Linux network servers

ct] confTO_CONTROL Sets the maximum amount of time allowed for a control socket transaction to complete. The default is two minutes (2m). [Timeout.control] confTO_DATABLOCK Sets the maximum time to wait for a block during DATA phase. Defaults to 1h. [Timeout.datablock] confTO_DATAFINAL Sets the maximum time to wait for a response to the terminating ".". Defaults to 1h. [Timeout.datafinal] confTO_DATAINIT Sets the maximum time to wait for a DATA command response. Defaults to 5m. [Timeout.datainit] confTO_FILEOPEN Sets the maximum time to wait for a file open. Defaults to 60s. [Timeout.fileopen] confTO_HELO Sets the maximum time to wait for a HELO or EHLO response. Defaults to 5m. [Timeout.helo] confTO_HOSTSTATUS Sets the timer for stale host status information. Defaults to 30m. [Timeout.hoststatus] confTO_ICONNECT Sets the maximum time to wait for the very first connect attempt to a host. [Timeout.iconnect] confTO_IDENT Sets the maximum time to wait for an IDENT query response. Defaults to 30s. [Timeout.ident] confTO_INITIAL Sets the maximum time to wait for the initial connect response. Defaults to 5m. [Timeout.initial] confTO_MAIL Sets the maximum time to wait for a MAIL command response. Defaults to 10m. [Timeout.mail] confTO_MISC Sets the maximum time to wait for other SMTP command responses. Defaults to 2m. [Timeout.misc] confTO_QUEUERETURN_NONURGENT Sets the "Undeliverable mail" timeout for low−priority messages. [Timeout.queuereturn.non−urgent] confTO_QUEUERETURN_NORMAL Sets the "Undeliverable mail" timeout for normal−priority messages. [Timeout.queuereturn.normal] confTO_QUEUERETURN_URGENT Sets the "Undeliverable mail" timeout for 459 urgent−priority messages. [Timeout.queuereturn.urgent] confTO_QUEUERETURN Sets the time until a message is returned from the queue as undeliverable. Defaults to 5d. [Timeout.queuereturn] confTO_QUEUEWARN_NONURGENT Sets the time until a "still queued" warning is sent for low−priority messages. [Timeout.queuewarn.non−urgent] confTO_QUEUEWARN_NORMAL Sets the time until a "still queued" warning is sent for normal priority messages. [Timeout.queuewarn.normal] confTO_QUEUEWARN_URGENT Sets the time until a "still queued" warning is sent for urgent priority messages. [Timeout.queuewarn.urgent] confTO_QUEUEWARN Sets the time until a "still queued" warning is sent about a message. Defaults to 4h. [Timeout.queuewarn] confTO_QUIT Sets the maximum time to wait for a QUIT command response. Defaults to 2m. [Timeout.quit] confTO_RCPT Sets the maximum time to wait for a RCPT command response. Defaults to 1h. [Timeout.rcpt] confTO_RESOLVER_RETRANS Defines, in seconds, the retransmission timer for all resolver lookups. [Timeout.resolver.retrans] confTO_RESOLVER_RETRANS_FIRST Defines, in seconds, the retransmission t imer for the resolver lookup for the f i rst at tempt to del iver a message. [Timeout.resolver.retrans.first] confTO_RESOLVER_RETRANS_NORMAL Def ines , in seconds, the retransmission timer for all resolver lookups after the first attempt to deliver a message. [Timeout.resolver.retrans.normal] confTO_RESOLVER_RETRY Defines the total number of times to retry a resolver query. [Timeout.resolver.retry] confTO_RESOLVER_RETRY_FIRST Defines the number of times the resolver query for the first delivery attempt is retried. [Timeout.resolver.retry.first] confTO_RESOLVER_RETRY_NORMAL Defines the number of times to retry resolver queries after the first delivery attempt. [Timeout.resolver.retry.normal] confTO_RSET Sets the maximum time to wait for a RSET command response. Defaults to 5m. [Timeout.rset] confTRUSTED_USER Defines the user who controls the sendmail daemon, and owns the f i l es c rea ted by sendmai l . Do no t con fuse th i s op t ion w i th confTRUSTED_USERS. [TrustedUser] confTRUSTED_USERS Defines trusted usernames to add to root, uucp, and daemon. 460 confTRY_NULL_MX_LIST Connects to the remote host directly if the MX points to the local host and it is set to True. Defaults to False. [TryNullMXList] confUNSAFE_GROUP_WRITES Doesn't reference programs or files from group−wr i tab le : inc lude: and . forward f i les i f True. Defau l ts to Fa lse. [UnsafeGroupWrites] c o n f U S E R D B _ S P E C D e f i n e s t h e p a t h o f t h e u s e r d a t a b a s e f i l e . [UserDatabaseSpec] confUSE_ERRORS_TO Delivers errors using the Errors−To: header if True. Defaults to False. [UserErrorsTo] confUUCP_MAILER Defines the default UUCP mailer. Defaults to uucp−old. confWORK_CLASS_FACTOR Defines the factor used to favor high−priority jobs. Defaults to 1800. [ClassFactor] confWORK_RECIPIENT_FACTOR Defines the factor used to lower the priority of a job for each additional recipient. Defaults to 30000. [RecipientFactor] confWORK_TIME_FACTOR Defines the factor used to lower the priority of a job for each delivery attempt. Defaults to 90000. [RetryFactor] define macros are the most common macros in the m4 source files. The next most commonly used macro is the FEATURE macro. FEATURE The FEATURE macro processes m4 source code from the feature directory. Source files in that directory define optional sendmail features. The syntax of the FEATURE macro is FEATURE(name, [argument]) The argument is optional. If an argument is passed to the source file, it is used by the source file to generate code for the sendmail.cf file. For example, the following generates the code for accessing the mailertable, and defines that table as being a dbm database located in the file /usr/ lib/mailertable: FEATURE(mailertable, dbm /usr/lib/mailertable) The available features and their purposes are listed in Table C.2. Table C.2: Optional sendmail Features Name Purpose accept_unqualified_senders Allows network mail from addresses that do not include a valid hostname. accept_unresolvable_domains Accepts mail from hosts that are unknown to DNS. access_db Enables the use of the access database. 