summaryrefslogtreecommitdiff
path: root/usr.sbin/sendmail/contrib/converting.sun.configs
blob: 0fcd919673078793061e8cc7a8001c68c54f9a61 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446

		     Converting Standard Sun Config
		      Files to Sendmail Version 8

			      Rick McCarty
			 Texas Instruments Inc.
		     Latest Update: 08/25/93 - RJMc

This document details the changes necessary to continue using your
current SunOS sendmail.cf with sendmail version 8.  In the longer term,
it is recommended that one move to using an m4 based configuration such
as those shipped with sendmail, but if you're like me and have made
enough modifications to your .cf file that you'd rather put that task
off until later, here's the sum total of my experience to get you to
version 8 with minimal pain.  I'll cover .cf as well as build issues.

Some background - as many are surely aware, Sun has some "special"
features in the sendmail they ship ($%x, %y LHS lookup, NIS alias DB
search, etc.).  (Some of those features can be had in alternative forms
in IDA sendmail, but v8 has picked up some IDA capabilities as well as
new ones, making it IMHO a most desirable version to go to.)  What I
will explain below includes v8 functional "equivalences" to these Sun
sendmail features.

So with that out of the way, let's begin.

First, some assumptions:

	1) I'm going to assume you've got sendmail version 8.6 or
	   later in hand - if not, grab it from ftp.cs.berkeley.edu
	   in the ucb/sendmail directory.  There are bugs in earlier
	   versions which affect some of the needed functionality.

	2) Second, I'm going to detail this based upon the
	   "sendmail.main.cf" configuration.  (BTW, if you attempt
	   to move to using an m4 generated config in the future,
	   MAIL_HUB is the feature which should provide similar
	   functionality).

	   In general, the changes will be similar for a subsidiary
	   file, but since we (my TI group) funnel all non-local mail
	   through our mailhost, we're not as interested in getting v8
	   to run on such systems and I haven't tried it.

	3) You're using DNS and sendmail.mx.  If you're not, you ought
	   to be, even if you're also running it along with NIS (which
	   we do - except for gethostbyxxx() lookups, which I'll be
	   talking about later).  I would imagine you could get things
	   running OK without DNS support, but I haven't tried it myself.

	4) You're not mounting /var/spool/mail from other systems.
	   I haven't found a v8 feature to guarantee this will work
	   correctly.  Anyway, in the past, we've tried doing that
	   here and found it to be a rather "ugly" feature, though
	   Sun ostensibly supports it ("R" option).  Perhaps v8
	   will one day have a similar feature, but for now, bottom
	   line, I would recommend against it.

	5) You're not on Solaris or using NIS+.  I'm on 4.1.3.  I've
	   looked at Solaris briefly and have noted that things are
	   pretty much similar there except that they've moved some
	   things into the /etc/mail directory.  I'd guess the
	   executables aren't functionally all that different from
	   what they had before - the configs are roughly the same.
	   So I'd bet most of what I say in here will apply to
	   Solaris.

OK, let's configure our sendmail.cf!  I'll just go from the top down...

			  VARIOUS DECLARATIONS

1) For v8, you need to define your .cf as AT LEAST a version level 4
   configuration.  Add the following line:

	V4

   There are some issues regarding certain predefined macros - $w, $j, and
   $m.  With a V4 configuration:

	$w is defined to be the hostname, which will usually be fully
	qualified (i.e. "firefly.add.itg.ti.com").

	$j should have the same value as $w.

	$m will be predefined as the domain portion of $w
	(ex. "add.itg.ti.com").

   One note about this - if your configuration relies on the "w" macro to
   be the "simple" hostname (as mine does)...

   If the configuration version is 5 or larger:

	$w is supposed to be the "simple" name (ex. "firefly")

	$j should be the fully qualified name (i.e. "firefly.add.itg.ti.com")

	$m will be predefined as the domain portion of $j
	(ex. "add.itg.ti.com").

