per-user rewrite+route / route non-t-online from-addr via t-online?
Alexis Huxley
with POP3 and dispatch mail with authorised SMTP. My ISP is T-Online
in Germany. Probably not relevant, but I'm running Debian Linux.
Originally, I ran sendmail configured to relay all outgoing mail
directly via the recipient machine's MX holder, and fetchmail to
retrieve mail and to pass it to the local sendmail. This worked fine
(well, I didn't notice any problems) until my girlfriend's web-mail
provider (Yahoo) switched to blocking mail coming directly from
T-Online DULs, about six months ago.
Okay, so then I tried to route my outgoing mail via my ISP's mail
servers but this didn't work because they only relay mail with
'From:' addresses matching <something>@t-online.de, and my address
is <something>@gmx.net.
Has anybody managed to do this successfully? If so then how? With
which server? With what authorisation info?
I could get myself a t-online.de address, but I *really* do not want
to do this I want to keep my email address quite independent of where
I get my internet connection from, so that I don't have to tell loads
of people, change web pages and other documents etc when I change ISP,
which happens every couple of years.
So then I tried masqmail, and this is still what I'm using. But ...
... masqmail does not support any sort of spam filtering, except via
procmail, which I am loathed to use because (a) I want to handle spam
at a site-wide level (b) procmail configuration looks like gibberish
to me (c) the twenty daily 141Kb "Microsoft security patch" viruses
have already been downloaded to pass to procmail when what I'd really
like to do is refuse them immediately after the SMTP chat but before
the body is accepted, (d) masqmail doesn't understand .forward files.
(It also seems like masqmail development has stopped, and the mailing
lists for it are not subscribable-to via the website, and the author
does not reply to emails.)
I therefore would like to switch back to sendmail but I need to
perform the following per-user mapping:
<from-addr>/<to-addr> --> <new-from-addr>/<first-hop>/<auth-info>
E.g.:
alexis@homenet/blo...@blobber.com --> ahu...@gmx.net/mx1.gmx.net/alexis-uid-pwd-pair
alexis@homenet/fred --> alexis@homenet/n-a/n-a
fred@homenet/who...@whereever.com --> fr...@hotmail.com/mx.hotmail.com/fred-uid-pwd-pair
fred@homenet/alexis --> fred@homenet/n-a/n-a
(Ideally, this mapping info would be specifiable in files in users'
home directories, but, if this is not possible, then I can write a
perl script to gather this information together and spit it out in
however many files sendmail expects it.)
I have checked FAQs and the README.cf and done plenty of googling,
and see references to virtusertable, genericstable, etc, but I cannot
really find any explanation of that these things are *for*, only how
to use them; so I am not even sure if they are what I am looking.
Can anybody offer any help/pointers please? Many thanks!
Alexis
Alexander Dalloz
> Hi, I use a web-mail service (GMX), from which I can retrieve my mail
> with POP3 and dispatch mail with authorised SMTP. My ISP is T-Online
> in Germany. Probably not relevant, but I'm running Debian Linux.
>
> Originally, I ran sendmail configured to relay all outgoing mail
> directly via the recipient machine's MX holder, and fetchmail to
> retrieve mail and to pass it to the local sendmail. This worked fine
> (well, I didn't notice any problems) until my girlfriend's web-mail
> provider (Yahoo) switched to blocking mail coming directly from
> T-Online DULs, about six months ago.
>
> Okay, so then I tried to route my outgoing mail via my ISP's mail
> servers but this didn't work because they only relay mail with
> 'From:' addresses matching <something>@t-online.de, and my address
> is <something>@gmx.net.
>
> Has anybody managed to do this successfully? If so then how? With
> which server? With what authorisation info?
[ snip ]
> Can anybody offer any help/pointers please? Many thanks!
>
> Alexis
You may use Smarttable
http://anfi.homeunix.net/sendmail/smarttab.html
and AuthInfo in the access file for authentification against the relaying
smarthosts, see http://www.sendmail.org/~ca/email/sm-812.html#812AUTH.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
Alexis Huxley
someone using t-online can answer this first part, please?
>> Hi, I use a web-mail service (GMX), from which I can retrieve my mail
>> with POP3 and dispatch mail with authorised SMTP. My ISP is T-Online
>> in Germany. Probably not relevant, but I'm running Debian Linux.
>>
>> Originally, I ran sendmail configured to relay all outgoing mail
>> directly via the recipient machine's MX holder, and fetchmail to
>> retrieve mail and to pass it to the local sendmail. This worked fine
>> (well, I didn't notice any problems) until my girlfriend's web-mail
>> provider (Yahoo) switched to blocking mail coming directly from
>> T-Online DULs, about six months ago.
>>
>> Okay, so then I tried to route my outgoing mail via my ISP's mail
>> servers but this didn't work because they only relay mail with
>> 'From:' addresses matching <something>@t-online.de, and my address
>> is <something>@gmx.net.
>>
>> Has anybody managed to do this successfully? If so then how? With
>> which server? With what authorisation info?
Ok, and then:
> You may use Smarttable
>
> http://anfi.homeunix.net/sendmail/smarttab.html
Ah ... excellent, thanks a lot for the pointers. That handles the
change of routing.
But what about the rewrite of 'From:' address? I want to change the
'From:' address based on whether or not the 'To:' address is local.
I.e. Keep 'From: alexis@homenet' if 'To:' address is local, but change
it to 'From: ahu...@gmx.net' if 'To:' address is not local.
Is there any way to do this at a sendmail level? I know I can do it
in 'mutt', but I do occassionally need to use other mailers (e.g.
'reportbug', 'slrn' newsreader) so at the MTA level would be best.
(As I said before, the collection of what is per-user data (and should
be in ~/.<something>) into a single location that sendmail can read,
I can do with some scripting.)
> and AuthInfo in the access file for authentification against the relaying
> smarthosts, see http://www.sendmail.org/~ca/email/sm-812.html#812AUTH.
This looks almost perfect :-) just that ...
Quoting from message-id <pan.2003.06.09.12...@hotmail.com>:
> and so I try to find out how to configure
> sendmail to use different SMTP AUTH logins for different users, say
> because of a overly strict e-mail provider like GMX.
>
> I'm using Sendmail 8.12 (in Debian 3.0), and I've edited the authinfo
> file. I'm indeed able to give several SMTP servers, but each of them is
> associated to exactly one combination of username/password (and
> optionally a "realm" ...
>
> Might I ask you if you know how to set 'authinfo' different for
> different users?
And from message-id <tmc5ca...@jupiter.sol>:
> I want to sent emails with my buzzin...@gmx.de address in the mail
> header, but the smarthost says that the "..sender address does not
> belong to.." the authed email account.
Is there any way to provide more than one username/password pair?
I saw some references to 'default authinfo', does that mean that
I can also provide *non* default authinfo? This sounds like what I
(and the people I've quoted above) want? Any more ideas? Thanks!
Alexis
Andreas Hirschberg
"Alexis Huxley" <ahu...@gmx.net> schrieb:
> >> Hi, I use a web-mail service (GMX), from which I can retrieve my
> >> mail with POP3 and dispatch mail with authorised SMTP.
So why don't you use the GMX SMTP ...
> >> Okay, so then I tried to route my outgoing mail via my ISP's mail
> >> servers but this didn't work because they only relay mail with
> >> 'From:' addresses matching <something>@t-online.de, and my
> >> address is <something>@gmx.net.
... to relay your outgoing mail? "mail.gmx.net" works just fine for
me. ;-)
> >> Has anybody managed to do this successfully?
