SCO Unix Sendmail Notes

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.

Some material is very old and may be incorrect today

© July 2013 Anthony Lawrence

Let me say first that unless this is just for local use, I do not recommend this at all. It's going to be very difficult for you to keep Sendmail up to date and secure on older SCO Unix.

Also, I don't recommend mixing a mailserver function with an application server. You can do free or inexpensive email on Linux systems with far more ease and security.

That all noted, should you find yourself in the unfortunate position of needing to know something about this, here is a pile of stuff related to Sendmail on SCO Unix. There's also some Linux notes mixed in..

History

SCO and sendmail have an unfortunate history. Most SCO systems were configured with MMDF - sendmail was available, but mmdf was more often used.

When sendmail was used, it was often an older version, rife with security problems, and troublesome to replace. That hasn't changed. Compiling any app on SCO is likely to be difficult and sendmail is of course no exception. Searching for pre-built sendmail binaries is often the easiest path.

Sometimes SCO patches update sendmail somewhat (for example, RS506A for SCO 5.0.6 updated sendmail to 8.11.0) and checking SCO Downloads might get you somewhere too.

Assuming you have a reasonably current binary, your next problem is getting a proper .mc file (see Sendmail Basics for an introduction to Sendmail).

While helping a customer with a sendmail issue I was reminded that stock SCO doesn't include a suitable .mc file. This customer wants to rewrite the user names so that when mail goes out it appears to come from a completely different name. That appears to be possible with the "genericstable" feature of 8.8 and up:

You'd add

FEATURE(`genericstable', `dbm /etc/mail/genericstable')dnl) to your .mc file.

You'd create "yourlist" containing lines like: fred [email protected]

and then

makemap dbm /etc/mail/genericstable < yourlist

then remake the cf as usual. But without a starting .cf, you can't do much.

If you can't find anything better, start with this imperfect version:

divert(-1)
#
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved. Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set forth in the LICENSE
# file which can be found at the top level of the sendmail distribution.
#
# Written for SCO OpenServer 5.0.x June 10th, 2002 Matt Lewis
divert(0)dnl 
include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4') 
#This defines local variables for OpenServer 
VERSIONID(`$Id: sco-generic.mc,v 8.16 1999/04/24 05:37:43 gshapiro Exp $')dnl 
OSTYPE(`sco3.2') 
define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl
FEATURE(`access_db',`hash /usr/lib/mail/access')dnl 
#Listing of hosts we relay for
define(`confCR_FILE',`/usr/lib/mail/relay-domains')dnl
MASQUERADE_AS(`testdomain.com')dnl
# Needed to fix error with /usr/lib/uucp/ permission on SCO OpenServer 8..x 
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl
# Cut down on spam set Max recipents to 15
define(`confMAX_RCPTS_PER_MESSAGE',`15')dnl
# File containing hosts we accept mail for locally
define(`confCW_FILE',`/usr/lib/mail/local-host-names')dnl 
FEATURE(use_cw_file)dnl
#This is important takes care of Wild Card MX records and a problem with OpenServer resolve 
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl 
MAILER(smtp)dnl

Another generic .mc file

From a newsgroup post

From: [email protected] (Matt Lewis)
Subject: Re: MMDF to Sendmail 8.11.0 howto SCO Openserver 5.0.x  sco-generic.mc file
Date: 19 Oct 2002 09:29:23 -0700

Here is the sco-generic.mc file in full that I put at then end of my
original article.  This includes smrsh and a few other security items
the original did not.  Copy and past below into a file and call it
sco-generic.mc  move this to /usr/local/sendmail-8.11.0/cf/cf.  Then
run m4 sco-generic.mc > /usr/lib/sendmail.cf as per instructions in
previous posting.


divert(-1)
#
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
#       All rights reserved.
# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
# Copyright (c) 1988, 1993
#       The Regents of the University of California.  All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)dnl
dnl #################### Setup ##################################
include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4')
VERSIONID(`$Id: sco-generic.mc,v 1.00 2002/07/12 ML Exp $')dnl
OSTYPE(`sco3.2')dnl

dnl ################### Network Specific ########################
MASQUERADE_AS(`test.testdomain.com')dnl

dnl ################### Server Specific #########################
dnl # Commonly used Files
define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl
define(`confCR_FILE',`/usr/lib/mail/relay-domains')dnl
define(`confCW_FILE',`/usr/lib/mail/local-host-names')dnl
define(`STATUS_FILE',`/usr/lib/mail/statistics')dnl

dnl # SCO Openserver Specific variables and options  
dnl # Needed to fix error with /usr/lib/uucp/ permission on SCO
OpenServer
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl

dnl # Options to correct deficient bind setup under SCO Openserver.  
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl


dnl ################## Features ################################
FEATURE(`access_db',`hash /usr/lib/mail/access')dnl 
FEATURE(`use_cw_file')dnl
FEATURE(`masquerade_envelope')dnl

dnl # Restricted Shell for security
FEATURE(`smrsh')

dnl ################# Parameters ###############################
EXPOSED_USER(`root')
define(`confHOST_STATUS_DIRECTORY',`/usr/adm/sendmail')dnl
define(`confMAX_DAEMON_CHILDREN',`25')dnl
define(`confMAX_MESSAGE_SIZE',`15000000')dnl
define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl
define(`confPRIVACY_FLAGS',`goaway')dnl
define(`confBAD_RCPT_THROTTLE',`10')dnl

dnl ################# Mailer Definitions #######################
MAILER(`local')dnl
MAILER(`smtp')dnl

dnl ################ Local Rulesets ############################
dnl # Ruleset to block incoming mail by searching subject for blocked
words
dnl # or phrases
dnl # Note: Multi word entries in blocked_subjects file must have 
dnl # spaces replaced by "." Exa.  "this is it" becomes "this.is.it"
dnl # Any changes to blocked_subjects file require a restart or HUP of
dnl # Sendmail. exa (kill -HUP "pid of sendmail")

LOCAL_CONFIG
F{MRej} /usr/lib/mail/blocked_subjects

LOCAL_RULESETS
HSubject: $>CheckSubject
D{MMsg} Mail blocked.
SCheckSubject
R$* $={MRej}$*          $#error $: 550 ${MMsg}
 

Building sendmail 8.12 on osr507

Taken from a newsgroup post

From: Bela Lubkin ([email protected])
Subject: Re: Sendmail 8.12 SCO OS5.0.7 by mail.ut.sco.com with SMTP; 20 May 2003 07:48:11 -0000
Date: 2003-05-20 00:49:04 PST

[moved from comp.unix.sco.misc]

Steve Burger wrote:

> I had sendmail 8.12 compiled and running of 5.0.6 and was using "virtual 
>   domains" to receive mail for multiple domains as per the How-to at 
> sendmail.org.
> 
> Since upgrading to 5.0.7 I have gone back to 8.11 and I can not get my 
> virtual domains working again.
> 
> If I generate sendmail.cf with m4, sendmail complains that the feature 
> is not implemented.
> 
> If I try to build 8.12.9 I get the following compilation errors.
> 
> When using OpenServer Development System.
> cc -b elf -O -I. -I../../include  -DNEWDB -DMAP_REGEX -DNDBM    -c conf.c
> "conf.c", line 2391: error: identifier redeclared: setproctitle
> "conf.c", line 2615: warning: type does not match prototype: pid
> "conf.c", line 3920: warning: type does not match prototype: uid
> "conf.c", line 4445: warning: type does not match prototype: uid

OSR507 introduces support for setproctitle() as a system call.  It is
prototyped in an appropriate header file.  Looking at some rather old
(8.6.10, to be exact) sendmail source, I see that it decides whether to
compile conf.c:setproctitle() according to a define `HASSETPROCTITLE',
which is in turn set by a series of OS-specific #ifdefs in conf.h.  If
this is still done the same way in current sendmail, you need to tweak
conf.h to define HASSETPROCTITLE.

