their domain parts are subdomains of elements in class {G}. For more information, see “Creating Domain-Specific Aliasing Using Virtual Hosting”. If the virtusertable is enabled and VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE is used, this feature will cause addresses to be searched in the map if their domain parts are subdomains of elements in class {VirtHost}. For more information, see “Creating Domain-Specific Aliasing Using Virtual Hosting”. Include a "domain table" which can be used to provide domain name mapping. Use of this should really be limited to your own domains. It may be useful if you change names (for example, your company changes names from oldname.com to newname.com). This option generates a sendmail.cf file without the check_compat ruleset. You can send mail messages, but you cannot receive them. You must set the SENDMAIL_SENDONLY flag in /etc/rc.config.d/mailservs file to 1 in order to use the send_only feature. This option generates a sendmail.cf file with a new set of rules called check_compat. You can receive mail messages, but you cannot send them. The following are added in the /etc/rc.config.d/mailservs file:
|
|