   I have not experimented with the various combinations, so I cannot
   guarantee you that the above definitions will always come out as
   expected.  Bottom line:  if your sendmail.cf depends on $w being the
   simple hostname, test it carefully or define the name explicitly,
   for example:

	Dwfirefly

2) To replace the Sun's "%y" feature, we must use a hostname mapping
   feature in v8.  If you want to do similar lookups with v8, you need
   to define the following map (we'll go over the rules that use this
   map later):

	Khostlookup host -f -m -a.

   This will define a "lookup only" map that is otherwise the same as
   sendmail version 8's built-in "host" map (see the "Sendmail
   Installation and Operation Guide" for details on this map.).

   An important note:  Whether or not these lookups will be done via
   NIS is a function of what gethostbyxxx() functions you link into
   your sendmail.  DO NOT redefine your host mapping to use NIS
   explicitly within sendmail - there can be unexpected behaviour if
   you do so (if you do any canonicalization in your .cf, you can get
   incorrect results, for one thing).

   For example, DO NOT TRY:

	Khost nis -f -a. hosts.byname

3) If you're doing reverse alias mapping as done in ruleset 22, instead of:

	DZmail.byaddr

   you'll need to declare the following:

	Kaliasrev nis -f -N mail.byaddr

4) If you are doing any other NIS map lookups, you'll need to define the
   map as done in the below example.  I have a "mailhosts" map, which I
   use to distinguish between local and non-local hosts.  Look at the
   sendmail doc for details on this stuff.

	Kmailhosts nis -f -m -a. mailhosts 

5) You might wish to add the following line to support Errors-To: headers.
   I don't.

	Ol

6) Comment out/remove the following line:

	OR

   The R option means something different under v8 - check the documentation
   if you're interested in using it.

7) If you're running NIS and have a separate alias map, BELOW the
   following line where the alias file is declared:

	OA/etc/aliases

   ADD the following:

	OAnis:mail.aliases

   This will set things up so v8 will look at the local alias DB first,
   then the NIS map, just as Sun sendmail does.

8) Though you don't have to, I'd suggest changing:

	OT3d

   to use v8's warning feature, which allows a warning message to be
   sent if a message cannot be delivered within a specified period.
   I use:

	OT5d/4h

   which says - bounce after 5 days, warn after 4 hours.

9) I set the following option to be explicit about how I want DNS
    handled:

	OI +DNSRCH +DEFNAMES

10) The following line:

	T root daemon uucp

    may be deleted, though it will be ignored if you leave it around.

11) It would probably be good to change the version macro value (which
    shows up in "Received:" headers) so no one debugging mail problems
    gets the wrong idea about what config you're running under.  Look
    for something like:

	DVSMI-4.1

    Mine, for example is:

	DVADD-HUB-2.1

				RULESETS

1)  In ruleset 3, BELOW this rule:

	# basic textual canonicalization
	R$*<$+>$*		$2			basic RFC822 parsing


I add the following rule to remove a trailing dot in the domain spec so
it won't interfere with v8 mapping features, etc.  (Having a trailing dot is
not RFC-compliant anyway.):

	R$+.			$1

2) Because ruleset 5 is special in v8, I rename it to S95 and also change
   all RHS expressions containing ">5" to use ">95" instead.  In v8,
   5 is executed against addresses which resolve to the local mailer and
   are not an alias.  If you don't change S5 to something else, you might
   get a surprise!

3) If you're doing any lookups via the generalized NIS "$%x/$!x"
   mechanisms (such as with the mailhost map I referred to earlier) it's
   done differently under v8.  For example:

	DMmailhosts
	...
	R$*<@$%M.uucp>$*	$#ether $@$2 $:$1<@$2>$3

   takes a different map definition and two rules under version 8:

	Kmailhosts nis -f -m -a. mailhosts
	...
	R$*<@$+.uucp>$*		$: $1<@$(mailhosts $2 $).uucp>$3
	R$*<@$+..uucp>$*	$#ether $@$2 $:$1<@$2>$3

4) Sun has a special case of the "$%x" feature for host lookups - "%y" is
   automagically defined to do an NIS "hosts.byname" search with no other
   definition, as done in the below example:

	R$*<@$%y.LOCAL>$*	$#ether $@$2 $:$1<@$2>$3

   (Sun does this in more than one place.  But the above syntax is almost
    identical in each - mostly a case of changing names to protect the
    innocent.)