... Ok, in later versions it looks like you need to change conf.h from:

  # define SPT_TYPE     SPT_SCO      

  to:

    # define SPT_TYPE     SPT_BUILTIN  

    Most programs use a `configure` script that dynamically figures this
    stuff out instead of having it hard-coded according to "known"
    properties of operating systems...

    > When using the UDK.
    > nt.c
    >         cc -b elf -o t-event   t-event.o libsm.a   -ldb -lresolv 
    > -lsocket -lndbm
    >  -lprot -lcurses -lm -lx -lgen
    > UX:ld: ERROR: libdb.so: cannot link OpenServer object into Intel iABI target

    I don't think you _can_ say "-b elf" to the UDK compiler; the fact that
    this didn't just error out suggests you've got your tools rather severely
    mixed together.

    I would concentrate on the native build if I were you.

    >Bela<

Sendmail 8.12 submit.cf

From a newsgroup post

From: [email protected] (Bill Vermillion)
Subject: Re: sendmail buffer overflow fix for 8.11.6
Date: Tue, 11 Mar 2003 17:25:32 GMT

In article <[email protected]>,
Deepak Thadani <[email protected]> wrote:
>Hi all,
>
>I just recompiled my sendmail 8.11.6 (on SCO OSR 5.0.5)  with the
>patch from sendmail.org for the latest buffer flow vulnerability, and
>things are looking good and it's running fine.

>While I was at it, I also compiled 8.12.8, however I wanted to know,
>before I install 8.12.8, are there a list of significant changes
>between 8.11.6 and 8.12.8? I've checked the sendmail.org site and I
>don't find any real feature comparisons between versions of sendmail.


Release notes 'knows all - tells all'.

The most significant change - and it can catch you if you don't
add new users before running it - is that sendmail no longer
runs SUID root by default.  It runs SGID 'smmsp' - and that user
needs to be added along with 'mailnull' user.

It will create a 'clientmqueue' directory in addition to the 
standars 'mqueue'

There are also now two .cf files, the sendmail.cf and the submit.cf
The latter is used for tranmitting and the former is for receiving.

That means you can run sendmail in send only, receive only, both,
or none.  It also does some severechecking on world and group
writeable files/directories and will not run if they are not
correct.  I had to fix an OS/X for friend of mine this way.

There are lots of other changes but those are the only ones you
need to watch out for if you install in the default mode.

>Is there a site/page or reference document I can read which will show
>a feature by feature comparison between various sendmail versions?

Nothing in sendmail is one page :-)  The one site that has the
information is www.sendmail.org.   

The closest you'll come are the release notes and if you stick with
current you'll see starting with the 8.12.0 notes all the changes
that have been made. It is a LOT of information - 99% of which
won't affect most people.  The above are what you really need to
know about.

Bill

Replacing mmdf with sendmail

Date: Fri, 27 Apr 2001 11:45:40 -0400
From: Tony Lawrence <[email protected]>
Subject: Re: Replacing MMDF with sendmail on SCO

> 
>  I would like to replace MMDF on our scobox, with sendmail as the
> MTA.  How should I go about doing this?
 

Basically, you remove mmdf and then install sendmail using custom. You have to "drill down" to find MMDF inside your OS listing, and you need your install cd to install sendmail (again drilling down to find it).

SCO TA 107593 covers the mechanics of that, but skips two important points:

1) Make a copy of your mmdf aliases files first, because removing mmdf loses those.
2) You'll probably want to run "cnvtmbox" on usr mailboxes during the switch

Also see this longer description: How to convert from mmdf to 8.11 sendmail osr5, which also includes a sco.generic.mc file.

Sendmail VRFY

In the process of doing some testing of a mail server, I noticed a piece of spam mail delivered to an address that no one should have known about. This disturbed me greatly, because the only place that address appeared was in the mail alias file on my server. Had my server been compromised?

Well, no, but as they say "mistakes had been made". After I had checked everything I could, I was reasonably sure that I hadn't been hacked, which meant that sendmail had to have coughed up that information through a VRFY command. But I have VRFY turned off.. or did I?

Well, no, I didn't. I THOUGHT I had, but I misunderstood the configuration on my hosted server and had put the options in the wrong file. Amazingly, that was a long, long time ago and I swear I remember testing this, but when I tried it again, my sendmail happily spit back alias addresses.

Ooops. Well, easily fixed. I replaced

O PrivacyOptions=authwarnings
 

in sendmail.cf with

O PrivacyOptions=goaway,restrictmailq,restrictqrun
 

"goaway" expands to "authwarnings, noexpn, novrfy, needmailhelo, needexpnhelo,needvrfyhelo".

Test your server by telneting to it on port 25 and try "vrfy yourname". If it doesn't reject you, you don't have these options set.

[[email protected] bin]# telnet aplawrence.com 25
Trying 64.226.42.29...
Connected to aplawrence.com (64.226.42.29).
Escape character is '^]'.
220 vps.pcunix.com ESMTP SMTP Ready; Sun, 19 Sep 2004 14:32:19 GMT
vrfy tony
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
expn root
502 5.7.0 Sorry, we do not allow this operation
quit
221 2.0.0 vps.pcunix.com closing connection
Connection closed by foreign host.
 

Sendmail and /etc/service.switch

From a newsgroup post:

From: Steve Fabac <[email protected]>
Subject: Re: sendmail problem on 5.0.4 on SW Bell ADSL line
Date: Sun, 03 Jun 2001 23:16:47 +0100

Bill Vermillion wrote:
> 
> In article <[email protected]>, Steve Fabac  <[email protected]> wrote:
> >I have a client running SCO 5.0.4 Ent. with sse022 (sendmail 8.8.8)
> >that begin complaining about long delivery times for their outgoing
> >e-mail. They reported a 5 hour delay between the time they sent the
> >email and the recipient receiving it. (No, I have not asked the client
> >to have the recipient forward me the email so that I can check the
> >headers ... yet.)
> 
> >To try to avoid the seeming delay in the swbell mail server, I
> >commented out the "smart host" directive in sendmail.cf that
> >specified "mail.swbell.net"
> 
> >Mail to [email protected] then fails with
> 
> >>                 Mail Queue (1 request)
> >> --Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient------------
> >> CAA29561       34 Fri Jun  1 02:55 smf
> >>                  ([email protected] reply: read error from swbell.net.)
> >>                                    [email protected]
> 
> >But if I send the message addressed to [email protected]
> >it gets off the machine and is delivered!!!
> 
> No need for exclamation points there, as that is exactly the
> expected behaviour if you so not have SmartHost and DO NOT have
> a local DNS server.
> 
> By commenting out 'SmartHost' - which will lookup the
> proper MX records, you now have to deliver mail to an explicit
> email address, as you have just found.  That's why it's
> called a "SmartHost".
> --
> Bill Vermillion -   bv @ wjv . com

You're right Bill, I found that sendmail is not using DNS on the
client's machine due to the existence of /etc/service.switch. 

Some time in the past before the client was connected to the internet,
I had followed the SCO technical article to create /etc/service.switch
to prevent sendmail from using the nonexistent DNS service for
intra-company e-mail. When the system was connected to the internet, I 
reconfigured /usr/lib/sendmail.cf and dropped the OI-DNSRCH but
did not remove /etc/service.switch. 

Well, I fought getting e-mail off the machine until I set mail.swbell.net
as the "smart host." Then, all non local e-mail was relayed through 
swbell.net. 

I found this when I executed /usr/lib/sendmail -bt and
issued /mx swbell.net and received the following response

> With /etc/service.switch set to:
> hosts files /dns
> 
> # /usr/lib/sendmail -bt
> WARNING: writable directory /usr
> WARNING: writable directory /usr/spool
> WARNING: writable directory /usr/spool/mqueue
> ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
> Enter <ruleset> <address>
> /mx swbell.net
> > getmxrr(swbell.net) returns 0 value(s):
> > 
> 
> After removing service.switch or changing it to:
> hosts files dns
> 
> # /usr/lib/sendmail -bt
> WARNING: writable directory /usr
> WARNING: writable directory /usr/spool
> WARNING: writable directory /usr/spool/mqueue
> ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
> Enter <ruleset> <address>
> /mx swbell.net
> > getmxrr(swbell.net) returns 3 value(s):
>    mta1.rcsntx.swbell.net.
>    mta2.rcsntx.swbell.net.
>    mta3.rcsntx.swbell.net.
> > 


Problem solved. 

