PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : sendmail + relay [mal wieder]



bob_morane77
27.02.03, 12:46
hi,

ich lese schon seit stunden die anleitungen und threads durch, werde aber
nicht so richtig schlau.

ich benutze suse 8 und sendmail.

auf dem server, der in einem rechenzentrum hängt (ständig online feste ip)
läuft sendmail.
auf dem server liegen verschieden domains.
jeder nutzer einer domain kann seine mails abholen.
weiterleitungen funktionieren.

das problem ist, das ich den server nicht als postausgang zum laufen bekomme !
immer wenn ich ihn als postausgang angebe kommt "550 relay denied"

ich würde gern das relay für alle freigeben (erstmal) damit jeder domain-kunde bei
mir überallhin mails senden kann.
und dann zur sicherheit smtp-auth verlangen.

leider habe ich noch kein gutes tut gefunden, was mir da weiter hilft.
läßt sich smtp-auth auch mit webmin mitteln umsetzen ? ;-)

woran erkenne ich, ob suse die einstellungen z.b. access oder relay-domains annimmt ?

aus der m4 config werd ich nicht schlau !


ich hoffe, ihr könnt mir helfen !
thx

CEROG
27.02.03, 18:47
Hallo bob_morane,

ich bin zwar nicht der sendmail-guru, konnte das Problem aber mit Hilfe aus diesem Forum hier lösen.

Ich habe mit Yast2 eine Maskierung der lokalen Domains durchgeführt.

Außerdem sind bei mir diese features in der sndmail.cf gesetzt:
accept_unresolvable_domains
accept_unqualified_senders.

Damit sollte es bei dir auch gehen.

Viele Grüße,
CEROG


PS: Es wäre hilfreich, wenn du Fehlermeldungen oder Logauszüge mitposten könntest.

bob_morane77
27.02.03, 20:15
wie gesagt, das ziel ist es allen emails den "ausgang" zu gewähren, solange sie
eine meiner domains hinter dem @ stehen haben und entweder mit SMTP after POP
oder SMTP-auth gesichert wurden.

ich versuche das über das m4 file. habe bei yast geschaut und das notwendige cyrus-modul
für smtp-auth ist installiert.

sorry, wenn es lang wird, aber hier ist mein m4-file. irgendwie blick ich das noch nicht.

