access.db and backup server
Chu Bun
On the main server, "access" looks like this:
====
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
# Reject undefined mail box
To:mydom.com error:5.1.1:"550 User unknown"
# RFC required and regular users
To:postm...@mydom.com RELAY
To:us...@mydom.com RELAY
...
====
How do I configure "access" for my backup server? If I tried:
====
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
mydom.com RELAY (see *)
# Reject undefined mail box
To:mydom.com error:5.1.1:"550 User unknown"
# RFC required and regular users
To:postm...@mydom.com RELAY
To:us...@mydom.com RELAY
...
====
But get a "Relaying denied. Proper authentication required." error
(*) it doesn't matter if this line is there or not. The error is the
same. It also seems to conflict with the next directive "To:mydom.com
error:5.1.1:"550 User unknown"".
If I use:
====
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
mydom.com RELAY
# Reject undefined mail box
To:mydom.com error:5.1.1:"550 User unknown"
# RFC required and regular users
To:postm...@mydom.com RELAY
To:us...@mydom.com RELAY
...
====
There is no error. But emails to undefined mail boxes will not be
rejected by the backup server. Although, the messages will be rejected
by the mail server, but this behavior is not OK according to the page
below (see "Note about Backup MX Servers").
http://www.sendmail.org/~ca/email/sm-X/doc-X.0.0.0.0/README.txt
Please point me to the right direction. Thanks.
Per Hedeland
That can work, but it requires that you use one of (quoting jmaimon's
should-be-FAQ post at
http://groups.google.com/group/comp.mail.sendmail/msg/cd4f19029bf864d5):
=====================
*
Use access db with undocumented feature (pre sendmail 8.14.0)
define(`_RELAY_FULL_ADDR_', `1')
And put all your users in there
To:us...@example.com RELAY
Ensure that all other relaying is denied for that domain.
*
Use access db with documented feature "relaytofulladdress" (post
sendmail 8.14.0)
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access_map',`relaytofulladdress')
And put all your users in there
To:us...@example.com RELAY
Ensure that all other relaying is denied for that domain.
*
=====================
Though I would rather use
FEATURE(`access_db', `',`relaytofulladdress')
in the second case to get the default map spec (untested).
--Per Hedeland
p...@hedeland.org
Chu Bun
"relaytofulladdress" is used. By the way, there was an error in my OP.
The line below should be commented out in the second setting
To:mydom.com error:5.1.1:"550 User unknown"
In short, if the above line is present, the responses will be
"Unknown user" for undefined mailboxes. <= desired
and
"Relaying denied. Proper authentication required." for good mailboxes.
<= not desired
If the line is not present, the response will be
"Recipient ok" for undefined mailboxes <= not desired
and
"Recipient ok" for good mailboxes. <= desired
The same setting works fine on the main server. The only different
between the main and backup server is that the main server has mydom.com
defined in "local-host-names". But I believe if mydom.com is defined in
"local-host-names" on the backup server, it will behave as the main
server and pool the messages instead of forward them to the main server.
Per Hedeland
<chu...@yahoo.com> writes:
>There is no change in the behavior of the server when
>"relaytofulladdress" is used.
Please don't top-post. Are you running 8.14.0?
> By the way, there was an error in my OP.
> The line below should be commented out in the second setting
>To:mydom.com error:5.1.1:"550 User unknown"
>
>In short, if the above line is present, the responses will be
>"Unknown user" for undefined mailboxes. <= desired
>and
>"Relaying denied. Proper authentication required." for good mailboxes.
><= not desired
>
>If the line is not present, the response will be
>"Recipient ok" for undefined mailboxes <= not desired
>and
>"Recipient ok" for good mailboxes. <= desired
This sounds like the effect of FEATURE(`blacklist_recipients'), which
can't be used for your purpose. It won't interfere with the "relay full
addr" functionality either though.
>The same setting works fine on the main server. The only different
>between the main and backup server is that the main server has mydom.com
>defined in "local-host-names".
The "only" difference indeed - this means that the main server doesn't
need to relay, so the fact that it "works fine" with a configuration
that attempts to allow relaying is basically irrelevant - thar part of
the config never comes into play.
> But I believe if mydom.com is defined in
>"local-host-names" on the backup server, it will behave as the main
>server and pool the messages instead of forward them to the main server.
Worse, it will try to deliver them locally, which is likely to cause
them to bounce with "user unknown". The "relay full addr" functionality
*does* work, I believe that you just didn't read the instructions
carefully enough.