461 allmasquerade Also masquerades recipient addresses. always_add_domain Adds the local hostname to all locally delivered mail. bestmx_is_local Accepts mail addressed to a host that lists the local system as its MX server as local. bitdomain Uses a table to map Bitnet hosts to Internet addresses. blacklist_recipients Filters incoming mail based on values set in the access database. delay_checks Delay the check_mail and check_relay rulesets until check_rcpt is called. dnsbl Reject mail from hosts listed in a DNS−based rejection list. Replaces rbl. domaintable Uses a domain table for domain name mapping. generics_entire_domain Map domain names identified in class G through the genericstable. genericstable Uses a table to rewrite local addresses. ldap_routing Enable LDAP−based e−mail routing. limited_masquerade Only masquerade hosts listed in $=M. local_lmtp Uses mail.local with LMTP support. local_procmail Uses procmail as the local mailer. loose_relay_check Disables validity checks for addresses that use the % hack. mailertable Routes mail using a mailer table. masquerade_entire_domain Masquerades all hosts within the masquerading domains. masquerade_envelope Masquerades the envelope sender address in addition to the header sender address. no_default_msa Allows the default configuration of the Message Submission Agent to be overridden by the DAEMON_OPTIONS macro. nocanonify Doesn't convert names with $[ ... $] syntax. nodns Doesn't include DNS support. nouucp Doesn't include UUCP address processing. nullclient Forwards all mail to a central server. Name Purpose promiscuous_relay Relays mail from any site to any site. rbl Enables use of the Realtime Blackhole List server. Replaced by dnsbl. redirect Supports the .REDIRECT pseudo−domain. relay_based_on_MX Relays mail for any site whose MX points to this server. relay_entire_domain Relays mail for any host in your domain. relay_host_only Relays mail only for hosts listed in the access database. relay_local_from Relays mail if the source is a local host. relay_mail_from Relays mail if the sender is listed as RELAY in the access database. smrsh Uses smrsh as the prog mailer. 462 stickyhost Treats user differently from user@local.host. use_ct_file Loads $=t from the file defined by confCT_FILE. use_cw_file Loads $=w from the file defined by confCW_FILE. uucpdomain Uses a table to map UUCP hosts to Internet addresses. virtuser_entire_domain Maps entire domain names through the virtusertable. virtusertable Maps virtual domain names to real mail addresses. The use_cw_file and the use_ct_file features are equivalent to Fw/etc/mail/local−host−names and Ft/etc/mail/trusted−users commands in the sendmail.cf file. See Chapter 5 for descriptions of host aliases ($=w) and trusted users ($=t). The redirect feature is also covered in Chapter 5. Several FEATURE macros remove unneeded lines from the sendmail.cf file. nouucp removes the code that handles UUCP addresses for systems that do not have access to UUCP networks, and nodns removes the code for DNS lookups for systems that do not have access to DNS, or do not want to use DNS. nocanonify disables the code that converts nicknames and IP addresses into hostnames. Finally, the nullclient feature strips everything out of the configuration, except for the capability to forward mail to a single mail server via a local SMTP link. The name of that mail server is provided as the argument on the nullclient command line, for example, FEATURE(nullclient, big.isp.net) forwards all mail to big.isp.net without any local mail processing. Several features relate to mail relaying and masquerading. They are stickyhost, allmasquerade, limited_masquerade, and masquerade_entire_domain. All of these features are covered in the DOMAIN section later in this appendix. Several of the features define databases that are used to perform special address processing. All of these features accept an optional argument that defines the database. (See the sample mailertable command at the beginning of this section for an example of defining the database with the optional argument.) If the optional argument is not provided, the database description always defaults to hash −o /etc/filename, where filename matches the name of the feature. For example, mailertable defaults to the definition hash −o /etc/mailertable. The database features are as follows: access_db Controls mail−relaying and delivery. The access file contains two fields: an e−mail address, which is the key, and an action taken for mail containing that address. The access database is covered in Chapter 11, "More Mail Services." mailertable Maps host and domain names to specific mailer:host pairs. The mailer, host, user triple is returned by ruleset parse based on the delivery address. The mailertable file allows you to define the mailer and the host of the delivery triple based on the domain name in the delivery address. If the host or domain name in the delivery addresses matches a key field in the mailertable database, it returns the mailer and host for that address. The format of a mailertable entry is domain−name mailer:host where domain−name is either a full hostname (host plus domain) or a domain name. If a domain name is used, it must start with a dot (.), and it will match every host in the specified domain. mailer is the internal sendmail.cf mailer name of the mailer that handles mail for the specified domain, and host is the hostname of the mailer server that handles mail for that domain. domaintable Converts an old domain name to a new domain name. The old name 463 is the key, and the new name is the value returned for the key. bitdomain Converts a Bitnet hostname to an Internet hostname. The Bitnet name is the key, and the Internet hostname is the value returned. The bitdomain program that comes with the sendmail distribution can be used to build this database. Bitnet is obsolete. uucpdomain Converts a UUCP name to an Internet hostname. The key is the UUCP hostname, and the value returned is the Internet hostname. This is useful only if you still have users who address e−mail using old UUCP addresses. genericstable Converts a sender e−mail address. The key to the database is either a username or a full e−mail address (username and hostname). The value returned by the database is the new e−mail address. (See Chapter 