If you want to relay mails via T-Online keeping the mail's originial
(ENVELOPE-)FROM, you'll need to book an additional service: either
"smtprelay"[1] or "POP3-Email"[2] depending on your needs.
Fup2 de.comm.provider.t-online
HTH,
Andi
Andrzej Adam Filip
> First, I repeat the original question for the groups added; maybe
> someone using t-online can answer this first part, please?
>
>
>>>Hi, I use a web-mail service (GMX), from which I can retrieve my mail
>>>with POP3 and dispatch mail with authorised SMTP. My ISP is T-Online
>>>in Germany. Probably not relevant, but I'm running Debian Linux.
>>>
>>>Originally, I ran sendmail configured to relay all outgoing mail
>>>directly via the recipient machine's MX holder, and fetchmail to
>>>retrieve mail and to pass it to the local sendmail. This worked fine
>>>(well, I didn't notice any problems) until my girlfriend's web-mail
>>>provider (Yahoo) switched to blocking mail coming directly from
>>>T-Online DULs, about six months ago.
>>>
>>>Okay, so then I tried to route my outgoing mail via my ISP's mail
>>>servers but this didn't work because they only relay mail with
>>>'From:' addresses matching <something>@t-online.de, and my address
>>>is <something>@gmx.net.
>>>
>>>Has anybody managed to do this successfully? If so then how? With
>>>which server? With what authorisation info?
>
> Ok, and then:
1) You may consider using uucp over ssh provided free by http://uucpssh.org/
(linux.fr) with your own personal email domain (e.g. provided free by
dyndns.org). It will allow you to *send* messages with gmx.net sender address
via uucpssh. So far "separate masquerading" is not required (keeping From:
unchanged but masquerading envelope sender).
I use uucpssh myself for some time, the only "problem" I had was catching
spamcop.cop reports of spam received via other accounts by antispam system of
uucpssh.
IMHO uucpssh.org is an option worth considering for fixing "DUL problems" with
personal mail - it costs nothing but you must decide yourself if *you* trust
people running the service.
<quote src="http://uucpsh.org">
For your privacy, we advice you to use a good encryption tool. We do not read
your mails, but if it's necessary (a crash, a hack attempt, etc) we might see
if the files are good.
</quote>
2) Other option are also possible e.g. you can use shell account with ssh
access as relay - I configured my home sendmail to use such relay
[more details upon request]
>>You may use Smarttable
>>
>>http://anfi.homeunix.net/sendmail/smarttab.html
>
> Ah ... excellent, thanks a lot for the pointers. That handles the
> change of routing.
>
> But what about the rewrite of 'From:' address? I want to change the
> 'From:' address based on whether or not the 'To:' address is local.
> I.e. Keep 'From: alexis@homenet' if 'To:' address is local, but change
> it to 'From: ahu...@gmx.net' if 'To:' address is not local.
I personally recomend always rewrite to ahu...@gmx.net with making local
sendmail deliver messages addressed to ahu...@gmx.net to alexis@homenet using
virtusertable for non local email domains [sendmail 8.10+]
*.mc file:
FEATURE(`virtusertable')dnl
LOCAL_CONFIG
C{VirtHost}gmx.net
virtusertable file:
ahu...@gmx.net alexis
> Is there any way to do this at a sendmail level? I know I can do it
> in 'mutt', but I do occassionally need to use other mailers (e.g.
> 'reportbug', 'slrn' newsreader) so at the MTA level would be best.
>
> (As I said before, the collection of what is per-user data (and should
> be in ~/.<something>) into a single location that sendmail can read,
> I can do with some scripting.)
>
>>and AuthInfo in the access file for authentification against the relaying
>>smarthosts, see http://www.sendmail.org/~ca/email/sm-812.html#812AUTH.
>
>
> This looks almost perfect :-) just that ...
>
> Quoting from message-id <pan.2003.06.09.12...@hotmail.com>:
>
>
>>and so I try to find out how to configure
>>sendmail to use different SMTP AUTH logins for different users, say
>>because of a overly strict e-mail provider like GMX.
>>
>>I'm using Sendmail 8.12 (in Debian 3.0), and I've edited the authinfo
>>file. I'm indeed able to give several SMTP servers, but each of them is
>>associated to exactly one combination of username/password (and
>>optionally a "realm" ...
>>
>>Might I ask you if you know how to set 'authinfo' different for
>>different users?
IMHO It requires patching cf/m4/proto.m4
The best way would be to look for "outgoing credentials" based on
1) destination-host & incoming SMTP AUTH username & envelope sender
2) destination-host & incoming SMTP AUTH username
3) destination-host
> And from message-id <tmc5ca...@jupiter.sol>:
>
>>I want to sent emails with my buzzin...@gmx.de address in the mail
>>header, but the smarthost says that the "..sender address does not
>>belong to.." the authed email account.
What was rejected by the smart host ?
a) envelope sender address
FIX: masquerading *only* envelope sender with, header sender untouched -
requires m4 files patches
b) header sender address
> Is there any way to provide more than one username/password pair?
>
> I saw some references to 'default authinfo', does that mean that
> I can also provide *non* default authinfo? This sounds like what I
> (and the people I've quoted above) want? Any more ideas? Thanks!
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
He that would speak the truth must have one foot in the stirrup.
-- Portuguese Proverb
Alexis Huxley
>>>>directly via the recipient machine's MX holder, and fetchmail to
>>>>retrieve mail and to pass it to the local sendmail. This worked fine
>>>>(well, I didn't notice any problems) until my girlfriend's web-mail
>>>>provider (Yahoo) switched to blocking mail coming directly from
>>>>T-Online DULs, about six months ago.
>>>>
>>>>Okay, so then I tried to route my outgoing mail via my ISP's mail
>>>>servers but this didn't work because they only relay mail with
>>>>'From:' addresses matching <something>@t-online.de, and my address
>>>>is <something>@gmx.net.
> 1) You may consider using uucp over ssh provided free by http://uucpssh.org/
> (linux.fr) with your own personal email domain (e.g. provided free by
> dyndns.org). It will allow you to *send* messages with gmx.net sender address
> via uucpssh. So far "separate masquerading" is not required (keeping From:
> unchanged but masquerading envelope sender).
Excellent idea! In fact I may be able to the same thing via my work.
> 2) Other option are also possible e.g. you can use shell account with ssh
> access as relay - I configured my home sendmail to use such relay
> [more details upon request]
So the first is uucp over ssh, and this .. err ... "cat | ssh <host>
/usr/lib/sendmail" I guess? That sounds even better. I might take you
up on the offer of details, but I'll google around and see if I can
find something myself first.
>> But what about the rewrite of 'From:' address? I want to change the
>> 'From:' address based on whether or not the 'To:' address is local.
>> I.e. Keep 'From: alexis@homenet' if 'To:' address is local, but change
>> it to 'From: ahu...@gmx.net' if 'To:' address is not local.
>
> I personally recomend always rewrite to ahu...@gmx.net with making local
> sendmail deliver messages addressed to ahu...@gmx.net to alexis@homenet using
> virtusertable for non local email domains [sendmail 8.10+]
>
> *.mc file:
> FEATURE(`virtusertable')dnl
> LOCAL_CONFIG
> C{VirtHost}gmx.net
>
> virtusertable file:
> ahu...@gmx.net alexis
I'm not sure I follow this, but does this mean that the machine has to
masquerade as gmx.net, and then I rewrite *back* to local user names?
If so, what happens if I have another user whose externally usable
address is som...@not-gmx.net ?
>>>Might I ask you if you know how to set 'authinfo' different for
>>>different users?