MMDF and Sendmail Control A's (SCO Unix)

Strangely enough, SCO's sendmail looks to MMDF's mmdftailor file for its mail separator characters, and will surround messages with Control-A's if these aren't set:

MMBXPREF    ""
MMBXSUFF    ""
 

Email uuencoded file

From a Newsgroup post

From: [email protected] (Robert Carnegie)
Subject: Re: Sendmail 8.9.3 - PPP - Trouble sending encoded binaries
Date: 2 Aug 2001 03:57:25 -0700

"Jadon" <[email protected]> wrote in message news:<[email protected]>...
> Thx for your replies, but I will try and explain myself a little more.
> 
> A.txt  --   75K Simple text file
> B.bin  --  25K Binary file
> C.bin  --  75K Binary File
> 
> A.txt.uue -- 100K uuencoded version of A.txt
> B.bin.uue -- 40K uuencoded version of B.bin
> C.bin.uue -- 100K uuencoded version of C.bin
> 
> Sending the above on my sco box with the command.
> 
> mail -s test blaa.com.au < file
> 
> A.txt.uue will work fine
> B.bin.uue will work fine
> C.bin.uue will fail after 5 mins or so with an I/O error
> 
> I dont believe it is a problem with my ISP as if I connect through windows,
> and send large mails they only fail with a message if they are larger than
> 4MB.
> I have check the uuencoded files for '+++' type commands and there are none.
> 
> Jadon

Oh, one and a half more thoughts (and another afterthought) -
this is really bugging me.  Thought #1: somewhere along the line,
the system may object to mail messages that contain a large binary
file _and nothing else_.  So perhaps


uuencode /bin/binary /bin/binary | mail -s"Binary" [email protected]

won't work;

(
echo "Here comes a binary file for you!"
echo      # I'm not sure if a blank line is required here, but it's neat
# man vi  # would place a _lot_ of text in the message body itself ;-)
uuencode /bin/binary /bin/binary
) | mail -s"Binary" [email protected]

might work...

This is still quite a stretch; the connection simply dying without
much of an error message (you said "with error 0"?) isn't respectable
behaviour for an ISP's mail server hypothetically rejecting a message...

The half-thought - if you're sending messages into your mailbox
_at_ the ISP, there is probably an overall total size limit
on storage.  At some point, the mailbox is going to be full,
and the server won't accept more messages for that address.
The lack of error message at this point still isn't polite,
but it might account for irregular results sending A.text.uue
versus C.bin.uue; when you sent A the mailbox was empty, when
you sent C the mailbox was full or nearly full, so A was accepted
and C was not.  Perhaps.

The afterthought - you can use OpenServer's "split -b" (see "man split")
to divide up a "binary" file into smaller pieces, and then uuencode each
piece separately and - perhaps - send them all in the same e-mail message.
To reassemble the pieces at the Windows command prompt, for instance,

copy /b binarypart1+binarypart2+binarypart3 binary_original

There are utilities that can handle this sort of situation automatically
at the receiving end; these tools are used for exchanging dirty pictures
on Usenet binary newsgroups, so if you want to pursue that, go ahead...

Or if the system only chokes on recognised uuencoded data, you could
substitute -

uuencode .... | mail ...

(message body starts with "begin 755 /bin/sh", or whatever, which is
automatically recognised as the start of a uuencoded file)

with

(
echo -n "menachem "
	uuencode ....
	) | mail ...

	(so now the message body starts "menachem begin 755 /bin/sh" ;-)

	This, like another of my suggestions, would require manual extraction
	of the data and use of a separate uudecode tool at the receiving end -
	potentially a considerable nuisance.

	Two more fractional thoughts.  A particularly eccentric ISP might ban
	particular types of binary file, such as MP3 and other audio data files,
	to reduce heavy casual use of bandwidth and copyright violation.
	About half of ISPs who receive threatening letters from music company
	lawyers seem to be easily scared into abusing their paying customers
	at the behest of money-grabbing un-creative parasites.  Let me say that
	I don't have very strong views on intellectual property rights, one
	way or the other, since my own intellectual capital is limited...(?)

	When you receive this you may have already ruled out lunatic ISP
	server configuration issues anyway (unless they're _all_ mad...)

	Lastly - I noticed that my /bin/sh, uuencoded, has a lot of white space
(byte 00 00 00 00 00...)  Compressing the file with a suitable tool
(compatible with something at the other end) - gzip or bzip2, q.v. -
would fix that, if it's an issue in _your_ binary files.  But since
you suspect a size limit, you should already have considered compression...?

Sendmail spam

From a newsgroup post

From: [email protected] (Rod Smith)
Subject: Re: Sendmail & SPAM?
Date: Wed, 26 Dec 2001 16:54:01 GMT

In article <[email protected]>,
        "Gail Koontz" <[email protected]> writes:
> The following quoted material came from my ISP. I confess to knowing nothing
> about sendmail. Is this sort of thing possible? Is it dangerous or just
> annoying?

What precisely do you mean by "this sort of thing?" There are several
"things" mentioned in this message. Perhaps the context of the
paragraphs you've quoted would help, but from what you've quoted, it's
unclear to me why they sent this message, or even if they have a clue
what they're talking about....


> ---------------------------------------------------------------------
> QCIS has received, over the past several months, reports from some of our
> subscribers whereby the subscriber has received a SPAM-type e-mail message
> and the subscriber's e-mail address does NOT appear in the "To:" section of
> the offending message. Our early investigation of this unusual event

This is very easy to do and not at all unusual in spam. It's important
to distinguish between the message envelope and the message headers,
though. The envelope is something that's processed by the mail server,
and it normally contains the true recipient address, but it's stripped
from the message by the time it's received. (The mail server often
pushes this information into headers, though.) The headers are easily
forged, but appear in mail messages. For instance, here's a simple
transaction I performed on my local network:

$ telnet speaker 25
Trying 192.168.1.1...
Connected to speaker.rodsbooks.com (192.168.1.1).
Escape character is '^]'.
220 speaker.rodsbooks.com ESMTP Postfix
HELO nessus.rodsbooks.com
250 speaker.rodsbooks.com
MAIL FROM:<[email protected]>
250 Ok
RCPT TO:<[email protected]>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From:<[email protected]>
To:<[email protected]>

Message text.
.
250 Ok: queued as 02C492B8D6

The envelope specifies the RCPT TO address as [email protected] (my
true address on the target system), but the header specifies the To:
address as [email protected] The message arrived OK. Here's the
header, as revealed by my mail reader:

From [email protected]  Wed Dec 26 11:16:57 2001
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from nessus.rodsbooks.com (nessus.rodsbooks.com [192.168.1.3])
    by speaker.rodsbooks.com (Postfix) with SMTP id 02C492B8D6
    for <[email protected]>; Wed, 26 Dec 2001 11:16:08 -0500 (EST)
From: <[email protected]>
To: <[email protected]>
Message-Id: <[email protected]>
Date: Wed, 26 Dec 2001 11:16:09 -0500 (EST)

The MAIL FROM and RCPT TO envelope entries got shoved into the
Return-Path: and Delivered-To: headers, but the From: and To: headers
mirror the bogus From: and To: headers I typed in the test. (In fact,
even the MAIL FROM/Return-Path: header is bogus, although the hostname
is valid on my local network, although not on the Internet at large.)

In sum, the To: header is 100% unreliable in determining the true
recipient(s) of the message. Your ISP should know this, but the comment
that the To: header not matching the true recipient is "unusual"
suggests that they don't.