5 for an example of using the genericstable.) If you use the genericstable and you don't use masquerading, use generics_domain and generics_ domain_file to get the same functions normally provided by masquerade_domain and masquerade_domain_file. virtusertable Aliases incoming e−mail addresses. Essentially, this is an extended alias database for aliasing addresses that are not local to this host. The key to the database is a full e−mail address or a domain name. The value returned by the database is the recipient address to which the mail is delivered. If a domain name is used as a key, it must begin with an at sign (@). Mail addressed to any user in the specified domain is sent to the recipient defined by the virtusertable database. Any hostname used as a key in the virtusertable database must also be defined in class w. Some features are important in the fight against spam because they help control the mail a server d e l i v e r s o r f o r w a r d s o n f o r d e l i v e r y . T h e s e a r e a c c e p t _ u n q u a l i f i e d _ s e n d e r s , accept_unresolvable_domains, access_db, blacklist_recipients, and dnsbl. All of these are covered in the section on controlling spam in Chapter 11. Two of the remaining FEATURE commands relate to domains. The always_add_domain macro makes sendmail add the local domain name to all locally delivered mail, even to those pieces of mail that would normally have just a username as an address. The bestmx_is_local feature accepts mail addressed to a host that lists the local host as its preferred MX server as if the mail were local mail. If this feature is not used, mail bound for a remote host is sent directly to the remote host even if its MX record lists the local host as its preferred MX server. The bestmx_is_local feature should not be used if you use a wildcard MX record for your domain. The last two features are used to select optional programs for the local and the prog mailers. local_ procmail selects procmail as the local mailer. Provide the path to procmail as the argument in the FEATURE command. The smrsh feature selects the SendMail Restricted SHell (smrsh) as the prog mailer. smrsh provides improved security over /bin/sh, which is often used as the prog mailer. Provide the path to smrsh as the argument in the FEATURE command. The FEATURE commands discussed in this section and the define macros discussed previously are used to build the m4 source files. The next few sections of this appendix describe the purpose and structure of the OSTYPE, DOMAIN, and MAILER source files. 464 OSTYPE OSTYPE points to the m4 source file that contains the operating system specific information for this configuration. This required file is examined in detail in Chapter 5. Although all m4 macros can be used in OSTYPE source files, Table C.3 lists the define parameters most frequently associated with the OSTYPE file and the function of each parameter. If the parameter has a default value, it is shown enclosed in square brackets after the parameter's functional description. Table C.3: OSTYPE defines Parameter Function ALIAS_FILE Name of the alias file. [/etc/aliases] CYRUS_BB_MAILER_ARGS cyrusbb mailer arguments. [deliver −e −m $u] CYRUS_BB_MAILER_FLAGS Flags added to lsDFMnP for the cyrusbb mailer. CYRUS_MAILER_ARGS cyrus mailer arguments. [deliver −e −m $h −− $u] CYRUS_MAILER_FLAGS Flags added to lsDFMnP for the cyrus mailer. [A5@] CYRUS_MAILER_MAX Maximum size message for the cyrus mailer. CYRUS_MAILER_PATH Path to the cyrus mailer. [/usr/cyrus/bin/ deliver] CYRUS_MAILER_USER User and group used to the cyrus mailer. [cyrus:mail] DSMTP_MAILER_ARGS dsmtp mailer arguments. [IPC $h] ESMTP_MAILER_ARGS esmtp mailer arguments. [IPC $h] FAX_MAILER_ARGS FAX mailer arguments. [mailfax $u $h $f] FAX_MAILER_MAX Maximum size of a FAX. [100000] FAX_MAILER_PATH Path to the FAX program. [/usr/local/lib/fax/ mailfax] HELP_FILE Name of the help file. [/usr/lib/sendmail.hf] LOCAL_MAILER_ARGS Arguments for local mail delivery. [mail −d $u] LOCAL_MAILER_CHARSET Character set for local 8−bit MIME mail. LOCAL_MAILER_DSN_DIAGNOSTIC_ CODE The delivery status notification code used for local mail. [X−Unix] LOCAL_MAILER_EOL The end−of−line character for local mail. LOCAL_MAILER_FLAGS Local mailer flags added to lsDFM. [rmn] LOCAL_MAILER_MAX Maximum size of local mail. LOCAL_MAILER_MAXMSG The maximum number of messages delivered with a single connection. LOCAL_MAILER_PATH The local mail delivery program. [/bin/mail] LOCAL_SHELL_ARGS Arguments for the prog mail. [sh −c $u] LOCAL_SHELL_DIR Directory that the shell should run. [$z:/] LOCAL_SHELL_FLAGS Flags added to lsDFM for the shell mailer. [eu] 465 LOCAL_SHELL_PATH Shell used to deliver piped e−mail. [/bin/sh] MAIL11_MAILER_ARGS mail11 mailer arguments. [mail11 $g $x $h $u] MAIL11_MAILER_FLAGS Flags for the mail11 mailer. [nsFx] Parameter Function MAIL11_MAILER_PATH Path to the mail11 mailer. [/usr/etc/mail11] PH_MAILER_ARGS phquery mailer arguments. [phquery −− $u] PH_MAILER_FLAGS Flags for the phquery mailer. [ehmu] PH_MAILER_PATH Path to the phquery program. [/usr/local/etc/ phquery] POP_MAILER_ARGS POP mailer arguments. [pop $u] POP_MAILER_FLAGS Flags added to lsDFM for the POP mailer. [Penu] POP_MAILER_PATH Path of the POP mailer. [/usr/lib/ mh/spop] PROCMAIL_MAILER_ARGS procmail mailer arguments. [procmail −m $h $f $u] PROCMAIL_MAILER_FLAGS Flags added to DFMmn for the procmail mailer. [Shu] PROCMAIL_MAILER_MAX Maximum size message for the procmail mailer. PROCMAIL_MAILER_PATH Path to the procmail program. [/usr/local/bin/ procmail] QPAGE_MAILER_ARGS qpage mailer arguments. [qpage −10 −m −P$u] QPAGE_MAILER_FLAGS Flags for the qpage mailer. [mDFMs] QPAGE_MAILER_MAX Maximum qpage mailer message size. [4096] QPAGE_MAILER_PATH Path of the qpage mailer. [/usr/local/bin/qpage] QUEUE_DIR Directory containing queue files. [/var/spool/ mqueue] RELAY_MAILER_ARGS relay mailer arguments. [IPC $h] RELAY_MAILER_FLAGS Flags added to mDFMuX for the relay mailer. RELAY_MAIL_MAXMSG The maximum number of messages for the relay mailer delivered by a single connection. SMTP8_MAILER_ARGS