>
> IMHO It requires patching cf/m4/proto.m4
> The best way would be to look for "outgoing credentials" based on
> 1) destination-host & incoming SMTP AUTH username & envelope sender
> 2) destination-host & incoming SMTP AUTH username
> 3) destination-host
Okay, noted.
>> And from message-id <tmc5ca...@jupiter.sol>:
>>
>>>I want to sent emails with my buzzin...@gmx.de address in the mail
>>>header, but the smarthost says that the "..sender address does not
>>>belong to.." the authed email account.
>
> What was rejected by the smart host ?
> a) envelope sender address
> FIX: masquerading *only* envelope sender with, header sender untouched -
> requires m4 files patches
> b) header sender address
I can't answer that; the above was taken from someone else's posting
who seemed to have hit the problem I was about to hit.
The SSH solution sounds great though! Many thanks!
Alexis
Andrzej Adam Filip
> [...]
>>1) You may consider using uucp over ssh provided free by http://uucpssh.org/
>>(linux.fr) with your own personal email domain (e.g. provided free by
>>dyndns.org). It will allow you to *send* messages with gmx.net sender address
>>via uucpssh. So far "separate masquerading" is not required (keeping From:
>>unchanged but masquerading envelope sender).
>
> Excellent idea! In fact I may be able to the same thing via my work.
>
>>2) Other option are also possible e.g. you can use shell account with ssh
>>access as relay - I configured my home sendmail to use such relay
>>[more details upon request]
>
> So the first is uucp over ssh, and this .. err ... "cat | ssh <host>
> /usr/lib/sendmail" I guess? That sounds even better. I might take you
> up on the offer of details, but I'll google around and see if I can
> find something myself first.
I use special ssh mailer in sendmail.cf - I send messages via local sendmail.
I hope I will find some time to publish its modified version this weekend.
The mailer works pretty good over my dialup link with
* dialup configuration for sendmail 8.10
http://anfi.homeunix.net/sendmail/dialup10.html
* smart table
http://anfi.homeunix.net/sendmail/smarttab.html
mailertable-off:
. dsmtp:%1
mailertable-on:
# empty
smarttable:
# mailertable-off default entry blocks this entry
an...@somedomain.com ssh-mailer:somedomain
>>>But what about the rewrite of 'From:' address? I want to change the
>>>'From:' address based on whether or not the 'To:' address is local.
>>>I.e. Keep 'From: alexis@homenet' if 'To:' address is local, but change
>>>it to 'From: ahu...@gmx.net' if 'To:' address is not local.
>>
>>I personally recomend always rewrite to ahu...@gmx.net with making local
>>sendmail deliver messages addressed to ahu...@gmx.net to alexis@homenet using
>>virtusertable for non local email domains [sendmail 8.10+]
>>
>>*.mc file:
>>FEATURE(`virtusertable')dnl
>>LOCAL_CONFIG
>>C{VirtHost}gmx.net
>>
>>virtusertable file:
>>ahu...@gmx.net alexis
>
> I'm not sure I follow this, but does this mean that the machine has to
> masquerade as gmx.net, and then I rewrite *back* to local user names?
> If so, what happens if I have another user whose externally usable
> address is som...@not-gmx.net ?
+ your sendmail always *masquerades user* as ahu...@gmx.net using genericstable
+ your sendmail *delivers* ahu...@gmx.net to local mailbox
So when local users replies to message from ahu...@gmx.net (you) the message
is delivered locally.
>>>>Might I ask you if you know how to set 'authinfo' different for
>>>>different users?
>>
>>IMHO It requires patching cf/m4/proto.m4
>>The best way would be to look for "outgoing credentials" based on
>>1) destination-host & incoming SMTP AUTH username & envelope sender
>>2) destination-host & incoming SMTP AUTH username
>>3) destination-host
>
> Okay, noted.
>
>
>>>And from message-id <tmc5ca...@jupiter.sol>:
>>>
>>>
>>>>I want to sent emails with my buzzin...@gmx.de address in the mail
>>>>header, but the smarthost says that the "..sender address does not
>>>>belong to.." the authed email account.
>>
>>What was rejected by the smart host ?
>>a) envelope sender address
>>FIX: masquerading *only* envelope sender with, header sender untouched -
>>requires m4 files patches
>>b) header sender address
>
>
> I can't answer that; the above was taken from someone else's posting
> who seemed to have hit the problem I was about to hit.
>
> The SSH solution sounds great though! Many thanks!
>
> Alexis
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
A country can be judged by the quality of its proverbs.
-- German Proverb
Alexis Huxley
clarifying and distilling what several people together have posted.
Comments and confirmations gratefully received!
Ok, so the things that have to happen are:
1) the MUA (not MTA) is to rewrite the following:
'From: alexis' --> 'From: ahu...@gmx.net'
'From: fred' --> 'From: fred....@gmx.net'
2) ensure that remotely-posted mail to ahu...@gmx.net
and fred....@gmx.net is accepted when fetchmail gets
mails from GMX with POP3 and injects it into the
locally-running sendmail.
3) ensure that locally-posted mail to 'alexis' and 'fred' is
(a) delivered and (b) does not leave the machine during
delivery
4) redirect all mail from users whose rewritten address
is <something>@gmx.net (which is to be sent off the machine)
to GMX's mail server mail.gmx.net.
5) provide valid credentials to GMX (and maybe other relays
that other local users will use).
So (1) is accomplished using entries in 'genericstable' with entries
like:
alexis: ahu...@gmx.net
fred: fred....@gmx.net
(At the moment, I'm not considering perfect syntax, but just to get
it all clearly structured.)
(2) is accomplished by 'virtusertable', which contains something like:
ahu...@gmx.net: alexis
fred....@gmx.net: fred
(3) is automatic; sendmail processes the tables in the right order
so there should be no problem (with loops or mail to 'alexis' being
sent via the relay).
(4) is accomplished with Andrzej's smart table, which should contain
something like:
*@gmx.net: mail.gmx.net
*@someothermailservice.com: smtprelay.someothermailservice.com
(5) I think that this *should* (I mean logically, philosophically :-)
be accomplished using a host-based authentification, (because
I have multiple users) and sendmail provides no way to provide
relay/local-user pairs in the authinfo map. I also posted this question
to t-online (one cannot cross-post inside/outside t-online.* hierarchy)
and got this back:
> Die Smarthosts von GMX akzeptieren eMails (ohne authorization)
> unabhängig vom From:-Header, wenn der MAIL FROM einem gültigen Account
> entspricht, afaik. Aber: Warum verwenden Sie nicht die MXe von GMX?
> Ihnen liegt an der authorization?
Okay, so I need to map:
From: ahu...@gmx.net --> ( From: ahu...@gmx.net, MAIL FROM: ahu...@gmx.net )
From: fred....@gmx.net --> ( From: fred....@gmx.net, MAIL FROM: ahu...@gmx.net )
I *think*? I.e. (a) the 'MAIL FROM' is valid, but (b) there is only one
'MAIL FROM:' address because sendmail only supports one. I *hope* that
the generation of this one single valid 'MAIL FROM' will be done just be
putting in the authinfo map:
authinfo:mail.gmx.net: U:ahu...@gmx.net P:<ahuxley's-password> R:CRAM-MD5
But if fred....@gmx.net can't use ahu...@gmx.net credentials,
then this is not going to work :-/ But from what T-Online said above
it should work, but is this (I mean authinfo) the place to make
it?
Actually, that reminds me, could somebody please explain to me the
difference between 'I' and 'U' in the authinfo? sendmail's cf.README
says:
U user (authorization) id
I authentication id
and these really sound pretty much the same thing to me!
