Custom Search
|
|
Custom Search
|
I switched to handwritten notes after printing this page, so it's
very incomplete. Read everything that comes with the current
version, especially op.txt.
Most of this is copied verbatim.
========================
makemap -v = verbose!
========================
sendmail.cf options are defined in op.txt
========================
PostmasterCopy=postmaster
[P] If set, copies of error messages will be
sent to the named postmaster.
========================
PrivacyOptions=opt,opt,...
[p] Set the privacy options. ``Privacy'' is
really a misnomer; many of these are just a
way of insisting on stricter adherence to
the SMTP protocol. The options can be
selected from:
public Allow open access
needmailhelo Insist on HELO or EHLO command before MAIL
needexpnhelo Insist on HELO or EHLO command before EXPN
noexpn Disallow EXPN entirely, implies noverb.
needvrfyhelo Insist on HELO or EHLO command before VRFY
novrfy Disallow VRFY entirely
noetrn Disallow ETRN entirely
noverb Disallow VERB entirely
restrictmailq Restrict mailq command
restrictqrun Restrict -q command line flag
restrictexpand Restrict -bv and -v command line flags
noreceipts Don't return success DSNs20
nobodyreturn Don't return the body of a message with DSNs
goaway Disallow essentially all SMTP status queries
authwarnings Put X-Authentication-Warning: headers in messages
and log warnings
The "goaway" pseudo-flag sets all flags
except "noreceipts", "restrictmailq",
"restrictqrun", "restrictexpand", "noetrn",
and "nobodyreturn". If mailq is restricted,
only people in the same group as the queue
directory can print the queue. If queue
runs are restricted, only root and the owner
of the queue directory can run the queue.
The "restrictexpand" pseudo-flag instructs
sendmail to drop privileges when the -bv
option is given by users who are neither
root nor the TrustedUser so users cannot
read private aliases, forwards, or :include:
files. It will add the "NonRootSafeAddr" to
the "DontBlameSendmail" option to prevent
misleading unsafe address warnings. It also
overrides the -v (verbose) command line
option to prevent information leakage.
Authentication Warnings add warnings about
various conditions that may indicate
attempts to spoof the mail system, such as
using a non-standard queue directory.
========================
one way to specify a message sub-
mission agent (MSA) that always requires
authentication is:
O DaemonPortOptions=Name=MSA, Port=587, M=Ea
New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off
using/offering STARTTLS when delivering/receiving e-mail.
a always require authentication
b bind to interface through which mail has been received
c perform hostname canonification (.cf)
f require fully qualified hostname (.cf)
u allow unqualified addresses (.cf)
A disable AUTH (overrides 'a' modifier)
C don't perform hostname canonification
E disallow ETRN (see RFC 2476)
O optional; if opening the socket fails ignore it
S don't offer STARTTLS
The modifiers that are marked with "(.cf)"
have only effect in the standard configura-
tion file, in which they are available via
${daemon_flags}. Notice: Do not use the
``a'' modifier on a public accessible MTA!
It should only be used for a MSA that is
accessed by authorized users for initial
mail submission. Users must authenticate to
use a MSA which has this option turned on.
The flags ``c'' and ``C'' can change the
default for hostname canonification in the
sendmail.cf file. See the relevant documen-
tation for FEATURE(nocanonify). The modi-
fier ``f'' disallows addresses of the form
user@host unless they are submitted
directly. The flag ``u'' allows unqualified
sender addresses, i.e., those without @host.
``b'' forces sendmail to bind to the inter-
face through which the e-mail has been
received for the outgoing connection. WARN-
ING: Use ``b'' only if outgoing mail can be
routed through the incoming connection's
interface to its destination. No attempt is
made to catch problems due to a misconfigu-
ration of this parameter, use it only for
virtual hosting where each virtual interface
can connect to every possible location.
This will also override possible settings
via ClientPortOptions. Note, sendmail will
listen on a new socket for each occurence of
the DaemonPortOptions option in a configura-
tion file. The modifier ``O'' causes send-
mail to ignore a socket if it can't be
opened. This applies to failures from the
socket(2) and bind(2) calls.
========================
Forcing the Queue
In some cases you may find that the queue has gotten clogged for some reason. You can force a queue run using the -q flag (with no value). It is entertaining to use the -v flag (verbose) when this is done to watch what happens:
/usr/sbin/sendmail -q -v
======================
Logging Traffic
Many SMTP implementations do not fully implement the protocol. For example, some personal computer based SMTPs do not understand continuation lines in reply codes. These can be very hard to trace. If you suspect such a problem, you can set traffic logging using the -X flag. For example,
/usr/sbin/sendmail -X /tmp/traffic -bd
will log all traffic in the file /tmp/traffic.