smtp8 mailer arguments. [IPC $h] SMTP_MAILER_ARGS smtp mailer arguments. [IPC $h] SMTP_MAILER_CHARSET Character set for SMTP 8−bit MIME mail. SMTP_MAILER_FLAGS Flags added to mDFMUX for all smtp mailers. SMTP_MAILER_MAX Maximum size of messages for all smtp mailers. SMTP_MAIL_MAXMSG The maximum number of smtp messages delivered by a single connection. STATUS_FILE Name of the status file. [/etc/sendmail.st] USENET_MAILER_ARGS Arguments for the usenet mailer. [−m −h −n] USENET_MAILER_FLAGS usenet mailer flags. [rlsDFMmn] USENET_MAILER_MAX Maximum size of usenet mail messages. [100000] USENET_MAILER_PATH Program used for news. [/usr/lib/ news/inews] UUCP_MAILER_ARGS 466 UUCP mailer arguments. [uux − −r −z −a$g −gC $h!rmail ($u)] UUCP_MAILER_CHARSET Character set for UUCP 8−bit MIME mail. UUCP_MAILER_FLAGS Flags added to DFMhuU for the UUCP mailer. UUCP_MAILER_MAX Maximum size for UUCP messages. [100000] UUCP_MAILER_PATH Path to the UUCP mail program. [/usr/bin/uux] DOMAIN The DOMAIN macro identifies the m4 source file that contains configuration information specific to the local domain. Chapter 5 provides a detailed example of creating a domain source file and then calling that file with the DOMAIN macro. Table C.4 lists the define macros that commonly appear in DOMAIN source files. All of these define mail relay hosts. The value provided for each parameter is either a hostname (that is, the name of a mail relay server); or a mailer:hostname pair, where mailer is an internal mailer name and hostname is the name of the mail relay server. If only a hostname is used, the mailer defaults to relay, which is the name of the SMTP relay mailer. Table C.4: Mail Relay defines Parameter Function UUCP_RELAY Server for UUCP−addressed e−mail. BITNET_RELAY Server for BITNET−addressed e−mail. DECNET_RELAY Server for DECNET−addressed e−mail. FAX_RELAY Server for mail to the .FAX pseudo−domain. The fax mailer overrides this value. LOCAL_RELAY Server for unqualified names. This is obsolete. LUSER_RELAY Server for local names that really aren't local. MAIL_HUB Server for all incoming mail. SMART_HOST Server for all outgoing mail. The precedence of the relays defined by these parameters is from the most specific to the least specific. If both the UUCP_RELAY and the SMART_HOST relay are defined, the UUCP_ RELAY is used for outgoing UUCP mail, even though the SMART_HOST relay is defined as handling "all" outgoing mail. If you define both LOCAL_RELAY and MAIL_HUB, use the FEATURE(stickyhost) command. When the stickyhost feature is specified, LOCAL_RELAY handles all local addresses that do not have a host part, and MAIL_HUB handles all local addresses that do have a host part. If stickyhost is not specified, and both relays are defined, the LOCAL_RELAY is ignored, and MAIL_HUB handles all local addresses. In addition to the defines shown in Table C.3, macros that relate to masquerading and relaying also appear in the DOMAIN source file. The macros are as follows: EXPOSED_USER(username) Disables masquerading when the user portion of the sender address matches username. Some usernames, such as root, occur on many systems, and therefore are not unique across a domain. For those usernames, converting the host portion of the address makes it impossible to sort out where the 467 message really came from, and makes replies impossible. This command prevents the MASQUERADE_AS macro from having an effect on the sender addresses for specific users. This is the same as setting the values in class E in the sendmail.cf file. LOCAL_USER(usernames) Defines local usernames that should not be relayed, even if LOCAL_RELAY or MAIL_HUB are defined. This command is the same as adding usernames to class L in the sendmail.cf file. MASQUERADE_AS(host.domain) Converts the host portion of the sender address on outgoing mail to the specified domain name. Sender addresses that have no hostname or that have a hostname found in the w class are converted. This has the same e f fec t as the M macro in the sendmai l .c f f i le . See examples o f MASQUERADE_AS and macro M in Chapter 5. MASQUERADE_DOMAIN(otherhost.domain) Converts the host portion of the sender address on outgo ing mai l to the domain name def ined by the MASQUERADE_AS command if the host portion of the sender address matches the va lue de f ined here . Th is command must be used in con junc t ion w i th MASQUERADE_AS. Its effect is the same as adding hostnames to class M in the sendmail.cf file. See Chapter 5. MASQUERADE_DOMAIN_FILE(filename) Loads class M hostnames from the specified file. This can be used in place of multiple MASQUERADE_DOMAIN commands. Its effect is the same as using the FMfilename command in the sendmail.cf file. MASQUERADE_EXCEPTION(host.domain) This macro defines a host that is not masqueraded, even if it belongs to a domain that is being masqueraded. This allows you to masquerade an entire domain with the MASQUERADE_DOMAIN macro and then exempt a few hosts that should be exposed to the outside world. RELAY_DOMAIN(otherhost.domain) This macro identifies a host for which mail should be relayed. The host identified in this manner is added to class R. RELAY_DOMAIN_FILE(filename) This macro identifies a file that contains a list of hosts for which mail should be relayed. This macro loads class R from the specified file. There are also several features that affect relaying and masquerading. One, FEATURE (stickyhost), was already discussed. Others are the following: FEATURE(masquerade_envelope) Causes envelope addresses to be masqueraded in the same way that sender addresses are masqueraded. See Chapter 5 for an example of this command. FEATURE(allmasquerade) Causes recipient addresses to be masqueraded in the same way that sender addresses are masqueraded. Thus, if the host portion of the recipient address matches the requirements of the MASQUERADE_AS command, it is converted. Don't use this feature unless you are positive that every alias known to the local system is also known to the mail server that handles mail for the masquerade domain. 