Alternatively, I could:
1) use uucpssh.org
2) get Andrzej's "cat|ssh $HOST /usr/lib/sendmail" mailer with
HOST=<my-work>
3) pay T-Online 2.95 EUR per month for access to
smtprelay.t-online.de
My concerns with these are:
(1) may not be permanently available, might require me to ask
other people to install PGP/GPG, and I don't really want to
add more load to this free service if possible.
(2) may not be possible: my work will certainly not want
me to access their systems with a DSA public-key password,
where the private key is not encrypted (it would just move
the access point from their systems to mine) and I'm not sure
that such a mailer would be possible when manual entry of a
password (or even two for two systems) would be required.
(3) it's money! :-) But seriously, I thought this was 2.95
per month per user, but it is only 2.95 per month, but I have
to create a t-online email account in order to set this up,
and that is really the thing I am trying to avoid! I want
fewer email accounts, not more.
Okay, that's it. If anybody has any comments or even can say "Yes,
that's right, yup, so's that" then it would be very useful for me,
and probably other people googling across this in years to come :-)
Thanks again!
Alexis
Andrzej Adam Filip
The page below is "HOW NOT TO pay t-online":
http://lena.franken.de/linux/mail_sendmail_etc.html#sendmail_from_based_routing
The page refers to my smarttable page. I think you may even get some help from
the author in german :)
---------------------------
Alexis Huxley wrote:
> Hallo again .. okay, I haven't really anything new to ask, more just
> clarifying and distilling what several people together have posted.
> Comments and confirmations gratefully received!
>
> Ok, so the things that have to happen are:
>
> 1) the MUA (not MTA) is to rewrite the following:
> 'From: alexis' --> 'From: ahu...@gmx.net'
> 'From: fred' --> 'From: fred....@gmx.net'
OR: you can leave the rewrite (alexis -> ahu...@gmx.net) to sendmail's
genericstable.
> 2) ensure that remotely-posted mail to ahu...@gmx.net
> and fred....@gmx.net is accepted when fetchmail gets
> mails from GMX with POP3 and injects it into the
> locally-running sendmail.
OR: you can use fetchmail's "mda" option to deliver messages *directly* to
local mailbox file using procmail without sendmail.
Sendmail does not deliver local messages itself, it uses another program
(local mailer). On linuxes typically procmail is used by sendmail as local mailer.
>[...]
> Okay, so I need to map:
>
> From: ahu...@gmx.net --> ( From: ahu...@gmx.net, MAIL FROM: ahu...@gmx.net )
> From: fred....@gmx.net --> ( From: fred....@gmx.net, MAIL FROM: ahu...@gmx.net )
>
> I *think*? I.e. (a) the 'MAIL FROM' is valid, but (b) there is only one
> 'MAIL FROM:' address because sendmail only supports one.
It can be changes via sendmail.cf *only* [no source code patches]
Sendmail supports ${addr_type} macro which can be used to extended
genericstable lookups
"e s" -- envelope sender
"e r" -- envelope recipient
"h" -- header
> [...]
> Alternatively, I could:
>
> 1) use uucpssh.org
>
> 2) get Andrzej's "cat|ssh $HOST /usr/lib/sendmail" mailer with
> HOST=<my-work>
OR add definition of "ssh" mailer to sendmail.mc:
MAILER_DEFINITIONS
Mssh, P=/usr/bin/ssh,
F=mDFMuXaA, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
E=\r\n, L=990,
U=anfi:anfi, D=/home/anfi,
T=DNS/RFC822/SMTP,
A=ssh ssh-host-name -o BatchMode=yes -- /usr/sbin/sendmail -bs
WARNING: some MTAs (exim) in "sendmail compatibility mode" automatically
"correct" envelope sender address of messages submitted via "sendmail -bs".
> 3) pay T-Online 2.95 EUR per month for access to
> smtprelay.t-online.de
Do not be a lamer ;)
> My concerns with these are:
>
> (1) may not be permanently available, might require me to ask
> other people to install PGP/GPG, and I don't really want to
> add more load to this free service if possible.
>
> (2) may not be possible: my work will certainly not want
> me to access their systems with a DSA public-key password,
> where the private key is not encrypted (it would just move
> the access point from their systems to mine) and I'm not sure
> that such a mailer would be possible when manual entry of a
> password (or even two for two systems) would be required.
You may consider using one of free unix shell accounts available on the net.
> (3) it's money! :-) But seriously, I thought this was 2.95
> per month per user, but it is only 2.95 per month, but I have
> to create a t-online email account in order to set this up,
> and that is really the thing I am trying to avoid! I want
> fewer email accounts, not more.
I personally recommend using *at least* three email addresses:
1) for usenet postings
[spam target]
2) provided by employer
[I do not live in "job for life" culture; no pay-check => no answers ]
3) personal for friends and family
> Okay, that's it. If anybody has any comments or even can say "Yes,
> that's right, yup, so's that" then it would be very useful for me,
> and probably other people googling across this in years to come :-)
> Thanks again!
>
> Alexis
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
"Now the Lord God planted a garden East of Whittier in a place called
Yorba Linda, and out of the ground he made to grow orange trees that
were good for food and the fruits thereof he labeled SUNKIST ..."
-- "The Begatting of a President"
Alexis Huxley
> The page below is "HOW NOT TO pay t-online":
> http://lena.franken.de/linux/mail_sendmail_etc.html#sendmail_from_based_routing
> The page refers to my smarttable page. I think you may even get some help from
> the author in german :)
> ---------------------------
Yup, I saw that, and extracted to the appropriate stuff for me.
>> Ok, so the things that have to happen are:
>>
>> 1) the MUA (not MTA) is to rewrite the following:
>> 'From: alexis' --> 'From: ahu...@gmx.net'
>> 'From: fred' --> 'From: fred....@gmx.net'
>
> OR: you can leave the rewrite (alexis -> ahu...@gmx.net) to sendmail's
> genericstable.
Ooops! Damn! I put MUA and MTA the wrong way round above. So, yes,
your suggestion is actually exactly what I meant! :-)
>> 2) ensure that remotely-posted mail to ahu...@gmx.net
>> and fred....@gmx.net is accepted when fetchmail gets
>> mails from GMX with POP3 and injects it into the
>> locally-running sendmail.
>
> OR: you can use fetchmail's "mda" option to deliver messages *directly* to
> local mailbox file using procmail without sendmail.
> Sendmail does not deliver local messages itself, it uses another program
> (local mailer). On linuxes typically procmail is used by sendmail as local mailer.
No, I'd rather inject it into local sendmail because then I get cleaner
access to spamass via spamass-milter and I get .forward processing etc.
>> Okay, so I need to map:
>>
>> From: ahu...@gmx.net --> ( From: ahu...@gmx.net, MAIL FROM: ahu...@gmx.net )
>> From: fred....@gmx.net --> ( From: fred....@gmx.net, MAIL FROM: ahu...@gmx.net )
>>
>> I *think*? I.e. (a) the 'MAIL FROM' is valid, but (b) there is only one
>> 'MAIL FROM:' address because sendmail only supports one.
>
> It can be changes via sendmail.cf *only* [no source code patches]
>
> Sendmail supports ${addr_type} macro which can be used to extended
> genericstable lookups
> "e s" -- envelope sender
> "e r" -- envelope recipient
> "h" -- header
Hmm .. If this 'addr_type' is for the genericstable, then will it help me? The
above mapping of addr --> (addr, authentification credentials) is
to be put in the authinfo map, I think, right?
