Understanding Sendmail/Cyrus-imap installation... AAAAAHHHHH!!!
Mark Weaver
mdw1982 at mdw1982.com
Wed Jan 19 14:11:10 UTC 2005
James Wilkinson wrote:
> Mark Weaver wrote:
>
>>I'm in the process of changing my web / mail server over to FC3. In the
>>past I've been using a good old solid distro of Mandrake 8.2, but
>>decided to give FC3 a try. I was instantly rewarded by finding that FC3
>>is much faster and more responsive on the 500Mhz machine its now
>>installed on. Everything was a breeze to setup.. that is of course until
>>I got to the Sendmail/Cyrus Imap setup. GOOD GOD!!! I'm ready to pull my
>>hair out!
>
>
> Were you using Cyrus on Mandrake?
>
> How many users do you have? Given that it's a web server *and* a mail
> server, and stil 500 MHz (I know, you shouldn't need that much CPU power
> for either job...), Cyrus may not be the right option for you.
>
> You may find Dovecot a much easier ride for small servers, and more what
> you're used to. Cyrus is ... different.
>
> James.
>
Ok... Dovecot is running and being very agreeable. However, since I have
been away from Sendmail for such a long time I need a little help joggin
the memory. Its a given that I'm going to have to recompile the sendmail
config file... I'm just not sure exactly which setting needs tweaked to
allow SMTP connections for my LAN. (192.168.0.0) below is the contents
of the system's current Sendmail.mc file:
Other divert(-1)dnl
Other dnl #
Other dnl # This is the sendmail macro config file for m4. If you make
changes to
Other dnl # /etc/mail/sendmail.mc, you will need to regenerate the
Other dnl # /etc/mail/sendmail.cf file by confirming that the
sendmail-cf package is
Other dnl # installed and then performing a
Other dnl #
Other dnl # make -C /etc/mail
Other dnl #
Other include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
Other VERSIONID(`setup for Red Hat Linux')dnl
OS Type OSTYPE(`linux')dnl
Other dnl #
Other dnl # default logging level is 9, you might want to set it
higher to
Other dnl # debug the configuration
Other dnl #
Other dnl define(`confLOG_LEVEL', `9')dnl
Other dnl #
Other dnl # Uncomment and edit the following line if your outgoing mail
needs to
Other dnl # be sent out through an external mail server:
Other dnl #
Other dnl define(`SMART_HOST',`smtp.your.provider')
Other dnl #
Define define(`confDEF_USER_ID',``8:12'')dnl
Other dnl define(`confAUTO_REBUILD')dnl
Define define(`confTO_CONNECT', `1m')dnl
Define define(`confTRY_NULL_MX_LIST',true)dnl
Define define(`confDONT_PROBE_INTERFACES',true)dnl
Define define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
Define define(`ALIAS_FILE', `/etc/aliases')dnl
Define define(`STATUS_FILE', `/var/log/mail/statistics')dnl
Define define(`UUCP_MAILER_MAX', `2000000')dnl
Define define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
Define define(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,restrictqrun')dnl
Define define(`confAUTH_OPTIONS', `A')dnl
Other dnl #
Other dnl # The following allows relaying if the user authenticates,
and disallows
Other dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
Other dnl #
Other dnl define(`confAUTH_OPTIONS', `A p')dnl
Other dnl #
Other dnl # PLAIN is the preferred plaintext authentication method and
used by
Other dnl # Mozilla Mail and Evolution, though Outlook Express and
other MUAs do
Other dnl # use LOGIN. Other mechanisms should be used if the
connection is not
Other dnl # guaranteed secure.
Other dnl # Please remember that saslauthd needs to be running for AUTH.
Other dnl #
Other dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
Other dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5
CRAM-MD5 LOGIN PLAIN')dnl
Other dnl #
Other dnl # Rudimentary information on creating certificates for
sendmail TLS:
Other dnl # cd /usr/share/ssl/certs; make sendmail.pem
Other dnl # Complete usage:
Other dnl # make -C /usr/share/ssl/certs usage
Other dnl #
Other dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
Other dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
Other dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
Other dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
Other dnl #
Other dnl # This allows sendmail to use a keyfile that is shared with
OpenLDAP's
Other dnl # slapd, which requires the file to be readble by group ldap
Other dnl #
Other dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
Other dnl #
Other dnl define(`confTO_QUEUEWARN', `4h')dnl
Other dnl define(`confTO_QUEUERETURN', `5d')dnl
Other dnl define(`confQUEUE_LA', `12')dnl
Other dnl define(`confREFUSE_LA', `18')dnl
Define define(`confTO_IDENT', `0')dnl
Other dnl FEATURE(delay_checks)dnl
Feature FEATURE(`no_default_msa',`dnl')dnl
Feature FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
Feature FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
Feature FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
Feature FEATURE(redirect)dnl
Feature FEATURE(always_add_domain)dnl
Feature FEATURE(use_cw_file)dnl
Feature FEATURE(use_ct_file)dnl
Other dnl #
Other dnl # The following limits the number of processes sendmail can
fork to accept
Other dnl # incoming messages or process its message queues to 12.)
sendmail refuses
Other dnl # to accept connections once it has reached its quota of
child processes.