468 FEATURE(limited_masquerade) Limits masquerading to those hosts defined in class M. The hosts defined in class w are not masqueraded. FEATURE(masquerade_entire_domain) Causes MASQUERADE_DOMAIN to be interpreted as referring to all hosts within an entire domain. If this feature is not used, only an address that exactly matches the value defined by MASQUERADE_DOMAIN is converted. If this feature is used, then all addresses that end with the value defined by MASQUERADE_DOMAIN are converted. For example, assume that M A S Q U E R A D E _ A S ( f o o b i r d s . o r g ) a n d M A S Q U E R A D E _ D O M A I N ( s w a n s . f o o b i r d s . o r g ) a r e d e f i n e d . I f FEATURE(masquerade_ ent i re_domain) is set , every hostname in the swans.foobirds.org domain is converted to foobirds.org on outgoing e−mail. Otherwise, only a host named swans.foobirds.org is converted. Some features define how the server handles mail if it is the mail relay server. These features, which are also described in Chapter 11, are the following: access_db Maps a user, a domain name, or an IP address to a keyword that tells sendmail how to handle relaying for the host, domain, or network. This database is used in Chapter 11. blacklist_recipient Uses the access database to control delivery of mail based on the recipient address. The basic access_db feature controls relaying and delivery based on the source of the message. This feature adds to the capability to control mail relaying and delivery based on the destination. dnsbl Controls mail delivery based on a DNS blacklist. Source addresses and destination addresses listed in the DNS database may be denied mail delivery or relay services. promiscuous_relay Relays from any site to any site. Normally, sendmail does not relay mail. Using this feature is a bad idea because it makes you a possible relay server for spammers. relay_entire_domain Relays from any domain defined in class M to any site. relay_hosts_only Relays mail from any host defined in the access database or class R. relay_based_on_MX Relays mail from any site for which your system is the MX server. relay_local_from Relays mail with a sender address that contains your local domain name. The DOMAIN source file is also used for features and macros that directly relate to DNS. These features and macros include the following: FEATURE(accept_unqualified_senders) Accepts mail from the network even if the sender address does not include a hostname. Normally, only mail from a user directly logged on to the system is accepted without a hostname. This is a dangerous feature that should be used only on an isolated network. 469 FEATURE(accept_unresolvable_domains) Accepts mail from hostnames that cannot be resolved by DNS. This is a dangerous feature that is used only on systems that lack full−time DNS service, such as mobile laptops. FEATURE(always_add_domain) Adds the hostname of the system to all local mail. With this feature enabled on a server named ibis.foobirds.org, mail from the local use r c ra i g t o t he l oca l use r ka thy wou ld be de l i ve red as ma i l f r om craig@ibis.foobirds.org to kathy@ibis.foobirds.org. FEATURE(bestmx_is_local) Accepts mail addressed to any host that lists the sendmail server as its MX server as local mail. CANONIFY_DOMAIN(domain) Defines a domain name that will be passed to DNS for conversion to its canonical form, even if the nocanonify feature is in use. This macro is generally used to enable canonification of the local domain when nocanonify is in use. CANONIFY_DOMAIN_FILE(filename) Identifies a file containing a list of domain names that should be converted to canonical form, even if nocanonify has been selected. LOCAL_DOMAIN(alias−hostname) Defines an alias for the local host. Mail addressed to the alias will be accepted as if it were addressed directly to the local host. The macros and features described in this section are not limited to the DOMAIN source file. They can appear in any m4 source file, and, in fact, are often found in the macro control file. They are listed here because they are most naturally associated with the DOMAIN file. MAILER The MAILER command identifies an m4 source file that contains the configuration commands that define a sendmail mailer. A least one MAILER command must appear in the configuration file. Generally more than one MAILER command is used. It is possible that you will need to customize a file location in an OSTYPE file, or that you will need to define domain−specific information in a DOMAIN file. Unless you develop your own mail−delivery program, however, you will not need to create a MAILER source file. Instead, you will need to invoke one or more existing files in your macro configur−ation file. Table C.5 lists each MAILER name and its function. These are invoked using the MAILER(name) command in the macro configuration (.mc) file. Table C.5: MAILER Values Name Function local The local and prog mailers. smtp All SMTP mailers: smtp, esmtp, smtp8, dsmtp, and relay. uucp All UUCP mailers: uucp−old (uucp) and uucp−new (suucp). usenet Usenet news support. 470 fax FAX support using FlexFAX software. pop Post Office Protocol (POP) support. procmail An interface for procmail. mail11 The DECnet mail11 mailer. phquery The phquery program for CSO phone book. qpage The QuickPage mailer used to send e−mail to a pager. cyrus The cyrus and cyrusbb mailers. Your macro configuration file should have a MAILER(local) and a MAILER(smtp) entry. Selecting local and smtp provides everything you need for a standard TCP/IP installation. None of the remaining mailers is widely used. The other mailers are the following: uucp Provides UUCP mail support for systems directly connected to UUCP networks. The uucp−old mailer supports standard UUCP mail, and the uucp−new mailer is used for remote sites that can handle multiple recipients in one transfer. Specify MAILER(uucp) after the MAILER(smtp) entry if your system has both TCP/IP and UUCP connections. usenet Sends local mail that contains .usenet in the recipient name to the program inews. Use a user mail agent that supports Usenet news. Don't hack sendmail to handle it. fax Experimental