> lead us
> to believe that these types of messages were distributed by a listserver,
> which collected (by either buying and/or copying our subscriber's e-mail
> addresses from one or ore sources) our subscriber's e-mail address.

Using listservers and hijacking mailing lists are both common tactics
used by spammers, but the fact that the To: header was bogus doesn't
lead logically to this conclusion. I used Telnet to generate the bogus
To: header in the preceding example, for instance. There's plenty of
specialized spam software (often called "spamware") that'll do this, as
well.

> Currently QCIS is working on investigating the possibility of an e-mail
> program, which uses the "sendmail" platform (UNIX-based listservers) to send
> SPAM-type e-mail messages, which - once accepted by our UNIX- based e-mail
> servers, have the ability to erase our subscriber's e-mail address from the
> "To:" field of the message.

It's possible that a spammer is using sendmail or a modified version of
sendmail to do this, and it's even possible that the ISP has evidence
of this. If so, it's certainly not cause for concern about your own
local copy of sendmail, though; it's the SPAMMER'S copy of sendmail
that's sending the spam -- or at least, you've presented no evidence
that your own sendmail has been in any way compromised. (Spammers do
sometimes hijack misconfigured mail servers, known as "open relays," to
send their spam, but the message you've quoted doesn't explicitly
mention this possibility.)

> With never-seen-before virii recently being
> unleashed on the Internet, we are now beginning to see computer programs,
> written for financial gain or to be financially crippling.... 

True, but this has been true for a long time, and I'm not sure how it
fits in with the previous statements.

In sum, this message from your ISP is at best confusing for lack of
context. At worst, it reveals a serious misunderstanding of how SMTP
e-mail works on the part of the writer. In neither case does it mean
that you need to modify your Linux configuration.

That said, though, e-mail server configuration *IS* a real concern for
anybody who runs one. You should keep up with security updates (I don't
know of any recent ones for sendmail, but I've not been following it
all that closely), and if your server is accessible from the outside
world, ensure that it's not configured as an open relay. (See
http://mail-abuse.org/tsi/ for more on this issue. AFAIK, all recent
Linux distributions ship with mail servers that are configured to NOT
function as open relays.)

sendmail gui installation configuration

From a newsgroup post

From: "Stan & Julie Rock" <[email protected]>
Subject: Re: send mail
Date: Sat, 5 Jan 2002 19:27:04 -0800

Yeah, but it costs some money.  Its the commerical version.  You can check
it out at www.sendmail.com.

The free version doesn't have a GUI.  There are setup scripts out there that
can help you once you've installed the tar ball, rpm, or deb...


Stan


"Mr Bill" <[email protected]> wrote in message
news:[email protected]
> Is there a graphic interface for send mail that is easy to install for a
new
> person
>
>

In the same thread, someone else made this suggestion:

From: Erik de Castro Lopo <[email protected]>
Subject: Re: send mail
Date: Sun, 06 Jan 2002 20:44:56 +1100

Look for install-sendmail on http://freshmeat.net/

Its not a GUI, but a commandline program which asks you questions and then 
generates the config files.

YOu might also want to have a look at Postfix which is many orders of magnitude
easier to set up than Sendmail. It doesn't have a GUI, but the config file
is very easy to follow with lots of comments and examples.

Command line mail attachments printer to email sendmail mmdf

From a newsgroup post

From: "Brian K. White" <[email protected]>
Subject: Re: command prompt SENDING MAIL
Date: Sat, 23 Feb 2002 21:36:51 GMT


"Stephen Younger" <[email protected]> wrote in message
news:[email protected]
> Hi all,
>
> I currently am using the following command to send print files from of
> Openserver 5
>
> cat invoice.rep | mail -s "Invoices for today" [email protected]
>
> This copies the contents of the file (invoice.rep) into the message
body,
> but with different email packages/versions being used the formatting is
> sometimes totally distorted.
>
> What I want to really do is attached the file or even better multiple
files
> to the message, so the receiver sees them as attachments.
>
> I know you can do this from within scomail, but I need to be able to do
this
> at the command prompt and it will all be done within shell scripts.
>
> Any help would be much appreciated.
>
> Best regards
>
> Stephen Younger


I wrote the following shell script to do this.
It is somewhat less than half-baked at the moment, but as it happens, all
the stuff I have not gotten around to doing to it, are pretty unneccesary,
else, I'd have finished adding the features. :)

basically, the idea is to take in text from any app that already prints,
and send it as email, and to insure the text gets displayed in the users
mail client in a fixed-width font, without trying to engage in the utterly
futile and thankless hell of convincing other people to change the
settings in their mail clients.... just send the mail as html and the only
"html" is that the whole mail is just wrapped in <pre> </pre> so 
if a user does get the mail and is not using a fancy email client
that understands html, very minimal harm done. in order for the
mail to show up properly formatted and *not* require the user to
open an attachment, the script writes it's own mail headers, so
that it can include a "content-type: text/html" and it feeds the
final product in to sendmail* instead of mail

(*) there is a dummy "sendmail" that works with this even on sco boxes
that have MMDF and not sendmail installed, don't worry about that. It
actually works on both sco and linux and the only thing you have to do is
change the path to sendmail in the script.


usage:

your-application >/tmp/textfile


reptmail H /tmp/textfile [email protected] "subject line text"


requirements:
unpcl and ibm2ascii scripts, found in the same place below (they also work
on both sco and linux)

a head.html and a tail.html which are used to dress-up the email a little
more than having *just* <pre> </pre>. samples also provided below.

see:
http://www.aljex.com/bkw/filepro/

scroll down to "reptmail"
(pronounced "report-mail", as in, it emails reports)

of course it can easily just be edited to not require unpcl or head/tail
html.
unpcl just strips out hplaser pcl ecape codes, ibm2ascii translates ibm
line-drawing characters to plain-ascii approximations. this lets 95% of
the already existing reports generated from my application to be fed in
without making any changes to the application. and cat head.html ... cat
tail.html can be reduced to echo '<html><body><pre>' ... echo
'</pre></body></html>'

UUCP and Sendmail

From a newsgroup post

Date: Sat, 20 Mar 1999 14:59:03 -0500
From: Fred Percynski <[email protected]>

Mike,

The following works for our customers who use UUCP and Sendmail. 
It sounds like it should work for your problem.  Add this to your
sendmail.cf file:


# Force Sendmail not to resolve host names
O ServiceSwitchFile=/etc/nsswitch.conf

Then create the file /etc/nsswitch.conf and populate it with:

# ServiceSwitchFile to tell Sendmail not to use DNS
hosts /etc/hosts

Hope it helps!
Fred


Mike Hawkins wrote:
> 
> Hi people,
> 
> I am attempting to confgure sendmail on SCO openserver enterprise to send
> mail to an ISP through a dial on demand modem connection. At this time,
> mail is sent everytime a user sends an email. If the email is addressed
> locally, ppp raises the modem connection. This I definitely want to stop
> happening. If the user sends mail externally then I want the mail to be
> held until a script (which I will write) raises the connection at which
> point sendmail should dump all externally addressed queued messages to the
> ISP server. Also, the script will send an ETRN queue message. I've tested
> the ETRN script and it works just fine. I'll schedule it with cron.
> 
> I would love to disable DNS lookups by removing it altogether from the
> resolv.conf but I can't because other services (eg: squid proxy) must have
> DNS resolving available.
> 
> Here is my sendmail config, hosts, resolv.conf and named.boot.
> 
> Bind is set up to act as a cache DNS. Maybe it's not quite right but I
> think it works OK. Hosts has some redundant entries but apart from that it
> seems ok and resolv.conf seems OK to me as well. But I do know that
> sendmail.cf is probably out of kilter. If anyone can offer suggestions it
> would be much appreciated.
> 
> The main issue is stopping the link from coming up when a local email is
> sent. That's a real pain and is costing the customer a fortune in local
> calls. Queueing externally addressed emails for a periodic send is next on
> my wish list.
> 

Sendmail email worm management (SCO Unix)

From a newsgroup post

From: Jean-Pierre Radley <[email protected]>
Subject: Re: How Can I Block Latest Worm-Generated SPAM?
Date: 19 Sep 2003 16:11:00 -0400

Lucky Leavell typed (on Fri, Sep 19, 2003 at 06:21:32PM +0000):
| I know I am one of very many hapless souls receiving message after message
| totaling around 150K/message purporting to be M$ patches or undeliverable
| or some such muck. When receiving similar SPAM generated by SoBig.F, it
| all (for me) came from one IP address so it was fairly easy to insert a
| statement in my .maildelivery file to eliminate it but today's has no
| discernible pattern I can see.
| 
| Any suggestions on how to stem the flow other than closing port 25 which
| would only defer the problem? My email server is UW7.1.0 with PTF7130e
| installed. I even though about rejecting any messages with attachments but
| am not sure how to do that with sendmail.
| 
| The main headache it is causing me today is that it takes so much of my
| very limited bandwidth that the only thing I can do is send
| (hopefully!) and receive (definately!) email.  Everything else, including
| pings time out with Unknown Host.