--Per Hedeland
p...@hedeland.org
Chu Bun
> In article <dqvQh.4618$YL5....@newssvr29.news.prodigy.net> Chu Bun
> <chu...@yahoo.com> writes:
>> There is no change in the behavior of the server when
>> "relaytofulladdress" is used.
>
> Please don't top-post. Are you running 8.14.0?
I'm running sendmail-8.13.1-3.RHEL4.5.
>
>
> This sounds like the effect of FEATURE(`blacklist_recipients'), which
> can't be used for your purpose. It won't interfere with the "relay full
> addr" functionality either though.
I removed the blacklist_recipients feature, but nothing changes. Still
get "Relaying denied. Proper authentication required." for good
mailboxes. Should I upgrade sendmail to the latest version?
>
> Worse, it will try to deliver them locally, which is likely to cause
> them to bounce with "user unknown". The "relay full addr" functionality
> *does* work, I believe that you just didn't read the instructions
> carefully enough.
I'm still new to sendmail and the amount of information is overwhelming!
Currently, I just set the backup server to forward email messages
whether the recipient exists or not. I shut down the main server for
half an hour and bring it back on. Everything seems to work fine.
>
> --Per Hedeland
> p...@hedeland.org
Per Hedeland
<chu...@yahoo.com> writes:
>Per Hedeland wrote:
>> In article <dqvQh.4618$YL5....@newssvr29.news.prodigy.net> Chu Bun
>> <chu...@yahoo.com> writes:
>>> There is no change in the behavior of the server when
>>> "relaytofulladdress" is used.
>>
>> Please don't top-post. Are you running 8.14.0?
>
>I'm running sendmail-8.13.1-3.RHEL4.5.
So the "relaytofulladdress" will not work, since it's only for 8.14.0
and later. Here's the info for pre-8.14 again:
>>>> Use access db with undocumented feature (pre sendmail 8.14.0)
>>>>
>>>> define(`_RELAY_FULL_ADDR_', `1')
>>>>
>>>> And put all your users in there
>>>>
>>>> To:us...@example.com RELAY
>>>>
>>>> Ensure that all other relaying is denied for that domain.
>> This sounds like the effect of FEATURE(`blacklist_recipients'), which
>> can't be used for your purpose. It won't interfere with the "relay full
>> addr" functionality either though.
>
>I removed the blacklist_recipients feature, but nothing changes.
Like I said, it does neither good nor harm for your case.
> Still
>get "Relaying denied. Proper authentication required." for good
>mailboxes. Should I upgrade sendmail to the latest version?
Generally a good idea, but not necessary for this, unless you find it
unacceptable to use "undocumented features" (the documented feature in
8.14.0 does exactly the same thing, it's just a cleaner and "official"
way to activate it).
>I'm still new to sendmail and the amount of information is overwhelming!
> Currently, I just set the backup server to forward email messages
>whether the recipient exists or not. I shut down the main server for
>half an hour and bring it back on. Everything seems to work fine.
That was all you needed to do in the old days. Nowadays, the problem
with this is spam to non-existing users - the primary will reject it,
and the backup will try to send a bounce back to a faked sender address
that at best doesn't exist, or is at a host that can't be reached -
but in many/most cases will be the real address of someone who had
nothing to do with the spam. Doing such things may get you blacklisted...
Of course, a simpler solution is to not have a backup at all - the
benefit probably rarely exceeds the pain.
--Per Hedeland
p...@hedeland.org
Chu Bun
> In article <R7AQh.1502$Q23...@newssvr17.news.prodigy.net> Chu Bun
> <chu...@yahoo.com> writes:
>> Per Hedeland wrote:
>>> In article <dqvQh.4618$YL5....@newssvr29.news.prodigy.net> Chu Bun
>>> <chu...@yahoo.com> writes:
>>>> There is no change in the behavior of the server when
>>>> "relaytofulladdress" is used.
>>> Please don't top-post. Are you running 8.14.0?
>> I'm running sendmail-8.13.1-3.RHEL4.5.
>
> So the "relaytofulladdress" will not work, since it's only for 8.14.0
> and later. Here's the info for pre-8.14 again:
>
>>>>> Use access db with undocumented feature (pre sendmail 8.14.0)
>>>>>
>>>>> define(`_RELAY_FULL_ADDR_', `1')
>>>>>
>>>>> And put all your users in there
>>>>>
>>>>> To:us...@example.com RELAY
>>>>>
>>>>> Ensure that all other relaying is denied for that domain.
>
> --Per Hedeland
> p...@hedeland.org
I should have read the original reply more carefully.
define(`_RELAY_FULL_ADDR_', `1') works.
Thanks!