support for HylaFAX. pop On Linux systems, POP support is provided by the popd, so the MAILER(pop) command is not used. procmail Provides a procmail interface for the mailertable. mail11 Used only on DECNET mail networks that use the mail11 mailer. phquery Provides CSO phone book (ph) directory service. qpage This mailer provides an interface from e−mail to pagers using the QuickPage program. cyrus Provides a local mail delivery program that uses a mailbox architecture. cyrus and cyrusbb mailers are not widely used. Local Code There are several m4 macros that allow you to directly modify the sendmail.cf file with unadulterated sendmail.cf configuration commands. These macros are placed at the beginning of a block of sendmail.cf code, and they tell m4 where to put that code in the output file. These macros are as follows: LOCAL_RULE LOCAL_RULE_n heads a section of code to be added to ruleset n, where n is 0, 1, 2, or 3. The code that follows the LOCAL_RULE command is sendmail.cf rewrite rules. 471 LOCAL_CONFIG LOCAL_CONFIG heads a section of code to be added to the sendmail.cf file after the local information section and before the rewrite rules. The section of code contains standard sendmail.cf configuration commands. LOCAL_RULESETS This macro heads a section of code that contains a complete ruleset that is to be added to the sendmail.cf file. Generally, these are named as opposed to numbered rulesets. LOCAL_NET_CONFIG This macro heads a section of sendmail.cf rewrite rules that defines how mail addressed to systems on the local network is handled. MAILER_DEFINITIONS This macro is placed before a sendmail.cf M command, which is a mailer definition. DAEMON_OPTIONS The DAEMON_OPTIONS macro defines parameters for the sendmail daemon. When sendmail accepts mail from a local e−mail program, it is acting as a Mail Submission Agent (MSA). When it transfers that mail to a remote server, it is acting as a Mail Transfer Agent (MTA). The DAEMON_OPTIONS macro sets options for both of sendmail's "personalities." Two DAEMON_OPTIONS commands are needed to set the parameters for both the MTA and the MSA. The sendmail configuration defaults to the following values: DAEMON_OPTIONS(`Port=25, Name=MTA') DAEMON_OPTIONS(`Port=587, Name=MSA, M=E') These two lines assign the standard ports to the MTA and the MSA, and a modifier to the MSA. Use the no_default_msa feature to clear the MSA defaults before you set new MSA values with the DAEMON_OPTIONS macro. And then use two DAEMON_OPTIONS commands: the first one for the MTA and the second one for the MSA. DAEMON_OPTIONS parameters are assigned using keyword=value pairs. The possible keywords and values are: Port The Port keyword assigns a network port number to the daemon. The standard port for an MTA is 25, and the standard port for an MSA is 587. Changing these standard ports means that clients will have difficulty locating the service. The port numbers are therefore rarely changed. Name The Name keyword identifies the aspect of the sendmail daemon for which the parameters are being set. There are four documented values: MTA This identifies the traditional Mail Transport Agent interface of sendmail that is used to deliver mail. MSA This identifies the Mail Submission Agent interface of sendmail that can be used by external MUAs to submit mail. In practice, this function is identical to the MTA function, except for port number, because both aspects of sendmail ensure that all mail, no matter how it arrives, is processed through all necessary rulesets, filters, and 472 databases. MTA−v4 This is the same as the MTA interface, and is designed to handle e−mail delivery to hosts with standard 32−bit IPv4 addresses. MTA−v6 MTA−v6 is an interface designed to handle delivery to hosts that use the 128−bit IPv6 addresses. Family The Family keyword defines the address family. By default, this is inet, which means that standard IPv4 addresses should be used. An alternate value is inet6, which requests IPv6 addressing. M The M keyword is a modifier that requests optional processing. M=E turns off the ESMTP ETRN command. This setting is the default for the MSA because it is required by the MSA standard. The M=a setting requires authentication by a trusted authentication method before the MSA will accept the mail message. LDAP Mail Routing In addition to the various databases built into sendmail, a Lightweight Directory Access Protocol (LDAP) server can be used with sendmail. If your site uses LDAP for other purposes, you may find some benefit in using it with sendmail. LDAP support is added to sendmail using the following defines, features, and macros: define(`confLDAP_DEFAULT_SPEC', `ldap−arguments') Sets arguments that are required for the LDAP map definition. At a minimum, the name of the LDAP server (−h server) and the base distinctive name (−b o=org,c=country) must be provided. For example: define(`confLDAP_DEFAULT_SPEC', `−h egret.foobirds.org −b o=foobirds.org,c=us') FEATURE(`ldap_routing') Adds the necessary support for LDAP routing to the configuration. LDAPROUTE_DOMAIN(domainname) Adds a domain to the class {LDAPRoute}. Mail routing information for domains in that class is looked up via the LDAP server. LDAPROUTE_DOMAIN_FILE(filename) Identifies the file from which the {LDAPRoute} class is loaded. The file contains a list of the domains for which mail routing information should be obtained from the LDAP server. This concludes the discussion of m4 macros. The output of all of the files and commands that go into the m4 processor is a sendmail.cf file. The bulk of information about sendmail configuration is found in Chapter 5. 