I hate sendmail and run smail here.  It pipes incoming main to Chip
Salzenburg's 'deliver'; ~part~ of my /usr/local/lib/deliver.sys reads:

 #!/bin/ksh
 # /usr/local/lib/deliver.sys
 # 1.4  JPR  18Sep03
 
 typeset -l TO=`header -f To -f Cc -f Apparently-To -f Sender $HEADER`
 ID=`header -f Message-ID $HEADER`
 typeset -l FR=`header -f From $HEADER | sed '
 s/.*<\(.*\)>.*/\1/
 s/[("].*[)"]//
 s/ //g'`
 typeset -l CT=`header -f Content-Type $HEADER | sed 's/;.*//'`
 typeset -l CN=`header -f Control $HEADER`
 IP=`header -f Received $HEADER | sed -n '1s.*\\[\\(.*\\)].*\\1p'`
 : ${IP:=localhost}
 USER=$1
 
 # Configure the email server to block or remove email that contains file
 # attachments that are commonly used to spread viruses, such as .vbs, .bat,
 # .exe, .pif and .scr files.
 
 for X in EXE BAT PIF SCR VBS
 do
  grep -iq "^Content-.*name=.*\.$X" $BODY &&
  echo "A .$X file mailed by $FR\nto $TO\nvia $IP\nwas dumped in the garbage."|
        mutt -s "Dumped .$X file" $USER &&
        /usr/local/bin/addfilter $IP &&
        echo DROP &&
        exit
 done

/usr/local/bin/addfilter collects IP addresses which an overnight cron
job adds to my local RBL list.

Spam alias

The days of being helpful in mail server dialogues are long behind us. Today, it's common not to give out any information - even taking it so far as to not identify what software the mail server is running.

But back when this was written, mail servers were more trusting and a number of "features" helped other machines identify who they should be sending mail to. Of course spammers latched on to that very quickly.

From a newsgroup post

From: [email protected] (Kevin Smith)
Newsgroups: comp.unix.sco.misc
Subject: Re: SPAMMERS LOOKING AT MY ALIAS FILE
Date: 12 Jan 2000 23:15:03 -0500

In article <[email protected]> [email protected] writes:
>On Tue, 11 Jan 2000 23:12:07 -0600, "Terry Shows"
><[email protected]> wrote:
>
>>I am using MMDF as my mail transfer agent.  I just got a SPAM addressed to
>>an unusual alias I have set up in my alias.n file in the table directory of
>>mmdf.   As far as I can tell, the SPAMMER either read my alias file
>>(somehow), or issued a bunch of verify requests to the SMTPD daemon until
>>they had some hits, then recorded the hits and sent the email out.
>>does anybody know how to protect from this?  My alias.n file has a lot of
>>addresses that I do NOT want spammed.
>
>telnet comix.santa-cruz.ca.us 25
>220 comix.comix.santa-cruz.ca.us Server SMTP (Complaints/bugs to:
>postmaster)
>expn root
>250 Superuser <[email protected]>
>expn postmaster
>250 <[email protected]>
>expn bozos
>250 <[email protected]>
>expn jeffl
>250 Jeff Liebermann <[email protected]>
>quit
>
>Hmmm... This was to my 3.2v4.2 SMTP which doesn't seem to expand
>aliases.  I think (not sure) that 3.2v5.0.5 will expand aliases.  If
>they manage to figure out that you're running a mailing list, and use
>the EXPN command with that mailing list, it may (not sure) belch all
>the users inside.  I'll try it when I put the RAM back into my
>3.2v5.0.5 machine.

Chances are they were just guessing unless you have 'public' on the
ALIAS line in mmdftailor for alias-n.  The 'public' keyword allows
someone connecting (as in Jeff's example) to see what the alias will
expand to.  I.e.


    ALIAS table=alias-n, nobypass, public

I think this is a checkbox in the gui configurator.  Without 'public'
expn just echos the same address back to you (with your hostname if 
you left it off) as in Jeff's example.

See 'man mmdftailor'
 

Sending email from command line

I'd use Perl to do this today - either directly with opening "mail" or "sendmail" (see Why I love Perl for examples) or by using one of the many mail related Perl modules available from CPAN.

Simple scripts like this have no error trapping capability and (as Steve points out) can fall into unexpected traps themselves.

As to attachments specifically, see How can I send attachments from the command line? and also CleanCode Email.

From: Tony Lawrence <[email protected]<
Subject: Re: mail script
Date: 2000/01/12
Message-ID: <[email protected]<#1/1

tt wrote:
< 
< Hello
< 
< I have to make script that sends some log files to myself via sendmail,
< so can anybody help me with script syntax?

SUBJECT="Here's your logs `date`"
SENDTO="bill tom ellen jack [email protected]"
FILE=/var/syslog
mail -s "$SUBJECT" $SENDTO < $FILE

Is that what you want?


From: Steve Wertz <[email protected]>
Subject: Re: mail script
Newsgroups: comp.unix.sco.programmer,comp.unix.sco.misc
Message-ID: <[email protected]> 
NNTP-Posting-Host: 165.227.38.87
X-Trace: tw11.nn.bcandid.com 947825906 165.227.38.87 (Thu, 13 Jan 2000 21:58:26 MST)
NNTP-Posting-Date: Thu, 13 Jan 2000 21:58:26 MST
Organization: bCandid - Powering the world's discussions - http://bCandid.com
Date: Fri, 14 Jan 2000 04:58:27 GMT
X-Mozilla-Status: 8010
X-Mozilla-Status2: 00000000

In comp.unix.sco.misc tt <[email protected]> wrote:
> Hello

> I have to make script that sends some log files to myself via sendmail,
> so can anybody help me with script syntax?


Tony posted the more traditional way.  If you insist on using 'sendmail',
a quick look at the man-page suggests I do something like this:

517$ echo "."|/usr/lib/sendmail -bm swertz < /usr/adm/messages

Sometimes people wonder "where did the rest of my mail message
go", only to find that somewhere in the message was a line that started
with and contained only a single dot/period (which truncates a
message in mail/mailx, regardless of '[un]set dot' in your ~/.mailrc').

.forward seen as spam

From a newsgroup post

From - Thu Feb 24 13:01:29 2000
From: John Schmidt <[email protected]>
Newsgroups: comp.unix.sco.misc
Subject: Re: Problem with .forward
Date: Thu, 24 Feb 2000 10:59:38 -0500
Organization: RadixNet Internet Services
Lines: 19
References: <[email protected]> 
NNTP-Posting-Host: saltmine.radix.net
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <[email protected]>
X-No-Archive: yes
Xref: news.randori.com comp.unix.sco.misc:55252
X-Mozilla-Status: 8011
X-Mozilla-Status2: 00000000


On Thu, 24 Feb 2000, Tony Lawrence wrote:


<snip>

> Somebody new joins the company.  Wants their mail forwarded
> to their worldnet address.  So I put that address in their
> .forward, but the ISP rejects it, saying "sorry, no UCE" -in
> other words, the ISP sees that as spam.
> 
> I'm not clear on what, if anything, I can do about that.