Other divert(-1)
Other # Copyright (c) 1997-1999,2000 SuSE GmbH Nuernberg, Germany.
Other # Author: Florian La Roche
Other # Werner Fink <feedback@suse.de>
Other #
Other # After the `divert(0)' all lines starting with `dnl' are
Other # comments until the next newline character.
Other # Putting words into `'-pairs disables macro expansion
Other #
Other include(`/usr/share/sendmail/m4/cf.m4')
Other divert(0)dnl
Other VERSIONID(`@(#)Setup for SuSE Linux 8.12.3-0.4 (SuSE Linux) 2002/01/14')
Other dnl
Other dnl This is the default configuration for SuSE Linux.
Other dnl See `/usr/share/sendmail/ostype/suse-linux.m4' and take a look
Other dnl into `/usr/share/sendmail/README' for more information.
Other dnl
Other dnl The suse-linux.m4 enables the FEATUREs mailertable, genericstable,
Other dnl virtusertable, and access_db. Just look to those file for some
Other dnl examples. They are stored in `/etc/mail/'. If you have changed
Other dnl one or more files you should run SuSEconfig or generate the
Other dnl `.db' files by hand (see /sbin/conf.d/SuSEconfig.sendmail).
Other dnl
Other dnl NOTE: YOU HAVE TO CHANGE THE CONFIGURATION TO FIT YOUR NEEDS
Other dnl BEFORE ACTIVTING SOME OF THESE EXAMPLES!
Other dnl
OS Type OSTYPE(`suse-linux')dnl
Other dnl
Other dnl By default the MSA (Message Submission Agent) daemon is disabled on
Other dnl SuSE Linux. If you want to use this service enabled the following.
Other dnl
Other dnl DAEMON_OPTIONS(`Port=587,Name=MSA,M=E')dnl
Other dnl
Other dnl Do not send MIME error messages
Other dnl
Other dnl define(`confMIME_FORMAT_ERRORS', `False')dnl
Other dnl
Other dnl If you have a modem and you use dial on demand, specify the time
Other dnl until you have a working connection. Sendmail will then retry to
Other dnl establish a connection.
Other dnl
Other dnl define(`confDIAL_DELAY', `10s')dnl
Other dnl
Other dnl Timeout before a warning message is sent to the sender telling them
Other dnl that the message has been deferred. The FEATURE(dialup) will
Other dnl overwrite this.
Other dnl
Other dnl define(`confTO_QUEUEWARN', `4h')dnl
Other dnl
Other dnl Timeout before a message is returned as undeliverable
Other dnl
Other dnl define(`confTO_QUEUERETURN', `5d')dnl
Other dnl
Other dnl If you have lots of users, you might want to add "restrictmailq" and
Other dnl "restrictrunq", but normally they can be left out. "authwarnings"
Other dnl warns about all people that e.g. use "sendmail -bs" and adds
Other dnl `X-Authentication-Warning:' headers. Pine users might want to disable this.
Other dnl "noreceipts" disables DSN (Delivery Status Notification) and ignores all
Other dnl `Return-Receipt-To:' headers even if `confRRT_IMPLIES_DSN' is `true'.
Other dnl For service provider using ETRN on port 25 the noetrn could be removed.
Other dnl
Other dnl define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,novrfy,noexpn,noetrn,no verb')dnl
Other dnl
Other dnl These users given in `/etc/mail/trusted-users' are allowed to modify
Other dnl the email sender address.
Other dnl
Other dnl FEATURE(`use_ct_file')dnl
Other dnl
Other dnl You can specify a smart host either here or in `/etc/mail/mailertable'
Other dnl
Other dnl define(`SMART_HOST', `smtp:mail.smarthost.other.domain')dnl
Other dnl define(`SMART_HOST', `uucp-dom:otheruucphost')dnl
Other dnl define(`MAIL_HUB', `smtp:host.your.domain')dnl
Other dnl define(`LOCAL_RELAY', `smtp:host.your.domain')dnl
Other dnl
Other dnl Redirect all email to unknown people to Postmaster.
Other dnl
Other dnl define(`LUSER_RELAY', `local:postmaster')dnl
Other dnl
Other dnl Enable the following SuSE FEATURE, if you have a expensive
Other dnl dialup connection for SMTP and want to queue all email until
Other dnl `sendmail -q' is started.
Other dnl
Other dnl FEATURE(`expensive')dnl
Other dnl
Other dnl This is used for dial-on-demand connections where we don't want to
Other dnl trigger a connection just for a DNS query.
Other dnl Sendmail will give all hostnames to your DNS server and replace the
Other dnl names with the FQDN ones. As nearly all email-programs use the full
Other dnl hostname and you will probably also just use full hostnames as
Other dnl destination addresses, you could disable `nocanonify'. With `nodns'
Other dnl you should declare the local, the mail hub, the smart, and the mail
Other dnl relay host with their IP addresses and the corresponding Full Qualified
Other dnl Domain Names (in short FQDN which means hostname.domain) /etc/hosts.
Other dnl Do NOT use this together with anti-spam FEATUREs.
Other dnl
Other dnl FEATURE(`nocanonify')dnl
Other dnl HACK(`nodns')dnl
Other dnl
Other dnl The following FEATURE provides the possibility to avoid further
Other dnl dialups. The delivery mode is defer (postpone) therefore this
Other dnl FEATURE should NOT be used in combination with anti-spam FEATUREs.
Other dnl Note, that this FEATURE needs the FQDN as stored in /etc/HOSTNAME
Other dnl read into the variable FQHOSTNAME. Therefore replace myhost.newdomain.notused!
Other dnl
Other dnl FEATURE(`dialup', `myhost.newdomain.notused')dnl
Other dnl
Other dnl This is a NO NO and only suitable in real intranet. This because
Other dnl it `provides' a mail really for spam mails even if your local host
Other dnl is connected over a dialup line. To avoid this miss-FEATURE you
Other dnl should enable FEATURE(`use_cw_file') and declare the hosts to accept
Other dnl in `/etc/mail/local-host-names'.
Other dnl Do NEVER use this together with anti-spam FEATUREs or being connected
Other dnl to the Internet.
Other dnl
Other dnl FEATURE(`promiscuous_relay')dnl
Other dnl
Other dnl Sendmail only accepts emails as local that use the FQDN. If you want
Other dnl to accept further hostnames as local email, add them here or put
Other dnl them into the `/etc/mail/local-host-names' file.
Other dnl
Feature FEATURE(`use_cw_file')dnl
Other dnl
Other dnl This FEATURE enables (open)ldap and requires some arguments. For
Other dnl information see http://www.stanford.edu/~bbense/ldap/. Note that this
Other dnl FEATURE define a map `ldap' and expand the AliasFile with `sequence:ldap'.
Other dnl We choose an other name for the proposed map name `luser' (see URL) to
Other dnl avoid conflicts with LUSER_RELAY. The necessary change in rule S5 is
Other dnl already done and will be enabled by this FEATURE.
Other dnl
Other dnl FEATURE(`ldap', `place_here_your_configuration')dnl
Other dnl