473 List of Figures Chapter 1: The Boot Process Figure 1.1: The boot process flow Figure 1.2: The SYSV Runlevel Manager Window Chapter 2: The Network Interface Figure 2.1: Red Hat's Network Configuration tool Figure 2.2: The RS−232 hardware handshake Figure 2.3: kudzu installing a modem driver Figure 2.4: The Internet Connections window Chapter 3: Login Services Figure 3.1: The anonymous FTP RPM Chapter 4: Linux Name Services Figure 4.1: A caching−only DNS server RPM Chapter 5: Configuring a Mail Server Figure 5.1: sendmail rulesets Figure 5.2: Contents of the sendmail−cf RPM Chapter 6: The Apache Web Server Figure 6.1: Linux binaries at the Apache website Figure 6.2: Enabling Apache with tksysv Figure 6.3: Apache installation web page Figure 6.4: A fancy index for /usr/share/doc Figure 6.5: An invalid certificate warning Figure 6.6: The CAs built−in Netscape 6.1 Figure 6.7: The Apache server−status display Chapter 7: Network Gateway Services Figure 7.1: Circuit switching versus packet switching Figure 7.2: Routing through networks Figure 7.3: Contents of the Zebra RPM Figure 7.4: Installing gated with gnorpm Chapter 9: File Sharing Figure 9.1: The Red Hat NFS RPM Figure 9.2: The Red Hat Samba RPM Chapter 10: Printer Services Figure 10.1: Selecting a print queue type 474 Figure 10.2: The active local printer port Figure 10.3: Selecting a printer driver Figure 10.4: Editing a printer configuration Figure 10.5: Configuring a remote SMB printer Figure 10.6: Configuring a remote Unix printer Chapter 11: More Mail Services Figure 11.1: RPM query of the IMAP package Figure 11.2: Configuring the mail client Figure 11.3: Defining Netscape filter rules Chapter 12: Security Figure 12.1: Searching the Bugtraq Archives Figure 12.2: Linux exploits found at Figure 12.3: Locating software updates from a vulnerability report Figure 12.4: Red Hat provides security reports online. Figure 12.5: The OpenSSH RPM Chapter 13: Troubleshooting Figure 13.1: The Kernel Configuration window Figure 13.2: Network device support configuration options Figure 13.3: Selecting processor types and features Appendix A: Installing Linux Figure A.1: Disk Druid's main screen Figure A.2: Adding a partition in Disk Druid Figure A.3: Red Hat firewall configuration Figure A.4: The Authentication Configuration screen Figure A.5: Final X configuration window 475 List of Tables Chapter 1: The Boot Process Table 1.1: Valid Action Values Chapter 2: The Network Interface Table 2.1: Escape Sequences and Their Meanings Chapter 4: Linux Name Services Table 4.1: named.conf Configuration Statements Table 4.2: DNS Database Record Types Table 4.3: rndc Commands Table 4.4: Databases Controlled by nsswitch.conf Chapter 5: Configuring a Mail Server Table 5.1: Pattern Matching Symbols Table 5.2: Rewrite Template Symbols Chapter 6: The Apache Web Server Table 6.1: DSO Modules Loaded in the Red Hat Configuration Table 6.2: Server Side Includes Commands Chapter 7: Network Gateway Services Table 7.1: Default gated Preference Values Chapter 8: Desktop Configuration Servers Table 8.1: pump Command−Line Options Chapter 9: File Sharing Table 9.1: Linux mount Command Options Table 9.2: More mount Options Table 9.3: smb.conf Variables Chapter 10: Printer Services Table 10.1: lpc Commands Chapter 11: More Mail Services Table 11.1: POP3 Commands Table 11.2: IMAP4 Commands Table 11.3: Access Database Actions Table 11.4: procmail Recipe Flags 476 Chapter 12: Security Table 12.1: Wrapper Variables Table 12.2: ssh Client Configuration Options Chapter 13: Troubleshooting Table 13.1: TCP Protocol States Table 13.2: tcpdump Packet Filters Appendix A: Installing Linux Table A.1: Common Partitions Table A.2: Single−Character fdisk Commands Appendix B: BIND Reference Table B.1: BIND 8 Configuration Options Table B.2: New BIND 9 Options Table B.3: BIND 8 Logging Categories Appendix C: The m4 Macros for sendmail Table C.1: The sendmail m4 Macros Table C.2: Optional sendmail Features Table C.3: OSTYPE defines Table C.4: Mail Relay defines Table C.5: MAILER Values 477 List of Listings Chapter 1: The Boot Process Listing 1.1: The Default GRUB Configuration Listing 1.2: A Sample lilo.conf File Listing 1.3: Adding Password Protection to LILO Listing 1.4: The inittab File Listing 1.5: Runlevel Initialization Scripts Listing 1.6: The init.d Script Files Listing 1.7: Listing Loaded Modules Chapter 2: The Network Interface Listing 2.1: Loadable Network Device Drivers Listing 2.2: An Ethernet Card Configuration Created by kudzu Listing 2.3: A Sample pap−secrets File Listing 2.4: A Sample chap−secrets File Listing 2.5: A Sample chat Script Chapter 3: Login Services Listing 3.1: An Excerpt of the /etc/protocols File Listing 3.2: An Excerpt from /etc/services Listing 3.3: Excerpts from an inetd.conf File Listing 3.4: Services Disabled by inetd Listing 3.5: The xinetd.conf File Listing 3.6: The /etc/xinetd.d/wu−ftpd File Listing 3.7: Using chkconfig to Control xinetd Listing 3.8: A Sample /etc/passwd File Listing 3.9: Available Login Shells Listing 3.10: Examples from the /etc/group File Listing 3.11: The Effect of the useradd Command Listing 3.12: Using the usermod Command Listing 3.13: Contents of the /etc/default/useradd File Listing 3.14: Contents of the /etc/login.defs File Listing 3.15: The userdel Command Listing 3.16: Excerpts of the Red Hat ftpaccess File Chapter 4: Linux Name Services Listing 4.1: A Sample Host Table Listing 4.2: A Sample /etc/resolv.conf File Listing 4.3: A Sample zone Statement Listing 4.4: A Common Caching−Only Configuration Listing 4.5: The Red Hat named.conf File Listing 4.6: The Red Hat localhost.zone File Listing 4.7: The named Hints File Listing 4.8: The named.local File Listing 4.9: A DNS Slave Server Configuration Listing 4.10: A DNS Master Server Configuration Listing 4.11: A Sample DNS Zone File 478 Listing 4.12: A DNS Reverse Zone File Listing 4.13: The Red Hat rndc.conf File Listing 4.14: A Complete host.conf File Listing 4.15: A Sample nsswitch.conf File Chapter 5: Configuring a Mail Server Listing 5.1: A Sample aliases File Listing 5.2: Sample of the sendmail.cf Local Info Section Listing 5.3: Sample sendmail.cf Options Listing 5.4: sendmail.cf Header Commands Listing 5.5: Sample mailer Definitions Listing 5.6: Testing the Default sendmail Configuration Listing 5.7: Testing sendmail Masquerading Listing 5.8: The tcpproto.mc File Listing 5.9: The linux.m4 OSTYPE File Listing 5.10: The generic.m4 DOMAIN File Listing 5.11: A Customized DOMAIN File Listing 5.12: A Customized Macro Control File Listing 5.13: A Sample genericstable Listing 5.14: Testing