Other dnl #
Other dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
Other dnl #
Other dnl # Limits the number of new connections per second. This caps
the overhead
Other dnl # incurred due to forking new sendmail processes. May be
useful against
Other dnl # DoS attacks or barrages of spam. (As mentioned below, a
per-IP address
Other dnl # limit would be useful but is not available as an option at
this writing.)
Other dnl #
Other dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
Other dnl #
Other dnl # The -t option will retry delivery if e.g. the user runs
over his quota.
Other dnl #
Feature FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
Feature FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
Feature FEATURE(`blacklist_recipients')dnl
Other EXPOSED_USER(`root')dnl
Other dnl #
Other dnl # The following causes sendmail to only listen on the IPv4
loopback address
Other dnl # 127.0.0.1 and not on any other network devices. Remove the
loopback
Other dnl # address restriction to accept email from the internet or
intranet.
Other dnl #
Other DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Other dnl #
Other dnl # The following causes sendmail to additionally listen to
port 587 for
Other dnl # mail from MUAs that authenticate. Roaming users who can't
reach their
Other dnl # preferred sendmail daemon due to port 25 being blocked or
redirected find
Other dnl # this useful.
Other dnl #
Other dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
Other dnl #
Other dnl # The following causes sendmail to additionally listen to
port 465, but
Other dnl # starting immediately in TLS mode upon connecting. Port 25
or 587 followed
Other dnl # by STARTTLS is preferred, but roaming clients using Outlook
Express can't
Other dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY
use STARTTLS
Other dnl # and doesn't support the deprecated smtps; Evolution <1.1.1
uses smtps
Other dnl # when SSL is enabled-- STARTTLS support is available in
version 1.1.1.
Other dnl #
Other dnl # For this to work your OpenSSL certificates must be
configured.
Other dnl #
Other dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
Other dnl #
Other dnl # The following causes sendmail to additionally listen on the
IPv6 loopback
Other dnl # device. Remove the loopback address restriction listen to
the network.
Other dnl #
Other dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6,
Family=inet6')dnl
Other dnl #
Other dnl # enable both ipv6 and ipv4 in sendmail:
Other dnl #
Other dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6,
Family=inet6')
Other dnl #
Other dnl # We strongly recommend not accepting unresolvable domains if
you want to
Other dnl # protect yourself from spam. However, the laptop and users
on computers
Other dnl # that do not have 24x7 DNS do need this.
Other dnl #
Feature FEATURE(`accept_unresolvable_domains')dnl
Other dnl #
Other dnl FEATURE(`relay_based_on_MX')dnl
Other dnl #
Other dnl # Also accept email sent to "localhost.localdomain" as local
email.
Other dnl #
Other LOCAL_DOMAIN(`localhost.localdomain')dnl
Other dnl #
Other dnl # The following example makes mail from this host and any
additional
Other dnl # specified domains appear to be sent from mydomain.com
Other dnl #
Other dnl MASQUERADE_AS(`mydomain.com')dnl
Other dnl #
Other dnl # masquerade not just the headers, but the envelope as well
Other dnl #
Other dnl FEATURE(masquerade_envelope)dnl
Other dnl #
Other dnl # masquerade not just @mydomainalias.com, but
@*.mydomainalias.com as well
Other dnl #
Other dnl FEATURE(masquerade_entire_domain)dnl
Other dnl #
Other dnl MASQUERADE_DOMAIN(localhost)dnl
Other dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
Other dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
Other MASQUERADE_DOMAIN(mail.mdw1982.com)dnl
Mailer MAILER(smtp)dnl
Mailer MAILER(procmail)dnl
While I wait I'll google the error response of the SMTP service as I've
been scolded earlier for "not" doing just to make sure I've got
everything covered. 8-)
thanks,
--
Mark
"If you have found a very wise man, then you've found
a man that at one time was an idiot and lived long enough
to learn from his own stupidity."
More information about the fedora-list
mailing list