> MAILER_DEFINITIONS
> Mssh, P=/usr/bin/ssh,
> F=mDFMuXaA, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
> E=\r\n, L=990,
> U=anfi:anfi, D=/home/anfi,
> T=DNS/RFC822/SMTP,
> A=ssh ssh-host-name -o BatchMode=yes -- /usr/sbin/sendmail -bs
Ah ... excellent, I *may* use this, but I'll try to do this stuff with
all the maps first.
>> 3) pay T-Online 2.95 EUR per month for access to
>> smtprelay.t-online.de
>
> Do not be a lamer ;)
:-)))
Okay, at this point I think I need to go and try it. This I will do in
the next day or so, and then let you know. Many thanks for all
assistance given so far.
Alexis
Andrzej Adam Filip
>[...]
>>>Okay, so I need to map:
>>>
>>> From: ahu...@gmx.net --> ( From: ahu...@gmx.net, MAIL FROM: ahu...@gmx.net )
>>> From: fred....@gmx.net --> ( From: fred....@gmx.net, MAIL FROM: ahu...@gmx.net )
>>>
>>>I *think*? I.e. (a) the 'MAIL FROM' is valid, but (b) there is only one
>>>'MAIL FROM:' address because sendmail only supports one.
>>
>>It can be changes via sendmail.cf *only* [no source code patches]
>>
>>Sendmail supports ${addr_type} macro which can be used to extended
>>genericstable lookups
>>"e s" -- envelope sender
>>"e r" -- envelope recipient
>>"h" -- header
>
> Hmm .. If this 'addr_type' is for the genericstable, then will it help me? The
> above mapping of addr --> (addr, authentification credentials) is
> to be put in the authinfo map, I think, right?
${addr_type} macro can be used in sendmail.cf to implement "extended"
genericstable with separate mappings for envelope sender and headers addresses.
e.g. you rewrite only envelope sender address (bounces to) to make a picky
relay server happy (we relay messages with sender address in our domain) but
leave From: address (for human recipient use) intact.
Using more than remote host name for selecting outgoing SMTP session
credentials in sendmail.cf is a separate story.
>>MAILER_DEFINITIONS
>>Mssh, P=/usr/bin/ssh,
>> F=mDFMuXaA, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP/HdrFromSMTP,
>> E=\r\n, L=990,
>> U=anfi:anfi, D=/home/anfi,
>> T=DNS/RFC822/SMTP,
>> A=ssh ssh-host-name -o BatchMode=yes -- /usr/sbin/sendmail -bs
>
> Ah ... excellent, I *may* use this, but I'll try to do this stuff with
> all the maps first.
Do not foget to:
* add "-o EscapeChar=none"
* change anfi:anfi in U= to your account name and group
* change D= to your account home directory
[this thread will stay in "public archives" for long, it may be read by "less
advanced users"]
I think I will publish the mailer spec *later this week* at
http://anfi.homeunix.net/sendmail/ssh.html
>>> 3) pay T-Online 2.95 EUR per month for access to
>>> smtprelay.t-online.de
>>
>>Do not be a lamer ;)
>
> :-)))
>
> Okay, at this point I think I need to go and try it. This I will do in
> the next day or so, and then let you know. Many thanks for all
> assistance given so far.
>
> Alexis
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
Since a politician never believes what he says, he is surprised
when others believe him.
-- Charles DeGaulle
Alexis Huxley
smarttable.
> 1) the MUA (not MTA) is to rewrite the following:
"MTA (not MUA)" I meant!
> 'From: alexis' --> 'From: ahu...@gmx.net'
> 'From: fred' --> 'From: fred....@gmx.net'
Okay, done with genericstable. Outgoing mail has the headers
rewritten.
> 2) ensure that remotely-posted mail to ahu...@gmx.net
> and fred....@gmx.net is accepted when fetchmail gets
> mails from GMX with POP3 and injects it into the
> locally-running sendmail.
Okay, done with virtusertable. mail to 'ahu...@gmx.net' is accepted ...
> 3) ensure that locally-posted mail to 'alexis' and 'fred' is
> (a) delivered and (b) does not leave the machine during
> delivery
... and goes directly to me.
> 4) redirect all mail from users whose rewritten address
> is <something>@gmx.net (which is to be sent off the machine)
> to GMX's mail server mail.gmx.net.
Okay, I'm trying smarttable, and it passes the tests outlined at
http://anfi.homeunix.net/sendmail/smarttab.html#tests fine:
dione:/etc/mail# { echo "3,0 blah...@blah.com"; echo ".Dfah...@gmx.net"; echo "3,0 blah...@blah.com"; } | sendmail -C sendmailf -bt
....
canonify input: blahblah @ blah . com
Canonify2 input: blahblah < @ blah . com >
Canonify2 returns: blahblah < @ blah . com . >
canonify returns: blahblah < @ blah . com . >
parse input: blahblah < @ blah . com . >
Parse0 input: blahblah < @ blah . com . >
Parse0 returns: blahblah < @ blah . com . >
Parse1 input: blahblah < @ blah . com . >
SmartTable input: blahblah < @ blah . com . >
MailerToTriple input: < mail . gmx . net > blahblah < @ blah . com . >
MailerToTriple returns: $# relay $@ mail . gmx . net $: blahblah < @ blah . com . >
SmartTable returns: $# relay $@ mail . gmx . net $: blahblah < @ blah . com . >
Parse1 returns: $# relay $@ mail . gmx . net $: blahblah < @ blah . com . >
parse returns: $# relay $@ mail . gmx . net $: blahblah < @ blah . com . >
But when I actually post with something it does not go via the
relay: here's the headers of something I sent:
> Return-Path: <ahu...@gmx.net>
> Received: from rocky.hq.eso.org (rocky.hq.eso.org [134.171.42.43])
> by mercury.hq.eso.org (8.12.6/8.12.6) with ESMTP id i2QKt3EJ015874
> for <ahu...@eso.org>; Fri, 26 Mar 2004 21:55:03 +0100 (MET)
> Received: from dione.myth.net (p508057AB.dip.t-dialin.net [80.128.87.171])
> by rocky.hq.eso.org (8.12.10+Sun/8.12.10) with ESMTP id i2QKt1mW024322
> for <ahu...@eso.org>; Fri, 26 Mar 2004 21:55:02 +0100 (CET)
> Received: from dione.myth.net (localhost [127.0.0.1])
> by dione.myth.net (8.12.11.Beta0/8.12.11.Beta0/Debian-1) with ESMTP id i2QKt1EL009915
> for <ahu...@eso.org>; Fri, 26 Mar 2004 21:55:01 +0100
> Received: (from alexis@localhost)
> by dione.myth.net (8.12.11.Beta0/8.12.11.Beta0/Debian-1) id i2QKt1YY009913
> for ahu...@eso.org; Fri, 26 Mar 2004 21:55:01 +0100
> Date: Fri, 26 Mar 2004 21:55:01 +0100
> From: Alexis Huxley <ahu...@gmx.net>
> Message-Id: <200403262055....@dione.myth.net>
> To: ahu...@eso.org
> Subject: test 67
> X-Scanned-By: MIMEDefang 2.35
> X-PMX-Version: 4.1.0.84332
> X-Virus-Scanned: by amavisd-milter (http://amavis.org/)
>
> Fri Mar 26 21:55:01 CET 2004
As you see, the From address as been correctly rewritten, but
mail.gmx.net has not shown up; it went direct to the recipient's
host-portion's MX holder.
Here is my (comment stripped) sendmail.mc, with a little bit of
annotation:
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.12.11.Beta0-1 2004-01-05 19:17:52 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
LOCAL_CONFIG
MASQUERADE_AS(`dione.no-ip.org')dnl
dione.no-ip.org is the free name that maps back to my T-Online supplied
IP address. It is here to provide the default host-portion of email
addresses for users not in genericstable.
