Custom Search
|
I switched to handwritten notes after printing this page, so it's very incomplete. Read everything that comes with the current version, especially op.txt. Most of this is copied verbatim. ======================== makemap -v = verbose! ======================== sendmail.cf options are defined in op.txt ======================== PostmasterCopy=postmaster [P] If set, copies of error messages will be sent to the named postmaster. ======================== PrivacyOptions=opt,opt,... [p] Set the privacy options. ``Privacy'' is really a misnomer; many of these are just a way of insisting on stricter adherence to the SMTP protocol. The options can be selected from: public Allow open access needmailhelo Insist on HELO or EHLO command before MAIL needexpnhelo Insist on HELO or EHLO command before EXPN noexpn Disallow EXPN entirely, implies noverb. needvrfyhelo Insist on HELO or EHLO command before VRFY novrfy Disallow VRFY entirely noetrn Disallow ETRN entirely noverb Disallow VERB entirely restrictmailq Restrict mailq command restrictqrun Restrict -q command line flag restrictexpand Restrict -bv and -v command line flags noreceipts Don't return success DSNs20 nobodyreturn Don't return the body of a message with DSNs goaway Disallow essentially all SMTP status queries authwarnings Put X-Authentication-Warning: headers in messages and log warnings The "goaway" pseudo-flag sets all flags except "noreceipts", "restrictmailq", "restrictqrun", "restrictexpand", "noetrn", and "nobodyreturn". If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue directory can run the queue. The "restrictexpand" pseudo-flag instructs sendmail to drop privileges when the -bv option is given by users who are neither root nor the TrustedUser so users cannot read private aliases, forwards, or :include: files. It will add the "NonRootSafeAddr" to the "DontBlameSendmail" option to prevent misleading unsafe address warnings. It also overrides the -v (verbose) command line option to prevent information leakage. Authentication Warnings add warnings about various conditions that may indicate attempts to spoof the mail system, such as using a non-standard queue directory. ======================== one way to specify a message sub- mission agent (MSA) that always requires authentication is: O DaemonPortOptions=Name=MSA, Port=587, M=Ea New M=S modifier for ClientPortOptions/DaemonPortOptions to turn off using/offering STARTTLS when delivering/receiving e-mail. a always require authentication b bind to interface through which mail has been received c perform hostname canonification (.cf) f require fully qualified hostname (.cf) u allow unqualified addresses (.cf) A disable AUTH (overrides 'a' modifier) C don't perform hostname canonification E disallow ETRN (see RFC 2476) O optional; if opening the socket fails ignore it S don't offer STARTTLS The modifiers that are marked with "(.cf)" have only effect in the standard configura- tion file, in which they are available via ${daemon_flags}. Notice: Do not use the ``a'' modifier on a public accessible MTA! It should only be used for a MSA that is accessed by authorized users for initial mail submission. Users must authenticate to use a MSA which has this option turned on. The flags ``c'' and ``C'' can change the default for hostname canonification in the sendmail.cf file. See the relevant documen- tation for FEATURE(nocanonify). The modi- fier ``f'' disallows addresses of the form user@host unless they are submitted directly. The flag ``u'' allows unqualified sender addresses, i.e., those without @host. ``b'' forces sendmail to bind to the inter- face through which the e-mail has been received for the outgoing connection. WARN- ING: Use ``b'' only if outgoing mail can be routed through the incoming connection's interface to its destination. No attempt is made to catch problems due to a misconfigu- ration of this parameter, use it only for virtual hosting where each virtual interface can connect to every possible location. This will also override possible settings via ClientPortOptions. Note, sendmail will listen on a new socket for each occurence of the DaemonPortOptions option in a configura- tion file. The modifier ``O'' causes send- mail to ignore a socket if it can't be opened. This applies to failures from the socket(2) and bind(2) calls. ======================== Forcing the Queue In some cases you may find that the queue has gotten clogged for some reason. You can force a queue run using the -q flag (with no value). It is entertaining to use the -v flag (verbose) when this is done to watch what happens: /usr/sbin/sendmail -q -v ====================== Logging Traffic Many SMTP implementations do not fully implement the protocol. For example, some personal computer based SMTPs do not understand continuation lines in reply codes. These can be very hard to trace. If you suspect such a problem, you can set traffic logging using the -X flag. For example, /usr/sbin/sendmail -X /tmp/traffic -bd will log all traffic in the file /tmp/traffic. This logs a lot of data very quickly and should NEVER be used during normal operations. After starting up such a daemon, force the errant implementation to send a message to your host. All message traffic in and out of sendmail, including the incoming SMTP traffic, will be logged in this file. ===================== 1.3.4. /usr/bin/newaliases The newaliases command should just be a link to sendmail: rm -f /usr/bin/newaliases ln -s /usr/sbin/sendmail /usr/bin/newaliases This can be installed in whatever search path you prefer for your system. 