So when I finally got it to work as required, it documented the process for my colleagues.....
biggest issue was how to make root mail look like it comes from a reverse lookup DNS entry on teh public network. each machine has address like <sitecode>ux123.<sitecode>.company.com which is fine. we masquerade all outbount mail as if it comes from user@company.com, again this is fine no problems. However, root is specifically restricted from teh masquerade and still comes out as root@<sitecode>ux123.<sitecode>.company.com THis makes sense as I do want to know which machine a root mail comes from. the problem is that many ( soo will be most ) external mail gateways and recipient machines will do a reverse DNS lookup to ensure that the sender is not being spoofed as a spam prevention.
We do have company.com with valid forward, reverse and MX DNS entries in the public internet. Most of our machines are in provate ip space 10.x.x.x, so these have to be NAT'd which is fine, but without a valid reverse lookup DNS on the internet, valid recipients of mail from root ( or any services started under the root user ) can be blocked.
So, in short, need to masquerade root as something other than root@company.com.
To achieve this we need to use sendmails genericstable. It is like an alias table four outbound mail ( aliases only take care of inbvound ). Just like aliases it needs to be compiled into a db format.
here is the procedure for Solaris and Aix ( will come back to HP/UX version....
Solaris 10
1. Create and edit a mc file in /etc/mail/cf/cf e.g. sendmail.mc and insert the following text:
VERSIONID(`@(#)sendmail.mc 1.11 (Sun) 06/21/04')
OSTYPE(`solaris8')dnl
DOMAIN(`solaris-generic')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
define(`SMART_HOST', `smtprelay.site.compnany.com')dnl
FEATURE(`masquerade_envelope')dnl
MASQUERADE_AS(`company.com')dnl
FEATURE(genericstable)dnl
GENERICS_DOMAIN(`host.site.company.com')dnl
FEATURE(generics_entire_domain)
MAILER(`local')dnl
MAILER(`smtp')dnl
2. Compile the sendmail.mc file into a useable sendmail.cf file
/usr/ccs/bin/m4 ../m4/cf.m4 sendmail.mc >sendmail.cf
3. backup existing sendmail.cf and replace with new cf file
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.
cp /etc/mail/cf/cf/sendmail.cf /etc/mail/sendmail.cf
4. Create /etc/mail/genericstable with list of userids to translate to other name e.g.
root superuser.host@company.com
jdoe dada@anothercompany.com
5. Change permissions on /etc/mail/genericstable to 600
6. Compile /etc/mail/genericstable into /etc/mail/genericstable.db
cd /etc/mail
makemap hash genericstable <genericstable
7. Change permissions on /etc/mail/genericstable.db to 600
8. restart sendmail service
svcadm restart svc:/network/smtp:sendmail
AIX Setup
1. Create and edit a mc file in /usr/samples/tcpip/sendmail/cf e.g. sendmail.mc and insert the following text:
include(`/usr/samples/tcpip/sendmail/m4/cf.m4')
OSTYPE(`aixsample')dnl
DOMAIN(`generic')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
define(`SMART_HOST', `smtprelay.site.company.com')dnl
FEATURE(`masquerade_envelope')dnl
MASQUERADE_AS(`company.com')dnl
FEATURE(genericstable)dnl
GENERICS_DOMAIN(`host.site.company.com')dnl
FEATURE(generics_entire_domain)
MAILER(`local')dnl
MAILER(`smtp')dnl
2. Compile the sendmail.mc file into a useable sendmail.cf file
/usr/bin/m4 sendmail.mc >sendmail.cf
3. backup existing sendmail.cf and replace with new cf file
cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.<datestring>
cp usr/samples/tcpip/sendmail/cf/sendmail.cf /etc/mail/sendmail.cf
4. Create /etc/mail/genericstable with list of userids to translate to other name e.g.
root hostname.superuser@company.com
myusern first.last@anothercompany.com
5. touch /etc/mail/local-host-names
6. Change permissions on /etc/mail/genericstable to 600
7. Compile /etc/mail/genericstable into /etc/mail/genericstable.db
cd /etc/mail
makemap hash genericstable < genericstable
8. Change permissions on /etc/mail/genericstable.db to 600
9. restart sendmail service
stopsrc -s sendmail
startsrc -s sendmail -a "-bd -q30m"
No comments:
Post a Comment