Address Rewriting Chapter 6: The Apache Web Server Listing 6.1: Starting and Checking httpd Listing 6.2: Listing Statically Linked httpd Modules Listing 6.3: Active Directory Containers in Red Hat's httpd.conf File Listing 6.4: Apache Access Controls Listing 6.5: User Authentication for Web Access Listing 6.6: Using mod_auth_db for User Authentication Listing 6.7: Adding Users with dbmmanage Listing 6.8: Red Hat's SSL Apache Server Configuration Listing 6.9: Examining a Certificate with the openssl Command Listing 6.10: Creating an Apache Certificate Signature Request Listing 6.11: Examining a Certificate Signature Request with openssl Listing 6.12: The Server−Status Location Container Chapter 7: Network Gateway Services Listing 7.1: Viewing the arp Cache Listing 7.2: Viewing a Single arp Table Entry Listing 7.3: A Simple Routing Table Listing 7.4: A sample /etc/gateways file Listing 7.5: Sample zebra.conf File Listing 7.6: Examining zebra.conf through the vtysh Interface Listing 7.7: The Port Numbers Used by the Zebra Suite Listing 7.8: Reconfiguring zebra.conf through the vtysh Interface Listing 7.9: A Sample ripd.conf File Listing 7.10: A zebra.conf File for a Linux Host Listing 7.11: A zebra.conf File for a RIP/OSPF Router Listing 7.12: A ripd.conf File for a RIP/OSPF Router Listing 7.13: A Sample ospfd.conf File 479 Listing 7.14: A Sample bgpd.conf File Listing 7.15: A gated RIPv2 Configuration Listing 7.16: A gated OSPF/RIPv2 Interior Router Configuration Listing 7.17: A gated OSPF/BGP Exterior Router Configuration Chapter 8: Desktop Configuration Servers Listing 8.1: A Sample dhcpd.conf File Listing 8.2: A Sample dhcpcd−eth0.info File Listing 8.3: A Sample ifcfg−eth0 File Listing 8.4: A Sample pump.conf File Listing 8.5: A Sample dhclient.conf File Chapter 9: File Sharing Listing 9.1: Examining File Permissions with ls Listing 9.2: Displaying RPC Ports Listing 9.3: A Sample /etc/exports File Listing 9.4: The showmount Command Listing 9.5: Sample Mount Commands Listing 9.6: A Sample fstab File Listing 9.7: A Sample /etc/mtab File Listing 9.8: A Sample lmhosts File Listing 9.9: Active Lines in the Red Hat smb.conf File Listing 9.10: Samba File Shares Listing 9.11: Using smbclient Listing 9.12: Checking /proc/filesystems Listing 9.13: An smbmount Example Chapter 10: Printer Services Listing 10.1: Listing the Printer Ports Listing 10.2: A Sample printcap File Listing 10.3: Using lpc Interactively Listing 10.4: Viewing and Reordering a Print Queue Listing 10.5: Removing Jobs from the Print Queue Listing 10.6: smb.conf with Printer Sharing Listing 10.7: The script.cfg File for a Samba Printer Chapter 11: More Mail Services Listing 11.1: Using the POP Protocol with telnet Listing 11.2: Testing IMAP with telnet Listing 11.3: Permitting Mail Relaying Listing 11.4: Testing the dnsbl Feature Listing 11.5: A Sample Access Database for sendmail Listing 11.6: Adding the Access Database to the Configuration Listing 11.7: A Local_check_mail Example Listing 11.8: An Example of Creating a Local Ruleset Listing 11.9: A sample .procmailrc file Chapter 12: Security 480 Listing 12.1: The tcpd Security Log Listing 12.2: An xinetd Configuration File Listing 12.3: xinetd.conf Access Controls Listing 12.4: Sample iptables Commands Listing 12.5: Linux Rejects Weak Passwords Listing 12.6: Excerpts from the Shadow Password File Listing 12.7: Modifying /etc/shadow with usermod Listing 12.8: Generating OPIE Password Phrases Listing 12.9: A Sample ssh Login Listing 12.10: An Example of the ssh−keygen Command Listing 12.11: The Red Hat sshd_config file Listing 12.12: The Red Hat ssh_config file Chapter 13: Troubleshooting Listing 13.1: Adding the New Kernel to lilo.conf Listing 13.2: Adding a New Kernel to grub.conf Listing 13.3: Red Hat Network Interface Configuration Files Listing 13.4: Displaying the Configuration with ifconfig Listing 13.5: Viewing the ARP Table Listing 13.6: The arpwatch arp.dat File Listing 13.7: Sample arpwatch E−mail Reports Listing 13.8: Testing a PPP Link with minicom Listing 13.9: A Successful ping Test Listing 13.10: A Failed ping Test Listing 13.11: Displaying the Routing Table Listing 13.12: Testing a Route with traceroute Listing 13.13: Displaying Network Socket Connections Listing 13.14: Display All Sockets Listing 13.15: A telnet Handshake as Seen by tcpdump Listing 13.16: Monitoring Traffic with tcpdump Listing 13.17: Testing DNS with nslookup Listing 13.18: Testing Continues Listing 13.19: Testing DNS with the host Command Listing 13.20: Testing DNS with dig Appendix A: Installing Linux Listing A.1: Using rawrite Listing A.2: Creating Floppy Disks with dd Listing A.3: Partitioning with fdisk Listing A.4: Adding Logical Partitions Listing A.5: Assigning Filesystem Types Appendix B: BIND Reference Listing B.1: The BIND 8 options Statement Syntax Listing B.2: The BIND 9 options Statement Syntax Listing B.3: BIND 8 logging Command Syntax Listing B.4: BIND 9 logging Command Syntax Listing B.5: BIND 8 zone Statement Syntax Listing B.6: BIND 9 zone Statement Syntax 481 Listing B.7: The BIND 8 server Statement Syntax Listing B.8: The BIND 9 server Statement Syntax Listing B.9: The key Statement Syntax Listing B.10: The acl Statement Syntax Listing B.11: The trusted−keys Statement Syntax Listing B.12: BIND 8 controls Statement Syntax Listing B.13: BIND 9 controls Statement Syntax Listing B.14: The view Statement Syntax 482 List of Sidebars Introduction Sidebars Chapter 2: The Network Interface Address Mask, Subnet Mask, or Network Mask? Chapter 4: Linux Name Services Resolver Timeouts Chapter 7: Network Gateway Services Proxy ARP Counting to Infinity Chapter 8: Desktop Configuration Servers Using dhcpd with Old Linux Kernels Placing DHCP Servers Chapter 9: File Sharing Hidden Bits Coordinating UIDs and GIDs Clear−Text Password Chapter 11: More Mail Services Spam, Spam, Spam, Spam, and Spam Chapter 12: Security Realistic Wrapper Rules Password Dos and Don'ts The OPIE Transition Mechanism Chapter 13: Troubleshooting Adapter Card Configuration Appendix A: Installing Linux Working with a Windows Partition Symbolic Links 483