FEATURE(`masquerade_envelope')dnl
FEATURE(`local_no_masquerade')dnl
FEATURE(`genericstable')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
FEATURE(`virtusertable')dnl
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtuser-domains')dnl
FEATURE(`smarttable')dnl
LOCAL_CONFIG
Cwdione.myth.net
dione.myth.net is the name of the machine on my home network;
myth.net being my home domain.
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`smrsh')dnl
dnl #
dnl # Dialup/LAN connection overrides
dnl #
include(`/etc/mail/dialup.m4')dnl
include(`/etc/mail/provider.m4')dnl
dnl #
MAILER_DEFINITIONS
MAILER(local)dnl
MAILER(smtp)dnl
LOCAL_CONFIG
## Custom configurations below (will be preserved)
I guess the envelope address is not being set correctly, because in
test mode, smarttable is doing the right thing.
This sounds quite like a problem also reported in this group (see
http://tinyurl.com/2gzag ).
Can anyone offer any advice? Many thanks!
Alexis
Andrzej Adam Filip
> Me again :-) Some progress ... but now I'm blocked at
> smarttable.
>
>
>> 1) the MUA (not MTA) is to rewrite the following:
>
> "MTA (not MUA)" I meant!
>
>> 'From: alexis' --> 'From: ahu...@gmx.net'
>> 'From: fred' --> 'From: fred....@gmx.net'
>
>
> Okay, done with genericstable. Outgoing mail has the headers
> rewritten.
>
>> 4) redirect all mail from users whose rewritten address
>> is <something>@gmx.net (which is to be sent off the machine)
>> to GMX's mail server mail.gmx.net.
>
>
> Okay, I'm trying smarttable, and it passes the tests outlined at
> http://anfi.homeunix.net/sendmail/smarttab.html#tests fine:
>
> But when I actually post with something it does not go via the
> relay: here's the headers of something I sent:
>
> As you see, the From address as been correctly rewritten, but
> mail.gmx.net has not shown up; it went direct to the recipient's
> host-portion's MX holder.
Sorry for my misleading post.
smartable uses $f to get sender address. $f *IS NOT* rewritten by genericstable.
[According to 3rd Bat Book $f is only processed by rulesets 3,1,4].
> [...]
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
Better tried by twelve than carried by six.
-- Jeff Cooper
Alexis Huxley
> [According to 3rd Bat Book $f is only processed by rulesets 3,1,4].
Okay, thanks, I rewrote the contents of smarttable as:
<local-user-name>@<fully-qualified-homenet-name><tab><mail-relay>
i.e.:
ale...@dione.myth.net mail.gmx.net
and now it seems to work.
Now when I post, the mail - correctly - bounces back from GMX's
mail server:
... while talking to mail.gmx.net.:
>>> MAIL From:<ahu...@gmx.net> AUTH=<>
<<< 550 5.7.0 {mp004} Need to authenticate via SMTP-AUTH-Login
554 5.0.0 Service unavailable
but at least it is trying to send it via the correct relay. Good.
What is worrying, is that in the mail which GMX returns to me (which
includes the above dialogue) there is also the original mail that
it received from my machine, and in this original mail, the 'From:'
address has *NOT* been substituted!
[-- Attachment #3 --]
[-- Type: message/rfc822, Encoding: 7bit, Size: 0.6K --]
Date: Sat, 27 Mar 2004 12:30:05 +0100
From: Alexis Huxley <ale...@dione.myth.net>
To: ahu...@eso.org
Subject: test 75
Sat Mar 27 12:30:05 CET 2004
Will this magically correct itself when I have authentication corrected
(in a couple of hours), or is use of genericstable and smarttable,
to this extent, mutually exclusive? Thanks again ...
Alexis
PS If I get this working then I'll post a summary of what I did from
start to finish :-)
Per Hedeland
<ahu...@gmx.net> writes:
>
>Now when I post, the mail - correctly - bounces back from GMX's
>mail server:
>
> ... while talking to mail.gmx.net.:
> >>> MAIL From:<ahu...@gmx.net> AUTH=<>
> <<< 550 5.7.0 {mp004} Need to authenticate via SMTP-AUTH-Login
> 554 5.0.0 Service unavailable
>
>but at least it is trying to send it via the correct relay. Good.
>
>What is worrying, is that in the mail which GMX returns to me (which
>includes the above dialogue) there is also the original mail that
>it received from my machine, and in this original mail, the 'From:'
>address has *NOT* been substituted!
No - GMX never received the mail, since it rejected the transaction
already at 'MAIL From:' - i.e. the original message included in the
bounce is provided by your local sendmail (which is also the one
generating the bounce, of course). That message will not have had
"genericsizing"/masquerading done to it, since this happens when the
message is actually sent.
--Per Hedeland
p...@hedeland.org
Andrzej Adam Filip
Alexis,
To make your sendmail 8.12 authenticate itself to gmx server use advices from
http://www.sendmail.org/m4/smtp_auth.html
(after "If sendmail acts as client ...")
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
Pray: To ask that the laws of the universe be annulled in behalf of a single
petitioner confessedly unworthy.
-- Ambrose Bierce
Alexis Huxley
> already at 'MAIL From:' - i.e. the original message included in the
Yup, I just did the authinfo stuff, and it did the right thing! Great!
Thank you.
So now I have one particular GMX user's account information in the
authinfo map:
AuthInfo:mail.gmx.net "U:ahu...@gmx.net" "I:ahu...@gmx.net" "P:XXXXXXX" "M:CRAM-MD5"
But when I post as another local user who also has a GMX account,
it bounces back with:
----- The following addresses had permanent fatal errors -----
ahu...@eso.org
(reason: 550 5.7.0 {mp004} Sender address does not belong to logged in user)
----- Transcript of session follows -----
... while talking to mail.gmx.net.:
>>> MAIL From:<another-local-user...@gmx.net> AUTH=<>
<<< 550 5.7.0 {mp004} Sender address does not belong to logged in user
554 5.0.0 Service unavailable
What do GMX mean by "logged in user" above? I mean I'm not logged in,
and I'm just trying to pass this authentication info, so (if it is not
yet looking at the headers of the mail) then where is the mismatch that
causes the error?
>>> What was rejected by the smart host ?
>>> a) envelope sender address
>>> FIX: masquerading *only* envelope sender with, header sender untouched -
>>> requires m4 files patches
>>> b) header sender address
>>> IMHO It requires patching cf/m4/proto.m4
>>> The best way would be to look for "outgoing credentials" based on
>>> 1) destination-host & incoming SMTP AUTH username & envelope sender
>>> 2) destination-host & incoming SMTP AUTH username
>>> 3) destination-host
I'm not sure from the above error message exactly why it was rejected.
Okay, before I go and buy the Bat book so I can patch the authinfo
section of proto.m4 :-) how can I tell if it is the envelope sender
address? Does the above error message say? And if it is, then how
do I masquerade *only* the envelope? Here's the local section of
my sendmail.mc:
MASQUERADE_AS(`dione.no-ip.org')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`local_no_masquerade')dnl
FEATURE(`genericstable')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
FEATURE(`virtusertable')dnl
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtuser-domains')dnl
FEATURE(`smarttable')dnl
FEATURE(`authinfo')dnl
I tried taking out the 'MASQUERADE_AS(...)' but then the address
passed in to 'MAIL From: ...' reverts to ale...@dione.myth.net, and
of course the hostname portion causes problems, so I must use
MASQUERADE_AS.