This logs a lot of data very quickly and should NEVER be used during normal operations. After starting up such a daemon, force the errant implementation to send a message to your host. All message traffic in and out of sendmail, including the incoming SMTP traffic, will be logged in this file.
=====================
1.3.4. /usr/bin/newaliases
The newaliases command should just be a link
to sendmail:
rm -f /usr/bin/newaliases
ln -s /usr/sbin/sendmail /usr/bin/newaliases
This can be installed in whatever search path you
prefer for your system.
1.3.5. /usr/bin/hoststat
The hoststat command should just be a link to
sendmail, in a fashion similar to newaliases. This
command lists the status of the last mail transac-
tion with all remote hosts. The -v flag will pre-
vent the status display from being truncated. It
functions only when the HostStatusDirectory option
is set.
1.3.6. /usr/bin/purgestat
This command is also a link to sendmail. It
flushes expired (Timeout.hoststatus) information
that is stored in the HostStatusDirectory tree.
1.3.8. /var/spool/mqueue/.hoststat
This is a typical value for the HostStatusDi-
rectory option, containing one file per host that
this sendmail has chatted with recently. It is
normally a subdirectory of mqueue.
==========================
The contents of the queue can be printed using the mailq command (or by specifying the -bp flag to sendmail):
mailq
This will produce a listing of the queue id's, the size of the message, the date the message entered the queue, and the sender and recipients.
==========================
one of the startup files, typically
"/etc/init.d/sendmail":
if [ -f /usr/sbin/sendmail -a -f /etc/mail/sendmail.cf ]; then
(cd /var/spool/mqueue; rm -f xf*)
/usr/sbin/sendmail -bd -q30m &
echo -n ' sendmail' >/dev/console
fi
The "cd" and "rm" commands insure that all tran-
script files have been removed; extraneous tran-
script files may be left around if the system goes
down in the middle of processing a message. The
line that actually invokes sendmail has two flags:
"-bd" causes it to listen on the SMTP port, and
"-q30m" causes it to run the queue every half hour.
===============
1.3.12. /etc/mail/statistics
If you wish to collect statistics about your
mail traffic, you should create the file
"/etc/mail/statistics":
cp /dev/null /etc/mail/statistics
chmod 644 /etc/mail/statistics
This file does not grow. It is printed with the
program "mailstats/mailstats.c." The actual path
of this file is defined in the S option of the
sendmail.cf file.
---
StatusFile=file
[S] Log summary statistics in the named
file. If no file name is specified,
"statistics" is used. If not set, no sum-
mary statistics are saved. This file does
not grow in size. It can be printed using
the mailstats(8) program.
=========================
As a convention, log levels under ten are considered generally "useful;"
log levels above 64 are reserved for debugging purposes.
10 Database expansion (alias, forward, and userdb
lookups) and authentication information.
11 NIS errors and end of job processing.
12 Logs all SMTP connections.
13 Log bad user shells, files with improper permis-
sions, and other questionable situations.
14 Logs refused connections.
15 Log all incoming and outgoing SMTP commands.
20 Logs attempts to run locked queue files. These
are not errors, but can be useful to note if your
queue appears to be clogged.
30 Lost locks (only if using lockf instead of
flock).
Additionally, values above 64 are reserved for
extremely verbose debugging output. No normal site
would ever set these.
======================
You can ask sendmail to log a dump of the open
files and the connection cache by sending it a SIGUSR1
signal. The results are logged at LOG_DEBUG priority.
=======================
if you are using the genericstable, you should add any domains
you wish to reverse-map to /etc/mail/generics-domains.
==========================
For a list of named debug categories in the sendmail binary, use
strings /usr/sbin/sendmail | grep Debug
========================
Persistent Host Status Information
When HostStatusDirectory is enabled, information about the status of hosts is maintained on disk and can thus be shared between different instantiations of sendmail. The status of the last connection with each remote host may be viewed with the command:
sendmail -bh
This information may be flushed with the command:
sendmail -bH
Flushing the information prevents new sendmail processes from loading it, but does not prevent existing processes from using the status information that they already have.
================
The .cf file is chosen based on the operation mode. For -bm (default),
-bs, and -t it is submit.cf if it exists for all others it
is sendmail.cf (to be backward compatible). This selection
can be changed by the new option -Ac or -Am (alternative .cf
file: client or mta). See sendmail/SECURITY.
================
/usr/sbin/sendmail -bd -q20m
===========
mail = gid 12
perms:
/var/spool 755 root.root
/mail 775 root.mail
/mqueue 755 root.root
/usr/sbin/sendmail root.bin ?
===========
mailq:
Dumps the contents of the mail spool, along with the status of
each message.
mailstats:
Shows various usage stats.
praliases:
Displays current aliases.
vacation:
Auto-responder of sorts for when you're laying on the beach.
|
Custom Search
|