1.3.5. /usr/bin/hoststat The hoststat command should just be a link to sendmail, in a fashion similar to newaliases. This command lists the status of the last mail transac- tion with all remote hosts. The -v flag will pre- vent the status display from being truncated. It functions only when the HostStatusDirectory option is set. 1.3.6. /usr/bin/purgestat This command is also a link to sendmail. It flushes expired (Timeout.hoststatus) information that is stored in the HostStatusDirectory tree. 1.3.8. /var/spool/mqueue/.hoststat This is a typical value for the HostStatusDi- rectory option, containing one file per host that this sendmail has chatted with recently. It is normally a subdirectory of mqueue. ========================== The contents of the queue can be printed using the mailq command (or by specifying the -bp flag to sendmail): mailq This will produce a listing of the queue id's, the size of the message, the date the message entered the queue, and the sender and recipients. ========================== one of the startup files, typically "/etc/init.d/sendmail": if [ -f /usr/sbin/sendmail -a -f /etc/mail/sendmail.cf ]; then (cd /var/spool/mqueue; rm -f xf*) /usr/sbin/sendmail -bd -q30m & echo -n ' sendmail' >/dev/console fi The "cd" and "rm" commands insure that all tran- script files have been removed; extraneous tran- script files may be left around if the system goes down in the middle of processing a message. The line that actually invokes sendmail has two flags: "-bd" causes it to listen on the SMTP port, and "-q30m" causes it to run the queue every half hour. =============== 1.3.12. /etc/mail/statistics If you wish to collect statistics about your mail traffic, you should create the file "/etc/mail/statistics": cp /dev/null /etc/mail/statistics chmod 644 /etc/mail/statistics This file does not grow. It is printed with the program "mailstats/mailstats.c." The actual path of this file is defined in the S option of the sendmail.cf file. --- StatusFile=file [S] Log summary statistics in the named file. If no file name is specified, "statistics" is used. If not set, no sum- mary statistics are saved. This file does not grow in size. It can be printed using the mailstats(8) program. ========================= As a convention, log levels under ten are considered generally "useful;" log levels above 64 are reserved for debugging purposes. 10 Database expansion (alias, forward, and userdb lookups) and authentication information. 11 NIS errors and end of job processing. 12 Logs all SMTP connections. 13 Log bad user shells, files with improper permis- sions, and other questionable situations. 14 Logs refused connections. 15 Log all incoming and outgoing SMTP commands. 20 Logs attempts to run locked queue files. These are not errors, but can be useful to note if your queue appears to be clogged. 30 Lost locks (only if using lockf instead of flock). Additionally, values above 64 are reserved for extremely verbose debugging output. No normal site would ever set these. ====================== You can ask sendmail to log a dump of the open files and the connection cache by sending it a SIGUSR1 signal. The results are logged at LOG_DEBUG priority. ======================= if you are using the genericstable, you should add any domains you wish to reverse-map to /etc/mail/generics-domains. ========================== For a list of named debug categories in the sendmail binary, use strings /usr/sbin/sendmail | grep Debug ======================== Persistent Host Status Information When HostStatusDirectory is enabled, information about the status of hosts is maintained on disk and can thus be shared between different instantiations of sendmail. The status of the last connection with each remote host may be viewed with the command: sendmail -bh This information may be flushed with the command: sendmail -bH Flushing the information prevents new sendmail processes from loading it, but does not prevent existing processes from using the status information that they already have. ================ The .cf file is chosen based on the operation mode. For -bm (default), -bs, and -t it is submit.cf if it exists for all others it is sendmail.cf (to be backward compatible). This selection can be changed by the new option -Ac or -Am (alternative .cf file: client or mta). See sendmail/SECURITY. ================ /usr/sbin/sendmail -bd -q20m =========== mail = gid 12 perms: /var/spool 755 root.root /mail 775 root.mail /mqueue 755 root.root /usr/sbin/sendmail root.bin ? =========== mailq: Dumps the contents of the mail spool, along with the status of each message. mailstats: Shows various usage stats. praliases: Displays current aliases. vacation: Auto-responder of sorts for when you're laying on the beach.
Custom Search
|