Alexis
Per Hedeland
<ahu...@gmx.net> writes:
>
>So now I have one particular GMX user's account information in the
>authinfo map:
>
> AuthInfo:mail.gmx.net "U:ahu...@gmx.net"
>"I:ahu...@gmx.net" "P:XXXXXXX" "M:CRAM-MD5"
>
>But when I post as another local user who also has a GMX account,
>it bounces back with:
>
> ----- The following addresses had permanent fatal errors -----
> ahu...@eso.org
> (reason: 550 5.7.0 {mp004} Sender address does not belong to
>logged in user)
>
> ----- Transcript of session follows -----
> ... while talking to mail.gmx.net.:
> >>> MAIL From:<another-local-user...@gmx.net> AUTH=<>
> <<< 550 5.7.0 {mp004} Sender address does not belong to logged in user
> 554 5.0.0 Service unavailable
>
>What do GMX mean by "logged in user" above? I mean I'm not logged in,
>and I'm just trying to pass this authentication info, so (if it is not
>yet looking at the headers of the mail) then where is the mismatch that
>causes the error?
It considers the envelope sender (given at 'MAIL From:') to "mismatch"
the authentication (done with SMTP AUTH at the beginning of the
session). Of course this is broken, SMTP AUTH authenticates the client
SMTP host for an SMTP session, not individual messages from individual
senders - but I think you already know that.
>Okay, before I go and buy the Bat book so I can patch the authinfo
>section of proto.m4 :-) how can I tell if it is the envelope sender
>address? Does the above error message say?
Yes, see above. Of course we don't know from that whether it will check
the header sender *too* (since it never received any headers in this
case) - you could check by doing something like:
echo 'From: <anoth...@gmx.net>' | sendmail -f ahu...@gmx.net
> And if it is, then how
>do I masquerade *only* the envelope?
This is not possible with the standard features, you'd have to define a
mailer that did this (basically a copy of one of the SMTP mailers with
the S=rule1/rule2 parameter changed - rule1 is envelope rewriting, rule2
is header rewriting). Of course masquerading different users with the
same envelope sender address will have the side effect that all bounces
and other automatic notifications will be sent to that "masquerade"
address rather than to the actual sender.
You don't need to modify authinfo for this though, that would be for
working around the problem the other way around - i.e. authenticating as
the actual envelope sender of the message. Andrzej disccussed that in an
earlier message (I snipped that part here). In addition you'd have to
make sure that any SMTP session would only send messages from the user
that was used for authentication - I think the only way to do this would
be to tell sendmail to send at most one message per session, this can be
done with define(`SMTP_MAILER_MAXMSGS', `1') (or RELAY_MAILER_MAXMSGS to
have it apply to only the 'relay' mailer) in the .mc file.
--Per Hedeland
p...@hedeland.org
Alexis Huxley
>>authinfo map:
>>
>> AuthInfo:mail.gmx.net "U:ahu...@gmx.net"
>>"I:ahu...@gmx.net" "P:XXXXXXX" "M:CRAM-MD5"
>>
>>But when I post as another local user who also has a GMX account,
>>it bounces back with:
> session). Of course this is broken, SMTP AUTH authenticates the client
> SMTP host for an SMTP session, not individual messages from individual
> senders - but I think you already know that.
Yes, I'd realised that it was meant to authenticate the host whereas
I'm providing per-user credentials, but not where the 'other half'
of the mismatch was. I understand now. Thanks.
> Yes, see above. Of course we don't know from that whether it will check
> the header sender *too* (since it never received any headers in this
> case) - you could check by doing something like:
>
> echo 'From: <anoth...@gmx.net>' | sendmail -f ahu...@gmx.net
Okay, I had to change the envelope-sender address to a local user
name in order that it got processed by smarttable (otherwise the
mail still went, but went direct to the recipient's host's MX holder
instead of via GMX):
fred@dione:~$ echo 'From: <fred.NOSP...@gmx.net>' | /usr/lib/sendmail -falexis ahu...@eso.org
fred@dione:~$
(ahu...@eso.org is my work address where I can receive all these
tests. NOSPAM only written here.)
And amazingly, it worked! Here's the relevent bit of the headers
as seen by the recipient:
Received: from pD9E4E294.dip.t-dialin.net (EHLO dione.myth.net) (217.228.226.148)
by mail.gmx.net (mp016) with SMTP; 28 Mar 2004 16:07:15 +0200
X-Authenticated: #13979910
Received: from dione.myth.net (localhost [127.0.0.1])
by dione.myth.net (8.12.11.Beta0/8.12.11.Beta0/Debian-1) with ESMTP id i2SE7E2i015470
for <ahu...@eso.org>; Sun, 28 Mar 2004 16:07:14 +0200
Received: (from fred@localhost)
by dione.myth.net (8.12.11.Beta0/8.12.11.Beta0/Debian-1) id i2SE7E61015468
for ahu...@eso.org; Sun, 28 Mar 2004 16:07:14 +0200
Date: Sun, 28 Mar 2004 16:07:14 +0200
Message-Id: <200403281407....@dione.myth.net>
X-Authentication-Warning: dione.myth.net: fred set sender to alexis using -f
From: <fred.NOSP...@gmx.net>
>> And if it is, then
Okay, it *is*; i.e. when the envelope agrees with the authentication
info then it works, even though the headers themselves do not agree
with the envelope.
>>how
>>do I masquerade *only* the envelope?
>
> This is not possible with the standard features, you'd have to define a
> mailer that did this (basically a copy of one of the SMTP mailers with
> the S=rule1/rule2 parameter changed - rule1 is envelope rewriting, rule2
> is header rewriting). Of course masquerading different users with the
> same envelope sender address will have the side effect that all bounces
> and other automatic notifications will be sent to that "masquerade"
> address rather than to the actual sender.
Okay, so if I go for this way of doings then I will:
1) create a GMX account called 'myth.net-authenticator'
or something like that
2) put myth.net-authenticator's credentials in the authinfo
file and remove the existing real user's info (which
would then only be needed by this user when he visit's
an internet cafe)
3) add something to virtusertable to ensure that bounces
(and GMX's newsletters) go to the local postmaster.
Yes, I like the idea of this 'authenticator' pseudo-user; it makes
it much clearer that it is the *host* that is requesting to be
authenticated in order to use the relay, and not the individual
users' use of the relay.
Alternatively:
> ... authenticating as
> the actual envelope sender of the message. Andrzej disccussed that in an
> earlier message (I snipped that part here). In addition you'd have to
Yup, okay, that's the proto.m4 fixing thing.
> make sure that any SMTP session would only send messages from the user
> that was used for authentication - I think the only way to do this would
> be to tell sendmail to send at most one message per session, this can be
> done with define(`SMTP_MAILER_MAXMSGS', `1') (or RELAY_MAILER_MAXMSGS to
> have it apply to only the 'relay' mailer) in the .mc file.
Okay, yes, I didn't think of that, but now you say it, it is clear that
it is needed. Thanks!
Which solution I do boils down to a combination of:
1) which is easier for a zero-experience .cf coder
2) which is the more desired and easily-used by others
who might be in the same situation
3) which is - philosophically speaking - the 'right-est'
solution
I'll happily have a go at coding one of these, but advice on the
above points would be useful first.
(My impression is that the authinfo solution is the better for (1)
and (2), but that the new-mailer+authenticator-user are the better
solution for (3).)
One very trivial point; in the EHLO negotiation, it can be seen
that although my machine masquerades as dione.no-ip.org (which is
one of these free DNS lookup services to map that fixed name to my
T-Online dynamic IP), my machine says EHLO using the *internally*
recognised name, which is in the local DNS.