Instead of directly forwarding to the user, change their .forward
to pipe to an external perl script. In the script, just accept
each message on <STDIN>, parse the headers, and use the Mail::Mailer
module to remail it using their own ISP's SMTP server.

logging outgoing email

We'd call this archiving today and because it is often a legal requirement now, most mailservers can optionally perform this - the Kerio mail server I sell has this, for example.

That logall.c source is still available and there are milters and procmail recipes available.

From a newsgroup post

From: [email protected] (Bill Vermillion)
Subject: Re: copies of outgoing mail

In article <[email protected]>,
Juan  Salinas <[email protected]> wrote:
>My boss has asked to get copies of all outgoing mail
>form all employees.  I don't like it because of privacy issues, but
>I have to do it.  How do you setup sendmail to send a bcc or cc
>to any other account?

Well sendmail is a transport agent and the Bcc and Cc are part of 
a user agent which passes the data to sendmail [or what other mail
your may have].

My selective article archive shows that Danny Aldham posted about a
program called logall.c - just about a year ago in this newsgroup.
I don't recall if I've seen him posting lately.

Sendmail does have a debugging flag  -X <logfilename> but that
logs all parts of a sendmail connenction, the hand shake, all the header
information, all prepended by the process ID of the program at that
time.  Really ugly.  

If you handle a lot of mail you might want a dedicated HD for just
the logfiles :-)

Fabio Giannotti <[email protected]> wrote:
> Running 5.0.5 with sendmail 8.8.8.
> Does anyone know how to do sendmail.cf "magic" to allow the server to keep a
> copy of all inbound and outbound mail?
> (Client needs this for legal CYA reasons...)

We have been using a shim called logall.c written by Axel Reinhold ,
<[email protected]> , that is compiled into sendmail.If you would like
a copy let me know, and I can e-mail it to you. 

Exim smtp mail

I was pleasanly surprised that exim is still being worked on as late as 2011 (or so say the docs, anyway.)

Exim is free, apparently still supporting the developer by book sales.

From a newsgroup post

From: Tony Earnshaw <[email protected]>
Newsgroups: comp.unix.sco.misc
Subject: Re: sendmail
Date: Sat, 13 May 2000 13:53:09 +0200

Jean-Pierre Radley wrote:

> I can't abide sendmail.

:-)))))))))))

Exim! Exim is a Sendmail dropin that I've used for years. www.exim.org.

Philip Hazel, Sendmail's creator, is a man who you in particular would
take to your heart: a good, patient, altruistic man, who would be about
due for beatification. If he were of the faith and His Holiness an Exim
user.

Vacation procmail mail

From: Tony Lawrence <[email protected]>
Newsgroups: comp.unix.sco.misc
Subject: Re: Sendmail/Fetchmail and holidays

Iain Sharp wrote:
> 
> Is there any way to set the kind of 'I am away until XX/XX/YY, if
> urgent please ring etc etc' automatic return message on a mail system
> using Sendmail (SCO 5.0.6)?


On just about any system, you can use Procmail to do this sort of thing and
more.  There may be a "vacation" port at Skunkware (gotta run- haven't the
time to look), but it would gusually use procmail anyway so its worth
learning- procmail home page (find it in a sec with Google) has dozens and
dozens of useful examples, including vacation messages.

Virtual domain mail aliases

I suspect he was creating loops as described at Sendmail's forwarding docs. The leading "\" tells Sendmail not to expand any .forward at the specified address.

Though why it worked for the first makes no sense..

From a newsgroup post

Date: Wed, 12 Sep 2001 06:04:10 -0400
From: - bill - <[email protected]>
Newsgroups: comp.unix.sco.misc
Subject: Re: .forward

Bill Vermillion wrote:
> 
> In article <[email protected]>,
> - bill -  <[email protected]> wrote:
> >Bill Vermillion wrote:
> >>
> >> In article <[email protected]>,
> >> - bill -  <[email protected]> wrote:
> >> >scohelp (Sendmail administration) describes setting up a .forward file
> >> >that contains a list of addresses to which mail should be forwarded.  In
> >> >5.0.5 (Sendmail 8.8.d with oss637a) my testing shows that it forwards to
> >> >only the first address listed.  Am I misreading the doc or ...
> >>
> >> Or misconfiguring the .forward file?
> >>
> >> Care to show us what you have?  You don't have that user aliased
> >> to something else do you.  That would mean the .forward file would
> >> not be seen.
> >>
> >> --
> >> Bill Vermillion -   bv @ wjv . com
> >
> >spam trap user [email protected]
> >no alias
> 
> >here is my .forward file in the home directory of abcde
> >[email protected]
> >[email protected]
> 
> I'm running sendmail and all my .forward files for
> multiple users are of the form
> 
> \[email protected]
> \[email protected]
> \[email protected]
> \[email protected]
> 
> Bill
> 
> --
> Bill Vermillion -   bv @ wjv . com

adding the backslash works like a charm.  Now, where did you learn that
as the documentation on 5.0.5 doesn't say to use the backslash.
-- 

Service.switch sendmail

From a newsgroup post

From: Steve Fabac <[email protected]>
Newsgroups: comp.unix.sco.misc
Subject: Re: Primary DNS server, NAT, and sendmail configuration problems.
Date: Sat, 29 Jul 2000 00:13:44 +0100

Steve Fabac wrote:
> 
> Tony Earnshaw wrote:
> >
> > Steve Fabac wrote:
> >
> > > Good information but still doesn't help me duplicate your configuration.

Snip

> 
> Since my last post, the IDSL line was brought on-line and
> I have removed the named.conf file in /etc and killed named.
> I have installed the /etc/resolv.conf that points to the ISP's
> DNS server and have had the ISP hosting the client's web site
> to update their DNS records so that company.com points to the
> public IP address of the IDSL router.
> 
> Browsing the internet works ok and e-mail to some sites works,
> but e-mail to att.net and swbell.net fails.
> 
> The odd thing is that if I telnet to port 25 on the mail host
> for swbell (returned by dig MX swbell.net) I can interactively
> enter HELO, MAIL FROM:, and RCPT TO: using the account names
> on company.com and my mail address at swbell.net and the mail
> is accepted and delivered to target address. If I try "telnet
> swbell.net 25" I get connected to a web server and not the mail
> host(s) machine.
> 
> If I use mail -s "testing" [email protected], the message
> hangs up in /usr/spool/mqueue and is returned to me as undeliverable.
> 
> As I pointed out in my first posting, I have two clients on same
> ISP with IDSL connections. Both running SCO 5.0.5 Enterprise and
> both setup the same way (/etc/resolv.conf, sendmail.cf, etc.
> modified with the appropriate company information).
> 
> One client can send mail without problems to att.net and swbell.net.
> the other client (company.com) can not.
> 
> The only difference between the two sites, is the bad site was setup
> with a primary dns server (now disabled) while the IDSL line was
> inoperable. The other company's sendmail.cf and resolve.conf was setup
> after the IDSL line was working and DNS was never attempted on their
> system.
> 
> I am pulling my hair over this one. It looks like sendmail at the
> "bad" site is not correctly getting the MX record for swbell.net
> or att.net.  Sending e-mail addressed to [email protected]
> works from the "bad" site, but [email protected] does not.
> 
> Any suggestions?
> 
>                                      Steve Fabac
>                                       S.M. Fabac & Associates

Found it!!!!

This system was setup with the "service.switch" modification in 
SCO TA107669 created on 07 April 1997 , last updated on 18 January 2000 

This modification was applied to the system some months back to try
to resolve the apparent problem with SCO 5.0.5 with 3Com 3C905 NIC
and Digi MPI 3.0. 

When I began working on this client to reconfigure the system for
internet mail. I edited the sendmail.cf file and changed the line
OI-DNSRCH back to just OI.  I then removed the lines in sendmail.cf
that refer to /etc/service.switch.