Other dnl The ldap_routing FEATURE is part of the official sendmail since 8.10.0.
Other dnl You'll find a description in /usr/share/sendmail/README at `LDAP ROUTING'.
Other dnl You've to replace example.notused, mailHostdefine, mailRoutingAddressdefine,
Other dnl and bounce argument if not `passthru' with your're own configuration.
Other dnl
Other dnl define(`confLDAP_DEFAULT_SPEC', `-h mailHost')dnl
Other dnl LDAPROUTE_DOMAIN(`example.notused')dnl
Other dnl FEATURE(`ldap_routing', dnl
Other dnl `ldap -1 -v mailHost -k (&(objectClass=inetLocalMailRecipient) (mailLocalAddress=%0))', dnl
Other dnl `ldap -1 -v mailRoutingAddress -k (&(objectClass=inetLocalMailRecipient) (mailLocalAddress=%0))', dnl
Other dnl `bounce')dnl
Other dnl
Other dnl To stop spamming from known domains and known senders you should
Other dnl not use the FEATURE(dialup) nor FEATURE(promiscuous_relay) nor HACK(nodns).
Other dnl To turn on the ability to refuse or allow incoming mail for certain
Other dnl recipient usernames, hostnames, or addresses, you should declare them
Other dnl in `/etc/mail/access'.
Other dnl You can provide a black list for the FEATURE below list which is used to
Other dnl block incoming mail for certain recipient usernames, hostnames, or
Other dnl addresses.
Other dnl
Feature FEATURE(`blacklist_recipients')dnl
Other dnl
Other dnl The Realtime Blackhole List is a service of rbl.maps.vix.com
Other dnl (see http://maps.vix.com/rbl/). It provides a list of hosts
Other dnl of known spammers. The FEATURES below are some other server
Other dnl for rejecting well known spammers
Other dnl (see http://maps.vix.com/ and http://www.orbs.org/).
Other dnl
Other dnl FEATURE(`dnsbl')dnl
Other dnl FEATURE(`dnsbl',`dul.maps.vix.com',` Mail from $&{client_addr} rejected - dul; see http://maps.vix.com')dnl
Other dnl FEATURE(`dnsbl',`relays.orbs.org', ` Mail from $&{client_addr} rejected - open relay; see http://www.orbs.org')dnl
Other dnl
Other dnl
Other dnl Just add the local domain if the email address doesn't have one
Other dnl
Feature FEATURE(`always_add_domain')dnl
Other dnl
Other dnl Specify the sender email address for all outgoing mail from the local
Other dnl machine. Most people also want to use "masquerade_envelope" to also
Other dnl change the envelope addresses.
Other dnl Use "allmasquerade" to also change the recipient address. Don't use
Other dnl this feature, if you don't have the full /etc/aliases and the full
Other dnl /etc/passwd on your host.
Other dnl
Other dnl MASQUERADE_AS(`newdomain.notused')dnl
Other dnl FEATURE(`masquerade_envelope')dnl
Other dnl FEATURE(`allmasquerade')dnl
Other dnl FEATURE(`no_local_masquerading')dnl
Other dnl
Other dnl Normally, any hosts decided as locally are masqueraded. If
Other dnl the feature limited_masquerade is used, only the hosts listed in
Other dnl MASQUERADE_DOMAIN() are masqueraded. This is useful if you have
Other dnl several domains with disjoint namespaces hosted on the same machine.
Other dnl
Other dnl MASQUERADE_DOMAIN(`otherdmain.notused')dnl
Other dnl FEATURE(`limited_masquerade')dnl
Other dnl
Other dnl The list will cause certain addresses originating locally (i.e. that
Other dnl are unqualified) or domains to be looked up in a map and turned into
Other dnl another ("generic") form, which can change both the domain name and
Other dnl the user name. These domains can additional to the local domains be
Other dnl changed in /etc/mail/genericstable
Other dnl
Other dnl GENERICS_DOMAIN(`your.domain')dnl
Other dnl
Other dnl Foreign package amavis needs libmilter interface
Other dnl
Other dnl define(`MILTER')dnl
Other dnl divert(-1)
Other dnl INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/run/amavis/amavis-milter.sock, T=S:10m;R:10m;E:10m')
Other dnl divert(0)dnl
Other dnl
Other dnl
Other dnl Enable SMTP-AUTH as client (plain, gssapi, digest-md5, and cram-md5)
Other dnl AUTH_DIR is defined in OSTYPE(`suse-linux') as /etc/mail/auth
Other dnl Please not that most providers only know about `plain' which means
Other dnl that the user data will not be encrypted.
Other dnl
Define define(`confAUTH_MECHANISMS',`plain')
Other dnl
Other dnl FEATURE(`authinfo', `hash -o 'AUTH_DIR\`/auth-info')dnl
Other dnl Enable SMTP-AUTH as server (gssapi, digest-md5, and cram-md5)
Other dnl for an explanation read
Other dnl /usr/share/sendmail/README, /usr/share/doc/packages/sendmail/op.txt.bz2,
Other dnl and http://www.sendmail.org/~ca/email/auth.html.
Other dnl
Other dnl define(`confAUTH_OPTIONS', `Apy')dnl
Other dnl TRUST_AUTH_MECH(`place_here_your_auth_mechanism')d nl
Other dnl define(`confAUTH_MECHANISMS', `place_here_your_auth_mechanism')dnl
Other dnl
Other dnl Enable STARTTLS Certificates, for an explanation read
Other dnl /usr/share/doc/packages/sendmail/op.txt.bz2 and
Other dnl http://www.sendmail.org/~ca/email/starttls.html
Other dnl The certification and key files are placed at
Other dnl /etc/mail/certs/ as CA.cert.pem, MYServer.cert.pem,
Other dnl MYServer.key.pem (for STARTTLS server) and
Other dnl MYClient.cert.pem, MYClient.key.pem (for STARTTLS client).
Other dnl CERT_DIR is defined in OSTYPE(`suse-linux') as /etc/mail/certs
Other dnl
Other dnl define(`confCACERT', CERT_DIR/`CA.cert.pem')dnl"
Other dnl define(`confSERVER_CERT', CERT_DIR/`MYServer.cert.pem')dnl"
Other dnl define(`confSERVER_KEY', CERT_DIR/`MYServer.key.pem')dnl"
Other dnl define(`confCLIENT_CERT', CERT_DIR/`MYClient.cert.pem')dnl"
Other dnl define(`confCLIENT_KEY', CERT_DIR/`MYClient.key.pem')dnl"
Other dnl
Other dnl We use the generic m4 macro definition. This defines
Other dnl an extented .forward and redirect mechanism.
Other dnl
Other DOMAIN(`generic')dnl
Other dnl
Other dnl These mailers are available. per default only smtp is used. You have
Other dnl to add entries to /etc/mail/mailertable to enable one of the other
Other dnl mailers.
Other dnl
Mailer MAILER(`local')dnl
Mailer MAILER(`smtp')dnl
Mailer MAILER(`procmail')dnl
Mailer MAILER(`uucp')dnl
Mailer MAILER(`bsmtp')dnl
Mailer MAILER(`fido')dnl
Other dnl
Other dnl Just an other (open)ldap feature is the usage of maill500 as mailer
Other dnl for a given (open)ldap domain (see manual page mail500).
Other dnl
Other dnl MAILER(`mail500', `place_here_your_openldap_domain')dnl
Other dnl
Other dnl This line is required for formating the /etc/sendmail.cf
Other dnl
Other LOCAL_CONFIG
Other dnl
Other dnl The alternate names of this host:
Other dnl
Other dnl Cw localhost test.domain
Other dnl