   In version 8, the predefined "host" map can be used to do essentially
   the same thing.  (However, whether or not it does an NIS lookup is
   a function of what gethostbyxxx() functions are linked in.)

   Recall the map definition I mentioned earlier in the DECLARATIONS
   section:

	Khostlookup host -f -m -a.

   Here's where we will use it.  It will take two rules:

	R$*<@$+.LOCAL>$*	$: $1<@$(hostlookup $2 $).LOCAL>$3
	R$*<@$+..LOCAL>$*	$#ether $@$2 $:$1<@$2>$3

   Note that this is almost verbatim the same change as was used in the
   previous "mailhosts" example.

5) Although Sun's default configs don't do this, because I mentioned
   canonicalization earlier, it deserves an example, as it's illustrative
   of the functional difference in the map definitions I discussed before.
   This stuff is also convered in the "Sendmail Installation and Operation
   Guide".

   Remember the built-in "host" map definition?  As you'll recall, unlike
   the "hostlookup" map we defined, "host" will actually CHANGE the
   hostname in addition to appending a dot.  "hostlookup" only appends a
   dot if the name is found and doesn't change it otherwise.  Anyway,
   here's the example:

	R$*<@$+>$*	$: $1<@$(host $2 $)>$3		canonicalize
	R$*<@$+.>$*	$1<@$2>$3			remove trailing dot

   Using the above, say you had input of:

	joe<@tilde>

	OR

	joe<@[128.247.160.56]>

	Assuming "tilde" or the IP address is found, it might be
        canonicalized as:

	joe<@tilde.csc.ti.com>

6) As another instance of the NIS lookup feature, with a slightly
   different twist, Sun implements reverse alias mapping in ruleset 22
   with the below:

	DZmail.byaddr
	...
	R$-<@$->		$:$>3${Z$1@$2$}			invert aliases

   To use this feature under v8, change the above rule a (remember to
   define the alias map as I showed earlier):

	R$-<@$->		$:$>3$(aliasrev $1@$2 $)	invert aliases


			   MAILER DEFINITIONS

1) Where "TCP" is defined in the "P=" and "A=" parameters of mailers, I
   changed it to "IPC".  Version 8 will accept "TCP", but "IPC" is
   preferred.

2) On all IPC mailers, I also defined "E=\r\n" and added an "L=1000" as
   in the below example:

	Mether,	P=[IPC], F=mDFMuCX, S=11, R=21, L=1000, E=\r\n, A=IPC $h

   The "E=\r\n" will save you headaches interoperating with such things as
   VMS TCP products.

   The "L=1000" is for RFC821 compatibility.  Not strictly necessary.

   I also removed the "s" (strip quotes) mailer flag Sun puts in for
   these mailers.  Stripping quotes violates protocols, which say
   clearly that you can't touch the local-part (left hand side of
   the @) until you are on the delivering host.

NOW.  If I haven't left anything out, you should be able to run through
your Sun sendmail.cf file and convert it to run under v8.

			      BUILD ISSUES

Some important notes on building v8 on SunOS:

Makefile

The default makefile in the version 8 source (src) directory assumes the
new Berkeley make.  Unless you want to go to the trouble of building it,
you can use your regular make, but you need to use a different makefile.
You can use "Makefile.dist" or "Makefile.SunOS" in the src directory.  I
made changes to get it to build so it is as compatible as possible with
the file/directory locations Sun uses.  Here are some relevant sections
out of my makefile:

	CC=gcc

	# use O=-O (usual) or O=-g (debugging)
	O=	-O

	# define the database mechanisms available for map & alias lookups:
	#	-DNDBM -- use new DBM
	#	-DNEWDB -- use new Berkeley DB
	#	-DNDBM -DNEWDB -DYPCOMPAT -- use both plus YP compatility
	#	-DNIS -- include client NIS support
	# The really old (V7) DBM library is no longer supported.
	# See READ_ME for a description of how these flags interact.
	#DBMDEF= -DNDBM -DNEWDB
	DBMDEF=	-DNDBM -DNIS

	# environment definitions (e.g., -D_AIX3)
	ENVDEF=

	# see also conf.h for additional compilation flags

	# library directories
	LIBDIRS=-L/usr/local/lib

	# libraries required on your system
	#LIBS=	-ldb -ldbm
	LIBS=	-ldbm -lresolv

	# location of sendmail binary (usually /usr/sbin or /usr/lib)
	BINDIR=	${DESTDIR}/usr/lib

	# location of sendmail.st file (usually /var/log or /usr/lib)
	STDIR=	${DESTDIR}/etc

	# location of sendmail.hf file (usually /usr/share/misc or /usr/lib)
	HFDIR=	${DESTDIR}/usr/lib

For the resolver library, you can use the one shipped with Sun if you
want.  But I'd recommend using another version of the resolver library
(such as the one with Bind 4.8.3 or 4.9).  Sun's resolver stuff (at
least with 4.1.x) is quite old - I believe it is of 4.3.1 vintage.  (Do
you get the impression I don't TRUST what Sun ships with their systems?)

If you want NIS host lookup while maintaining DNS capability, you might
take a look at resolv+, which has NIS capable gethostbyxxx() functions
in it.  My recommendation, however, is to avoid doing NIS host lookups
in sendmail altogether, and to use a "pure" version of the resolver
library.

There are probably no situations (at least I think so) where it makes
any sense to link in Sun's NIS gethostbyxxx() functions from libc.
You could, I guess do it (I haven't tried it) and wind up with a
sendmail equivalent to the non-mx version Sun ships.  You'd need to
insure that NAMED_BIND is not defined in the build.  (If you do
this and have the "-b" DNS passthru option set in NIS, remember that
while you have some DNS functionality you'll not have any MX support.
(This, IMO, is what makes this a non-optimal choice.)

		      INSTALLATION/TESTING ISSUES

The sendmail.hf file in the src directory should replace the one currently
in /usr/lib.  You also might choose to edit it a bit to "localize" what it
says.

The sendmail executable goes, of course, in /usr/lib in place of the current
one.  What I did was create a subdirectory in /usr/lib and put all of the
Sun sendmail stuff in there.  I named the v8 sendmail executable to be
sendmail.v8.mx and then symbolically linked it to sendmail.

One other thing.  If you use address test mode, keep in mind that
Version 8 is like IDA in that it does not automatically execute ruleset
3 first.  So say you're playing around with things testing addresses and
you're used to things like:

	0 jimbob@good.old.boy.com

under v8 you need to say instead:

	3,0 jimbob@good.old.boy.com

	      INTEROPERABILITY ISSUES YOU MIGHT ENCOUNTER

Be aware that sendmail v8 issues a multi-line SMTP welcome (220)
response upon a client connection.  Most systems in your network should
handle it OK, but there are some that choke on it, because whoever wrote
the clients assumed only a single line.  THIS IS NOT SENDMAIL's FAULT.
A multi-line 220 response is perfectly valid.  A likely place you'll
encounter this problem is with non-Un*x SMTP clients.  If you do run
into it, you should report it to the vendor.

A final note about version 8 - if you follow the above configuration
scenario, you'll notice it doesn't like to get envelope sender
addresses it doesn't know how to get back to.  Sun sendmail would take
anything, even though it might not be able to bounce the message back
should something happen downstream.  So if another sendmail on a host
that's not locally known is trying to pump mail through your v8 host,
the ENVELOPE sender it gives had better be fully qualified.  This is
a GREAT thing, because it helps clear up problems we've had with not
being able to get things back to the sender, resulting in an
overburdened postmaster.

I hope this helps those running Sun sendmail feel more at ease with moving
on to v8.  It's really worth going to.