LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-21-2011, 06:49 PM   #1
gargamel
Senior Member
 
Registered: May 2003
Distribution: Slackware, SLAX, OpenSuSE
Posts: 1,723

Rep: Reputation: 184Reputation: 184
Sendmail for local and external mail: Do I need masquerading?


Hi everyone,

firs of all, I want to apologise, that this post has become quite long. After a long, long time without touching my email configuration, I decided to clean up my mail system a bit, and ran into trouble --- of course! It's working quite well now, again, apart from one last issue, for which I hope to get some advice here. So thanks in advance!


What I want
A local user john on host dark.gardendwarfs.com wants to send local and external email. He has an external email account within the "official" domain gardendwarfs.com (same name as the local domain!). His external email address is john@gardendwarfs.com. Locally, no email address is explicitly specified for john anywhere, but as a local user he can, of course, receive emails to john@localhost or to john@dark.gardendwarfs.com.
When john sends an email to a local recipient, his user name is taken to generate a sender address, such as john@dark.gardendwarfs.com. Local users can reply to this address without any problems. However, for external partners, the sender address must be rewritten to a valid, existing "public" email address, in this case john@gardendwarfs.com.


What I did so far
For the most part, I followed SiegeX's brilliant Sendmail SMTP AUTH Howto. My sendmail.mc, from which I created my sendmail.cf, is derived from sendmail-slackware-tls-sasl.mc with only few changes. Lines in red are irrelevant for my scenario and therefore commented out, while green lines are added.


What I have now

sendmail.cf:

Code:
dnl# [...] Some comments [...]
dnl#
include(`../m4/cf.m4')
VERSIONID(`TLS supporting setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl#
dnl# You will need to create the certificates below with OpenSSL first:
dnl# define(`confCACERT_PATH', `/etc/mail/certs/')
dnl# define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
dnl# define(`confSERVER_CERT', `/etc/mail/certs/smtp.cert.pem')
dnl# define(`confSERVER_KEY', `/etc/mail/certs/smtp.key.pem')
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl# define(`SMART_HOST',`mailserver.example.com')
define(`SMART_HOST',`[smtp.1und1.de]')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
dnl# authinfo for SMTP_AUTH as client against 1und1 SMTP server
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl# Daemon options after M= below that might need to be changed are:
dnl# s (allow SSL, not only TLS)
dnl# a (require authentication)
DAEMON_OPTIONS(`Port=smtps, Name=MSA-SSL, M=Es')dnl
LOCAL_CONFIG
dnl# Do not allow the weak SSLv2:
O CipherList=ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL
And this is my /etc/mail/authinfo:

Code:
AuthInfo:smtp.1und1.de "U:john@gardendwarfs.com" "P:YeahSure" "M:PLAIN"

What's missing
With the setup above, john cannot send external email, as his email address is rewritten to the local address john@dark.gardendwarfs.com. Thus it is impossible to send an email to a local user and copies to external recipients. However, if I associate his official external address john@gardendwars.com to his mail account in KMail, for instance, his address is always re-written to that; if not immediately, then after a two or three stages of reply and re-reply.
I thought of masquerading, but I am not sure, if it would really solve the problem, and how I would go about it. Searching the web for many hours didn't provide, what I am looking for. All methods I found, so far, would either just cause the inverse problems of the ones described above, or cause other un-desired consequences.
I am pretty sure, that this has been solved a hundred times, at least. So, if you know a site, where this is covered in a non-super-sendmail-admin manner, I'd appreciate, if you could point me there!

Thanks a lot for you help!!!

gargamel

Last edited by gargamel; 07-22-2011 at 07:52 AM. Reason: Renamed title and removed large chunks of text and rephrased other a bit to make it more readable, overall.
 
Old 07-23-2011, 04:45 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,124

Rep: Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836
This is the purpose of masquerading. So regardless of what internal machine sends mail, to the outside the address is just USER@gardendwarfs.com. In your sendmail.mc file:

Code:
MASQUERADE_AS(`gardendwarfs.com')dnl
FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
FEATURE(`allmasquerade')dnl
Inbound replies to john@gardendwarfs.com [note: shouldn't that be gardendwarves.com?] could have a forwarding alias to john@dark.gardendwarfs.com if you didn't want to deliver the mail locally.

Code:
john: john@dark.gardendwarfs.com
 
1 members found this post helpful.
Old 07-23-2011, 11:25 PM   #3
gargamel
Senior Member
 
Registered: May 2003
Distribution: Slackware, SLAX, OpenSuSE
Posts: 1,723

Original Poster
Rep: Reputation: 184Reputation: 184
Thanks, smallpond!

First of all: Yes, "gardendwarves" would be correct, thanks for correcting me!

I experimented quite a bit with all kinds of combinations of masquerading options including the one you suggest, but:

Problem with replies to local mail
When john sends email to local user jane, his email address is rewritten to john@gardendwarves.com. When jane tries to reply, her message is sent to the smart host, but rejected, as jane's sender address would either be rewritten to jane@gardendwarves.com, which doesn't exist, at all, or left unchanged, i. e. jan@dark.gardendwarves.com, which is only a local address not known beyond the local host. Therefore, jane cannot be authenticated by the smart host, and her message is rejected, consequently.