BUT I DID NOT remove /etc/service.switch. Even without the line in
sendmail.cf that referred to /etc/service.switch, SCO's version 8.8.8
will still find the /etc/service.switch file and then it failed
to resolve the MX records for att.net and swbell.net

I hope this post helps some one else fighting the same problem. 

Sendmail DNS lookups

From a newsgroup post

From: [email protected] starjump.org (Richard Thomas)
Newsgroups: comp.unix.sco.misc
Subject: Re: Default Route being invoked by unknown process

On Mon, 07 Jun 1999 22:32:13 GMT, [email protected] (Bob Dawson)
wrote:

>We have a 5.0.4 system with supplement loaded as a server in a small network of
>approx 20 PC's. We have installed a 3com ISDN Lan Modem, and set this up as a
>default route, so that request outside the network go via this to the Internet.
>
>We have enabled DNS on our server, and declared the IP addresses of our PC's,
>and other peripheral devices (one or two test servers, and a Specialix MTS).
>
>For some unknown reason, the amount of times the ISDN line comes up is
>excessive, and it appears that some proces on the server cannot resolve an IP
>address, so it looks to the default gateway to try to resolve it, hence the line
>comes up. Tracking down this errant proces is proving something of a headache,
>and I wonder if others have experienced a similar problem, and have a solution
>in identifying the culprit.


<snip>

Are you running sendmail? If so, the domain parts of any messages sent
are checked in DNS as soon as they are sent by default. If you have the 
external mailer prog (the one used for internet addresses) flagged as
an expensive mailer, and sendmail set to queue "expensive" mail
for later delivery, you get the following "interesting" situation:

1. User sends email to an address that isn't in the local DNS
2. Sendmail tries to lookup address in DNS
3. DNS refers query to external server
4. Internet connection opened (modem, ISDN or whatever)
5. Address verified
6. Message is sent to sendmail queue
7. When sendmail processes its queue (once an hour by default),
   internet connection is opened again and message is sent

To stop spurious connections while retaining periodic connection
to send email, find the line in sendmail.cf that tells it to do the
lookup, comment it out, and restart sendmail. (Clue: it's in
Ruleset 3, and it has a set of square brackets in the rewriting
rule!!).

The downside of this fix is that domain errors in addresses
won't be spotted and returned to the user until the queue
is run (up to 59 minutes from when the message was sent).


Of course, if you aren't running sendmail, this won't help you,
but hopefully it's a usefull addition to the dejanews archive.

Save log all mail messages

Before milters, the only choice for archiving sendmail mail messages was "-x", which (as noted below) created very large log files.

From a newsgroup post

Newsgroups: comp.unix.sco.misc
From: [email protected] (Bill Vermillion)
Subject: Re: How to save ALL inbound and outbound mail
Date: Mon, 18 Sep 2000 16:40:29 GMT

In article <[email protected]>,
Tony Lawrence  <[email protected]> wrote:
>Fabio Giannotti wrote:

>> Hello all,

>> Running 5.0.5 with sendmail 8.8.8.

>> Does anyone know how to do sendmail.cf "magic" to allow the
>> server to keep a copy of all inbound and outbound mail?

>> (Client needs this for legal CYA reasons...)

>When you start the daemon, add "-X
>/var//log/monster_maill_log".  You'll need to stop sendmail
>fairly often to compress and rotate those logs; they will
>get monstrous.. I do this at several client sites probably
>for the same reasons your client wants to do it- we keep a
>few days on the server and the rest can be had from tape if
>ever needed..

Thanks for that pointer Tony.  So many programs - so many flags.

I just tried it and I saw why it gets 'monstrous'.  It logs the file
incoming and delivery too. That's all the handshake headers and 2
copies of the message. I just sent a 1 line email message
- plain text - 43 characters long.  The log file is 3512.
Monstrous is almost an understatement.

Looking at it I had a small thought.  Besides compressing and
rotating the logs, you could pre-process them by doing something as
grep "<<<" <logfile.name> > incoming.messages and 
grep ">>>" <logfile.name> > outgoing.messages, of course
using part of the date command to give you dated message files.
That would make things a trifle bit more manageable.

Thanks for expanding my knowledge base.

Bill

-- 
Bill Vermillion -   bv @ wjv . com

>
> >> I am trying to go with Tony's solution of -X logfile, but am
> >> having a little problem.
>
> >> On a test system with low volume, it works great. However, on the
> >> real system with fairly heavy volume, it does not log anything,
> >> and I keep getting the following error in syslog:
>
> >> NOQUEUE: SYSERR(root) opendaemon socket: server SMTP socket
> >> wedged: exiting
>
>
> >I've only used this on Linux systems with high volume..
>
> I have noticed while testing the -X you suggested, that mail
> delivery delay on a local station increases.   Besides copying the
> message three times there is the overhead of inserting all the
> tracing information, process ID, etc., before each line in the
> log file.
>
> I guess what is needed is something like a simple tee function so
> the message is just copied to two places instead of processing the
> message on a line by line basis.  Fabio didn't say just how large
> his mail volume was - just that it was large.
>
> I wonder what something such as sar would say on disk useage and
> CPU time during this.  I suspect the mail handler just got too busy
> logging.  The logfile is 7 times larger than the mail message in
> the user mailbox.
>
>
> --
> Bill Vermillion -   bv @ wjv . com

Update to all who helped with this problem.

For safety (read: being afraid of new releases) reasons, I will probably go
with Roberto's script (Thanks Roberto!), but I also found out the following:

It turns out that Sendmail versions 8.10 and higher provide a hook that
allow you to write macros to do all sorts of things to mail as it passes
through the system.

The sample macro they give you, of course, is to save a copy of all email
going through the system!

So, my question NOW is:  Has anyone compiled Sendmail 8.10 or better on
OpenServer 5.x, and if so, can I get a copy of it and how well does in work?

...

The command/macro/whatever is called "milter" and it has a related
"LIBMILTER" associated with it.  Keep in mind I have no idea what I'm
talking about. ;-)
Fabio


1.    I've been following this thread for some time and finally took the
bull by the horns and wrote a buncha scripts that get the job done. The end
result is that I have a copy of ALL outgoing/incoming mail in a single
repository this is fully mail "readable" in full mail format.

2.    If any one is interested, drop me a line a [email protected] and
I'll email you whichever of the scripts you need. Below is a description of
my problem, the environment I use and the solution that I came up with.

Enjoy. Rgds. Otto.

=======================================================

I'm contracted to a company that doesn't want to spend a whole load of cash
on maintaining a complex email system nor the cash to have a permenant ISP
link up. So I had to come up with a method to have full scale email but at a
very CHEAP price.

a/    We are using SCO 5.0.5, fetchmail 5.2.7, sendmail 8.8.8  (all as
originally bought/received from SCO)

b/    Basic hardware setup with a K7-650, 16Gb ultra scsi, 24 GB dat backup
(Microlite), 32 port Specialix RIO, 48 port ethernet 10/100 .

c/    We have a hosted web and email site. I have instructed our hosted web
site to capture ALL incoming mail into a single account (rootbag).

d/    On system boot, sendmail is started from /etc/rc2.d/P86sendmail with
the following params (-bd -X /usr/adm/log/mailogd) - I have found that this
setting will deliver ALL local mail but queue (/usr/spool/mgueue) all
outgoing mail not local to my server.

e/    Every 30 minutes cron wakes up a script called pppgo:

        PPPGO - shell script that  establishes and verifies ppp link via
modem to our ISP
                         performs fetchmail to retrieve the mailbag into
account rootbag
                         makes/stores a copy of the mailbag into account
(mailin)
                         runs a shell script called maildist to distribute
all mail in rootbag to all valid users
                         runs sendmail (-v -q -X /usr/adm/log/maillog)
                         runs a shell script to store ALL outgoing mail into
account (mailout)
                         closes the ppp link and goes to sleep
                         inits all the maillog files!!! (this way kept to a
VERY reasonable size - a few K)

        MAILDIST    - Shell script that reads all the mail in rootbag and
distributes to all valid users as defined in /etc/passwd. If not found in
/etc/passwd gets mailed to our accounts executive who then decides who the
mail is really for.