LKH
27.02.03, 20:29
Hi,

hier muss doch noch was drinstehen, wohl ein Hinweis auf dein Modul:

Other dnl TRUST_AUTH_MECH(`place_here_your_auth_mechanism')d nl
Other dnl define(`confAUTH_MECHANISMS', `place_here_your_auth_mechanism')dnl

Hoffe es hilft,

bob_morane77
27.02.03, 20:53
steht drinn, aber welche zeilen wie auskommentieren ????

kennt sich jemand damit aus ?

RichieX
28.02.03, 11:28
Hi bob_morane77,

Probiers doch mal so. Ich hatte auch erst gedacht es ist komplizierter.
Relaying mit SMTP_AUTH und local domains für SuSE 7.x

- Deinstalliere sendmail
- Installiere sendmail-tls
- Änderungen in der m4 (/etc/mail/linux.mc bei SuSE 7.1):



Other dnl #### SMTP_AUTH ####
Other TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl
Define define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl
Define define(`confCW_FILE',`/etc/mail/sendmail.cw')dnl


- /etc/mail/access anpassen
- /etc/mail/relay-domains anpassen

DBs erstellen.
Fertig.

RichieX

Jaydee
28.02.03, 11:49
Hallo,

hier findest Du eine genaue Anleitung:

Hier klicken (ftp://ftp.slsupport.de/howto/sendmail-smtp-auth.pdf)


Gruß Alex

RichieX
28.02.03, 12:22
... oder so!

RichieX

bob_morane77
28.02.03, 20:53
danke für eure hilfe !!!

cu