From: Paul Pomes Date: Fri Sep 4 13:57:55 CDT 1992 Subject: How to fix a cranky SUN sendmail system -------- (Comments welcome) How to Fix a Cranky SUN Mail System. 1) Kill the existing sendmail daemon process. ps waux | grep sendmail kill where is the process id of the daemon. 2) Replace the default sendmail executable with the SUN-supplied version that understands use of the DNS. Zap any frozen config file present. cd /usr/lib cp sendmail sendmail.nomx chmod 755 sendmail.nomx cp sendmail.mx sendmail chmod 4511 sendmail rm -f /usr/lib/sendmail.fc /etc/sendmail.fc /etc/mail/sendmail.fc 3) Establish a /etc/resolv.conf file to direct DNS queries to a server. The values of "domain" and the "nameserver" lines depends critically on where you are. At the University of Illinois the value of domain is typically your department or office name combined with "uiuc.edu". Long names, e.g., Personnel Services Office, are typically abbreviated (pso.uiuc.edu). Examples: math.uiuc.edu, life.uiuc.edu, ncsa.uiuc.edu. Some institutions have a one domain fits all name. An example of this is the US Army Corps of Engineers, Construction Engineering Research Lab locally known as US Army CERL. Army policy specifies that domain names must use their official acronym with the "army.mil" domain. So CERL's domain name is "cecer.army.mil". Adding a fourth domain to distinguish internal departments and divisions would have made the names overly long. Thus all CERL hosts are named foo.cecer.army.mil. Selecting nameservers must be done in consultation with your local network expert. At the University of Illinois (and ONLY here please) the following values can be used. domain foo.uiuc.edu (replace foo with your official domain) nameserver 128.174.5.59 nameserver 128.174.5.50 nameserver 128.174.5.58 At US Army CERL, use the following: domain cecer.army.mil nameserver 129.229.20.254 nameserver 129.229.1.5 N.B., SUN's resolver code is based on BIND v4.8.1 and suffers from several problems. Chief among those is zero fault tolerance. If the first listed nameserver is unreachable or dead, the resolver won't try any of the subsequently listed servers. Re-compiling both sendmail and libresolv.a from modern sources is the only fix for this. 4) Copy the "main" sendmail.cf base file to sendmail.cf. Under SUN-OS 4.X use cp /usr/lib/sendmail.main.cf /etc/sendmail.cf Under SUN-OS 5.X use cd /etc/mail cp main.cf sendmail.cf Now that the base work has been done you have a choice: death or chi-chi. No, that's another sick joke. Let's stick to SUNs and retain what shreds of dignity we can. Onward. The next set of steps involve changes to the sendmail.cf file. Invoke the editor of your choice on /etc/sendmail.cf or /etc/mail/sendmail.cf. 5) Change the value of the $j greeting macro. Macros are defined with lines beginning with 'D'. Thus the $j macro is defined on a line beginning with 'Dj'. Change sendmail.cf (nee main.cf) to look like # my official hostname # You have two choices here. If you want the gateway machine to identify # itself as the DOMAIN, use this line: #Dj$m # If you want the gateway machine to appear to be INSIDE the domain, use: #Dj$w.$m # Unless you are using sendmail.mx (or have a fully-qualified hostname), use: Dj$w (Comment out the Dj$m entry and enable the Dj$w entry.) 6) Select the proper mailer for forwarding to a smarter relay. In the case of a site connected to the Internet, this is the "ddn" mailer. Change to: # major relay mailer - typical choice is "ddn" if you are on the # Defense Data Network (e.g. Arpanet or Milnet) #DMsmartuucp DMddn 7) Select the smarter relay to handle messages to unknown destinations. This MUST be selected on a per-site basis. At the University of Illinois *ONLY* # major relay host: use the $M mailer to send mail to other domains DRux1.cso.uiuc.edu CRux1.cso.uiuc.edu At the US Army CERL *ONLY* # major relay host: use the $M mailer to send mail to other domains DRmax.cecer.army.mil CRmax.cecer.army.mil 8) Configure your domain names. Replace the foo.bar.uiuc.edu names below with your host's FQDN. ################################################# # # General configuration information ... # Example: (bogus examples, ignore) # DmCS.Podunk.EDU # Cm cs cs.Podunk.EDU Dwfoo.bar.uiuc.edu Dmfoo.bar.uiuc.edu 9) Change the ddn mailer rules in ruleset 0 according to the comments there. Ruleset 0 is labelled by a line containing only "S0". About 40 lines further down are the following rulesets. # Pass other valid names up the ladder to our forwarder #R$*<@$*.$=T>$* $#$M $@$R $:$1<@$2.$3>$4 user@domain.known # Replace following with above to only forward "known" top-level domains #R$*<@$*.$+>$* $#$M $@$R $:$1<@$2.$3>$4 user@any.domain # if you are on the DDN, then comment-out both of the the lines above # and use the following instead: R$*<@$*.$+>$* $#ddn $@ $2.$3 $:$1<@$2.$3>$4 user@any.domain Follow the comments and comment out the second rule that forwards only "known" domains and enable the following rule that uses the "ddn" mailer. Write the sendmail.cf file back out and leave the editor. Now test the changes by using sendmail in test mode. 10) Test address recognition. Invoke sendmail in address test mode: /usr/lib/sendmail -bt Run the following address forms through one at a time. The leading 0 is the starting ruleset. Each address should resolve to "user" using the "local" mailer. Replace "foo" and "bar.uiuc.edu" with the name of your host and domain. 0 user 0 user@foo 0 user@foo.bar.uiuc.edu 11) Verify out-going addresses are correct. Use the -v option to Berkeley mail to check that the return addresses are correct. If -v doesn't work with your mailer, use sendmail direct. Mail -v nobody@ucbvax.berkeley.edu < /dev/null or /usr/lib/sendmail -v nobody@ucbvax.berkeley.edu < /dev/null 12) Fire up sendmail in daemon mode. /usr/lib/sendmail -bd -q1h 13) Test in-bound mail. From another host, verify that mail sent to a user that has no forwarding set up, either via /etc/aliases or .forward file, actually arrives. Telnet to the SMTP port and verify that the greeting message uses the fully qualified domain name. telnet foo.bar.uiuc.edu 25 quit