        MAILOUT    - Shell script that read the sendmail logs and creates a
file similar to rootbag but contains properly formatted email in proper SCO
mail format and pops it all into an account called mailout. Mailout can then
be read by any mail reader - we use outlook express.

sendmail relay

From a newsgroup post

Newsgroups: comp.unix.sco.misc
From: [email protected] (Bill Vermillion)
Subject: Re: Sendmail and relaying
Date: Wed, 18 Oct 2000 14:23:52 GMT

In article <[email protected]>, Brian <[email protected]> wrote:
>OSR 5.0.6 with Sendmail 8.9.3

>Trying to do the following;


>Send internet email from b.chu.com to a.chu.com through dial-up PPP
>account at isp.com to any mail account on the internet.

Looking at your output messages sendmail is doing exactly as it
supposed to be doing.  By sending mail from b.chu.com through
a.chu.com to isp.com you are trying to use a.chu.com as a relay.

By default relaying is denied in 8.9.3.   But the b.chu.com
in your access list - this is assuming you have a K pointer in
sendmail.cf to an access database.  You put in the domains
to relay and the ones to reject.

>Internal network
>a.chu.com - 10.1.1.2 - This is the relay that calls the ISP.
>    Sendmail is configured to relay any non-local messages to
>    isp.com

But is is NOT configured to act as a relay point between two other
mailers.

Alternatively you could have your MX records for you domain
all just point to a.chu.com and not run sendmail on the other
machine.

Aliases in virtual domains smtp mail

From a newsgroup post

From: David Mabo <[email protected]>
Newsgroups: comp.unix.sco.misc
Subject: Re: Sendmail - Virtual Email addresses
Date: Thu, 09 Nov 2000 05:11:17 GMT

Rob Servis wrote:
> 
> If I were a sendmail guru, I wouldn't have to ask this ... since I'm not,
> maybe someone out there can answer.
> 
> 2 things I've noticed about aliases for virtual domains on SCO5.0.x:
> 
> 1. Unlike normal aliases - you cannot specify multiple recipients on the
> alias.

I can answer this - it takes 2 forwards - one to a machine name, and
then that can do the multiple forwards:

virtual entry:

[email protected]  [email protected]

aliases

list:   user1,user2,user3


> 2. Unlike other sendmail implementations on Linux, FreeBSD, etc. that use
> /etc/mail/domainalias to do aliases, you cannot specify a wildcard forward
> for all names at a particular domain.
> 
> The sendmail.cf code as it exists for virtual domains on 5.0.5 looks like
> this:
> 
> # handle virtual aliases
> R$+ < @ $+ . >          $: $1 < @ $2 > .
> R$+ < @ $+ > $*         $: $(valiases [email protected]$2 $: $1 < @ $2 > $3 $)
> R$+ < @ $+ > $*         $: $(valiases $2 $: $1 < @ $2 > $3 $)
> R$+ < @ $+ > .          $: $1 < @ $2 . >
> 
> What would have to change support 1 & 2.

Virus scanning sendmail

From a newsgroup post

Date: Wed, 31 Oct 2001 13:30:10 -0500
From: Bob Troester <[email protected]>
Subject: Re: Virus Scan/Content Filtering Software

Try http://www.amavis.org/ for one method of gluing sendmail to a virus scanner 
- the method I've been using quite happily for several months. The current 
version of AMaViS is written in perl (and requires a bunch of CPAN modules), 
the very newest has been "daemonized" to run faster but requires the sendmail 
Milter function to operate - I haven't tried that yet. The actual (commercial) 
antivirus scanner I use is NAI McAfee uvscan - McAfee provides a version for 
several unices, including SCO OS5. The perl version of AMaViS and uvscan can 
occupy a 266MHz Pentium 100% when a flurry of email hits a departmental-sized 
site, otherwise there's no noticeable load.

There are some other methods out there, some of which are very simple scripts - 
the problem they all have is in extracting and converting any attachments to 
the point where the antivirus program can scan them (McAfee can scan a zip 
archive, for instance, so the glue program doesn't really have to unzip the 
file first, although AMaViS does.)

Scott O'Connell wrote:

> Is there any software available that can interface with sendmail and do
> content filtering/virus scanning on an SCO Openserver based machine?
> 

Masquerade sendmail mail user

From a newsgroup post

From: Roberto Zini <[email protected]>
Subject: Re: Sendmail
Date: Thu, 01 Feb 2001 09:25:23 +0100

[email protected] wrote:
> 
> Hello,
>      I have a unix machine running Sco 5.0.6. I have installed
> Sendmail, from the 5.0.6 cd. The version is 8.9.3. I have my box
> masquerading as another domain. This box will only be used to send
> email. I want to be able to map my username to the name of my exchange
> account, so that the reply will be back to my exchange account. If I
> login as Tim, on my unix machine, I want the sender to look as tford
> instead of [email protected] domain. Any suggestion is welcomed. Thanks in
> advance.
> 
> Sent via Deja.com
> http://www.deja.com/

Hi !

I'm not a great Sendmail expert but a while ago I faced a similar
problem when a customer wanted to "masquerade" all the messages
from an Internet connected OS5 box as they were from a single,
well defined users. As an example, any message composed on the server
by whoever had to appear as if it was from a single, pre-defined
user such as "[email protected]"

To do the trick, I modified sendmail.cf as follows:

1) I've created a Dm macro containing the dummy email address, as follows

[email protected]

2) I've modified the S11 rule as follows :

S11
###
# This is the key
R$+$: < $M >
###
R$+$:       $>51 $1        sender/recipient common
R$* :;<@>   [email protected] $1 :;       list:; special case
R$*[email protected]       $>61 $1        qualify unqual'ed names

...
...

Don't touch the rest of the rule.

3) The same goes with rule S31, as follows :

S31
###
# This is the key
R$+$: < $M >
###
R$+$:          $>51 $1       sender/recipient common
R$* :; <@>    [email protected] $1 :;       list:; special case

...
...

The effect of the above changes should be noticed when sendmail
actually sends the message; in fact, if you log in as (eg)
[email protected] and compose a message, mailq will report
the message being queued as it was from "[email protected]", as
in the following example :

     Mail Queue (1 request)
                                 --Q-ID-- --Size--
----Q-Time-----------------Sender/Recipient------------
MAA22338      402 Fri Nov  5 12:51 <[email protected]>
                                   <[email protected]>

This is expected; when sendmail will actually try to
send the message it'll expand the above macro thus
giving the expected results, as depicted in the following
excerpt from a "sendmail -q -v" run :

Running MAA22338 (sequence 1 of 1)
Connecting to .....
>>> MAIL From:<[email protected]> SIZE=45
250 <[email protected]>... Sender ok
>>> RCPT To:<[email protected]>
250 <[email protected]>... Recipient ok
>>> DATA
354 Enter mail, end with "." on a line by itself
>>> .
250 Q AA22338 Message accepted for delivery

Please notice that the above trick was done with Sendmail 8.8.8
(the one which originally comes with SCO OS 5.0.5) which
has been updated with SCO OS 5.0.6 so I can't assure you that
it'll work under that platform.

Some other resources here:

How to how to convert from mmdf to sendmail osr5 -->MMDFto Sendmail 8.11.0 howto SCO Openserver 5.0.x

Sendmail Theory and Practice Book

Updating Sendmail

Sendmail Performance Tuning Book by Nick Christensen

Sendmail Milters Book

GETTING A MAC TO "PHONE HOME" WITH AN E-MAIL - NO SENDMAIL, NO POSTFIX

Converting Sendmail to Kerio

Sendmail

Sendmail domain masquerading

If you found something useful today, please consider a small donation.

Got something to add? Send me email.

---

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us