Which masquerading features to use (or not)?
If I understand it correctly, the effect of
Code:
FEATURE(masquerade_entire_domain)dnl
FEATURE(`allmasquerade')dnl
would be, that all sender and recipient addresses are masqueraded. This means, that all messages go through the smarthost, right? Actually, I'd prefer a solution, that enables local delivery of emails between local users.

BTW, isn't the use of allmasquerade discouraged, as it can break local aliases (whatever that means)?


Local delivery for local mail, but same email address for local and external mail: Is it possible?
It seems, there is no simple solution, that would enable local delivery for email correspondence between local users including arbitrary turns (is that the right term?) of replies and re-replies, but using a smarthost for external mail, at the same time. It would be even nicer, if the same email addresses would be used locally and externally. At least, john should not have to think about, if he is wrting email to a local or external communication partner, while having local mail delivered locally, at the same time.

Is this possible, at all?

I am thinking of messing around with genericstable and aliases...

Thanks again for all hints pointing me in the right direction!

gargamel

Last edited by gargamel; 07-23-2011 at 11:29 PM.
 
Old 07-24-2011, 12:32 AM   #4
gargamel
Senior Member
 
Registered: May 2003
Distribution: Slackware, SLAX, OpenSuSE
Posts: 1,723

Original Poster
Rep: Reputation: 184Reputation: 184
Went on, and tried the feature local_no_masquerade, but left out allmasquerade and masquerade_entire_domain. First tests look promising, this might be it... So, the relevant parts in my sendmail.mc are now:

Code:
[...]
dnl# You will need to create the certificates below with OpenSSL first:
dnl# (commented out for simplicity, connection is encrypted anyway!)
dnl define(`confCACERT_PATH', `/etc/mail/certs/')
dnl define(`confCACERT', `/etc/mail/certs/CA.cert.pem')
dnl define(`confSERVER_CERT', `/etc/mail/certs/smtp.cert.pem')
dnl define(`confSERVER_KEY', `/etc/mail/certs/smtp.key.pem')
[...]
define(`SMART_HOST',`[smtp.1und1.de]')
[...]
dnl# File authinfo must exist for SMTP_AUTH!
FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl
[...]
dnl# Masquerading
MASQUERADE_AS(`gardendwarves.com')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`local_no_masquerade')dnl
[...]
I'll need to do a few more tests with different scenarios, then I'll report back. But at the moment the result looks quite good... Let's see!

gargamel

Last edited by gargamel; 07-24-2011 at 12:34 AM.
 
Old 07-24-2011, 05:03 AM   #5
gargamel
Senior Member
 
Registered: May 2003
Distribution: Slackware, SLAX, OpenSuSE
Posts: 1,723

Original Poster
Rep: Reputation: 184Reputation: 184
Hi there,

the setup described in my previous post solves it, indeed, regarding functionality. Local users can exchange emails and reply and re-reply as often as they want, because their original email addresses remain unchanged in local/internal correspondence. For external email, their addresses are masqueraded.

This means, of course, that:
  • Sender addresses in mails going out to external recipients are masqueraded. I think, the processing sequence is something like john > john@dark.gardendwarves.com > john@gardendwarves.com. If the sender is a local user, who has no valid email account in the masquerade domain gardendwarves.com, the external recipient will be unable to reply. Fortunately, my environment is secured, otherwise this could be a potential security risk, I guess.
  • As there is no masquerading for local email, the hostname is a visible part of all local addresses. The users here won't care, but for the typical end-user it would be desirable to have only the domain name displayed (even if it is actually included in the email address. However, it doesn't look too ugly, so I can live with this quite well, too.

BTW, I found this piece of text from the Alpine MUA documentation worth reading: Can I eliminate the @host.domain from local addresses?
Therefore I'll mark this thread as closed. Thanks again!

gargamel
 
Old 07-25-2011, 09:25 AM   #6
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,124

Rep: Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836Reputation: 836
Also have a look at the local-host-names file which can be used to specify that any mail to gardendwarves.com should be delivered locally.
 
Old 07-25-2011, 12:53 PM   #7
gargamel
Senior Member
 
Registered: May 2003
Distribution: Slackware, SLAX, OpenSuSE
Posts: 1,723

Original Poster
Rep: Reputation: 184Reputation: 184
Thanks, again. I came across this during my research of the web, but didn't get the idea that it could be useful in my situation. I thought it was good for a slightly different scenario.

The only paragraph in the official README file accompanying my Slackware installation is titled ACCEPTING MAIL FOR MULTIPLE NAMES, and another good explanation seems to be in the one in the Free BSD handbook.

Reading these texts again, I think, that /etc/mail/local-host-names might become useful, when I want to use Sendmail as a local smart host, collecting email from machines in my LAN, delivering local messages itself, but forwarding non-local messages to the ISP's smart host. Kind of an internal smart host, so to speak.

Good to know, hope I remember it when that time comes...

gargamel
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Forward certain local mail to an external mail server marciano Linux - Server 1 05-11-2009 11:08 AM
How to configure sendmail only to send mail to external mail account Nivix Linux - Newbie 2 10-23-2008 12:46 AM
Forward local mail to another local host using sendmail loopy69 Linux - Server 5 02-26-2008 05:38 PM
Local and External Sendmail Combination Azmeen Linux - Server 0 04-25-2007 06:34 AM
Sendmail - Can receive external, no local mail though macdonalder Linux - Software 2 11-18-2005 03:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration