Knowledge File AEGEE Mail - sendmail
Sendmail is the MTA and MSA used in AEGEE. This document describes only the AEGEE-specific settings and considerations. It is in no way meant to be a guide explaining how sendmail works.
General details on configuring sendmail are availble from other sources. The documentation delivered with sendmail (doc/op/op.txt and doc/op/op.pdf) is good as reference for experienced administrators, but cannot be used to learn how sendmail works. A very, very good book on Sendmail is "sendmail" from O'Reilly, forth edition, authored by Bryan Costales, Claus Assmann, George Jansen, and Gregory Shapiro (ISBN 978-0-596-51029-9, 1308 pages).
Sendmail on aegeeserv listens to
- port 25 on 184.108.40.206 - proceeds mails for @aegee.org, @aegee.uka.de and @aegee.uni-karlsruhe.de
- port 25 on 220.127.116.11 (lists.aegee.org) - proceeds mails for @lists.aegee.org
- port 25 on 18.104.22.168 (mail.aegee.org) - proceeds mails for @mail.aegee.org
- port 25 on 22.214.171.124 (karlsruhe.aegee.org) - proceeds the emails sent by listserv
- port 25 on 127.0.0.1 (localhost) - does almost nothing
- port 465 on 126.96.36.199 (mail.aegee.org or smtp.aegee.org) acts as MSA with SSL
- port 587 on 188.8.131.52 (mail.aegee.org or smtp.aegee.org) acts as MSA with TLS
sendmail sources are located in /src/mail/sendmail-8.13.6 and /src/mail/sendmail-8.14.4 . In each sendmail source tree there is a devtools/Site/site.config.m4 file. This file says how sendmail will be build.
As of January 2010 the file contains:
define(`confOPTIMIZE', ` -O3 -march=native')
APPENDDEF(`confMAPDEF', `-DDNSMAP=1 -DNEWDB -DMAP_REGEX -DSOCKETMAP')
dnl -DPH_MAP -DNIS -DNISPLUS -DLDAPMAP
APPENDDEF(`confENVDEF', `-DSTARTTLS -DSASL=2 -DIP_SRCROUTE=1 -DLOG -DNETINET')
APPENDDEF(`confENVDEF', `-DNETUNIX -DNAMED_BIND -DMATCHGEC0S -DMIME8TO7=1')
APPENDDEF(`confENVDEF', `-DLISTSERV -DUSERDB=1 -DMILTER -DIDENTPROTO=1')
dnl -DTCPWRAPPERS -DNETINET6
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl -I/usr/include/openssl/')
APPENDDEF(`confLIBS', `-lssl -lcrypto -lsasl2 -lwrap -lpthread')
dnl -llber -lldap
dnl starts a comment until the end of the line and mentioned settings, that were enabled or might be interesting to enable in the future.
When compiling sendmail with ldap support, keep in mind that the static library libmilter.a does require -llber -lldap when being linked against executables. This is most notably the case when new version of clamav-milter is compiled. When libmilter.a is build to depend on LDAP pass CFLAGS=-llbrer -ldap when linking against the library (libmilter does uses ldap in no way, just if it depends on LDAP you have to pass the LDAP libraries, otherwise you cannot link).
Apply mail.aegee.org/patches/sm8.14.4-prdr.patch towards the sendmail 8.14.4 source tree to make it PRDR capable.
Apply mail.aegee.org/patches/sm8.14.4-alias.patch towards the sendmail 8.14.4 source tree to make it capable to proceed listserv probes and as of listserv 16.0-2014a, dmarc-rewritten addresses.
Each sendmail instance has a single, separate configuration file. In AEGEE there are seven differently configured sendmail instances. The configuration files for each instance are in /src/mail/sendmail-8.13.6/cf/cf/ and these are used to generate configuration files for sendmail 8.14.4.
The 8.13.6 is the only tree, that supports Real Time Cyrus Integration v2. In the bright future, the source tree of sendmail-8.14.4 will adopt the Open-sendmail / Real Time Cyrus Integration v3.
All relevant files in that directory start with sendmail or submit.
All sendmail instances are stared with /etc/init.d/rc.sendmail when the server starts, or when sendmail is manually restarted (=when sending signal HUP is not appropriate).
For each instance there is a .cf and .mc file. The .mc files are proceeded with ./Build install-cf file.cf in the /src/mail/sendmail-8.1?.?/cf/cf directory, to produce a .cf file. Afterwards both .cf and .mc files have to be copied to /etc/mail . The script /src/mail/sendmail-8.13.6/cf/cf/hajde regenerates all the relevant .cf filesfrom the .mc files, copies them to /etc/mail, and sends the HUP signal to sendmail. The latter practically means to force sendmail to reread its configiration files.
In AEGEE we use the milters:
The differences between the different sendmail instances, described per configuration file, are:
Below is described which sendmail instances use which milters.
- aegee-milter: makes a lot of things, incl. applying Sieve filtering on incoming mails; subject to separate documentation
- post-listserv-milter: Takes the mails sent by listserv. For lists with Reply-To = Both the email address is removed, when it is subscribed to the list, so that by default the original sender will get one copy of the answer, regardless if the sender is subscribed to the list or not; takes the X-To: and X-CC: header values and puts them as To: and CC:; subject to separate documentation
- clamav-milter: sends mails to a clamd daemon, where they are checked for spam. Part of clamav, see www.clamav.net for details
- spamass-milter: sends mails to spamassassin's spamd daemon. Check savannah.nongnu.org/projects/spamass-milt for details.
The different .mc files
All sendmail configurations send outgoing emails via the smart host smtp.aegee.uni-karlsruhe.de (two different IPs).
- sendmail-mail listens on mail.aegee.org:25 for incoming mails (sent to @mail.aegee.org). Applies the clamav-milter, spamass-milter and aegee-milter
- sendmail-80 same as sendmail-mail, but listens on 184.108.40.206 and lists.aegee.org for incoming mails (in the @aegee.org, @aegee.uka.de, @aegee.uni-karlsruhe.de and @lists.aegee.org domains). The purpose of having separate sendmail-mail is to be able to try new sendmail configurations, without affecting the primary domains.
- submit-tls listens on mail.aegee.org:587 (and smtp.aegee.org:587), requires authentification with either aegeeserv or aegee.org account and enforces that the authenticated user can use only envelope senders build from her name (except for some users, like clemens or didopalauzov , which can send mails with any sender), where every space is replaced by dot, and @aegee.org is appended. The authentication towards the aegee.org accounts is done with SASL, as specified in /usr/lib/sasl2/Sendmail.conf . SASL uses pam (saslauthd -a pam). PAM for sendmail is configured in /etc/pam.d/smtp to use pam_ldap. pam_ldap uses /etc/pam_ldap.conf and is moreover patched to cut the last ten characters from the authenticating user name (=to cut "@aegee.org"). Applies clamav-milter and spamass-milter.
- submit-ssl same as submit-tls, but listens on port 465 and requires SSL connection (instead of TLS)
- sendmail-karlsruhe listens on karlruhe.aegee.org:25 and accepts mails from listserv. Applies the post-listserv-milter.
- sendmail listens on localhost:25, configures the queue runner and is used, when sendmail is invoked without explicitly specifying configuration file (=always when you run sendmail in the console to send some email). Applies clamav-milter and spamass-milter.
- submit uses no milters, used instead sendmail.cf when sendmail is invoked with one of -Ac, -t or -bs. This configuration file has practically no application on aegeeserv. Please note, that mails sent using this configuration file, that cannot be immediately delivered are put in a queue, that is different from the queue, when sendmail is run with another configuration file, and there is no queue-runner configured to proceed the submit.cf - queue. No milters are applied.
Experimenting with sendmailTO BE WRITTEN IN THE NEAR FUTURE
As non-run you can run sendmail on 220.127.116.11 port 3306 that is not blocked by the University's computer center.
Written in February 2010 by Дилян Палаузов.