Are there any 'bad' side effects of not also using the masqueraded
name in the EHLO? And if so, how should I change it?
Many many thanks for all help (and patience!) given so far ... I
will summarise all of this when I get to the final solution.
Alexis
Andrzej Adam Filip
>[...]
> You don't need to modify authinfo for this though, that would be for
> working around the problem the other way around - i.e. authenticating as
> the actual envelope sender of the message. Andrzej disccussed that in an
> earlier message (I snipped that part here). In addition you'd have to
> make sure that any SMTP session would only send messages from the user
> that was used for authentication - I think the only way to do this would
> be to tell sendmail to send at most one message per session, this can be
> done with define(`SMTP_MAILER_MAXMSGS', `1') (or RELAY_MAILER_MAXMSGS to
> have it apply to only the 'relay' mailer) in the .mc file.
[I HAVE NOT TESTED IT]
You may
1) create the following wild card a record in local DNS domain
*.gmx IN A _ip_of_mail.gmx.net_
2) use smarttable to select "per sender" gmx relay
smarttable:
us...@gmx.net smtp:user1.gmx.local.dns.domain
3) specify authentication credential for "pseudo host"
AuthInfo:user1.gmx.local.dns.domain "U:us...@gmx.net" ....
It should allow sendmail to cache "per single gmx user" connections and send
multiple messages over the same connection. Sendmail caches/creates SMTP
connections based on ("mailer name","host name after MX expansion") pair.
[ Do not use default esmtp mailer in the above mentioned smarttable entries]
Please let me know if it works as expected.
P.S.
How many "remote accounts" are you going to use ?
For 10-20 "remote accounts" it may be agood idea to keep all tables
(virtusetable, genericstable, smarttable, authinfo) in *ONE* text file
accesses via "text" maps. Text map may create performance problems for more
users (linear search).
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
He is not poor that hath not feel content.
-- Japanese Proverb
Alexis Huxley
> 1) create the following wild card a record in local DNS domain
> *.gmx IN A _ip_of_mail.gmx.net_
>
> 2) use smarttable to select "per sender" gmx relay
> smarttable:
> us...@gmx.net smtp:user1.gmx.local.dns.domain
>
> 3) specify authentication credential for "pseudo host"
>
> AuthInfo:user1.gmx.local.dns.domain "U:us...@gmx.net" ....
Wow! that's so perverse ;-) but I can see it will work! The only risk
is that I'll forget about this and wonder why it doesn't work when
GMX have a crash and switch to a backup mail.gmx.net.
I think I'll try to fixing one of the m4 files (as in previous news
article) befoee I go ahead and try this.
> How many "remote accounts" are you going to use ?
At the moment it's five, this may go up in the future though as I
give accounts to friends.
> For 10-20 "remote accounts" it may be agood idea to keep all tables
> (virtusetable, genericstable, smarttable, authinfo) in *ONE* text file
> accesses via "text" maps. Text map may create performance problems for more
> users (linear search).
Ah ... okay, what I was planning was a shell script called from cron
that read a file (e.g. ~/.personal-send-mail-config) from each user
and constructed these files.
Have you any thoughts on which of the two m4 solutions would be the
better? Thanks!
Alexis
Andrzej Adam Filip
>>You may
>>1) create the following wild card a record in local DNS domain
>>*.gmx IN A _ip_of_mail.gmx.net_
>>
>>2) use smarttable to select "per sender" gmx relay
>>smarttable:
>>us...@gmx.net smtp:user1.gmx.local.dns.domain
>>
>>3) specify authentication credential for "pseudo host"
>>
>>AuthInfo:user1.gmx.local.dns.domain "U:us...@gmx.net" ....
>
>
> Wow! that's so perverse ;-) but I can see it will work!
As you can see it is not hard to push sendmail beyond limits of german
imagination ;)
> The only risk
> is that I'll forget about this and wonder why it doesn't work when
> GMX have a crash and switch to a backup mail.gmx.net.
It can be "fixed" too.
What do you prefer:
a) small sendmail source code patch of sendmail/mci.c [no DNS tricks]
b) small perl server
> I think I'll try to fixing one of the m4 files (as in previous news
> article) befoee I go ahead and try this.
>
>>How many "remote accounts" are you going to use ?
>
> At the moment it's five, this may go up in the future though as I
> give accounts to friends.
>
>>For 10-20 "remote accounts" it may be agood idea to keep all tables
>>(virtusetable, genericstable, smarttable, authinfo) in *ONE* text file
>>accesses via "text" maps. Text map may create performance problems for more
>>users (linear search).
>
> Ah ... okay, what I was planning was a shell script called from cron
> that read a file (e.g. ~/.personal-send-mail-config) from each user
> and constructed these files.
>
> Have you any thoughts on which of the two m4 solutions would be the
> better? Thanks!
IMHO single "text file database" (tab separated verbs) for all databases would
be better for *SMALL* number of "localized remote addresses".
Do you want to test/debug it ?
--
Andrzej [en:Andrew] Adam Filip an...@priv.onet.pl an...@xl.wp.pl
http://anfi.homeunix.net/ http://slashdot.org/~anfi
*Random Epigram* :
The nice thing about standards is that there are so many of them to choose from.
-- Andrew S. Tanenbaum
Alexis Huxley
> and (2), but that the new-mailer+authenticator-user are the better
> solution for (3).)
I did it! Yeah :-)) I did the 'authinfo' approach. An hour's reading
of the Bat book, and then looking for patterns in the appropriate
bit if proto.m4. I tried it from a couple of accounts and each
authenticates with his own credentials! Excellent! :-))
I'll write up the *whole* procedure and post it here in a day or so,
and stick it on the web.
Many many thanks to all for much help, particularly Andrzej and Per!
Very much appreciated!
Alexis
Alexis Huxley
get sendmail deliverying mail via GMX's mail servers, when there
are multiple local users with GMX mail accounts.
First a few warnings and bits of info about the procedure:
- I use GNU/Debian Linux so there are a few bits of this
procedure that are specific to this OS; e.g. package names
and path names.
- this is an extract of documented installation of my
machines, which is at http://dione.no-ip.org/~alexis/STABLE/advocacy/ahdg/
- the usual convention of using angled brackets around
something you have to work out yourself applies e.g.
<externally-recognised-fqhn>. The convention of using
bold for output and roman for input obviously can't
be used here, but is used at the URL specified above.
- watch out of use of tab characters; these are generally
encoded as '<tab>'.
Virtually none of this is my own work; I have just assembled
the advice offered by others on comp.mail.sendmail into a
procedure, which I have actually used, and I know works. I am
just posting it in the hope that it will save someone else
some effort.
Alexis
---------------------- start -------------------------
3. Install the following packages and their prerequisites:
sendmail
and follow the prompts as below:
Configure now ? (y/N) y
Mail name? [] <internally-recognised-fqhn>
Null client forward host? []
Smart Host:? []
Disable address canonification? [N]
Enable the SMTP mailer? [Y]
Masquerade envelopes? [Y]
All masquerade? [N]
Dont masquerade local? [N] y
Always add domain? [N]
Accept mail for `<your_public_hostname>'? [Y]
Alternate names? [] localhost <internally-recognised-uqhn> <externally-recognised-fqhn>
Trusted users? []
Enable redirect option? [N]
Enable UUCP addressing? [Y]
Enable sticky host option? [N]
Enable DNS? [Y]
Assume best MX is local? [N]
Enable the mailertable feature? [N]
Use the Sendmail Restricted Shell (smrsh)? [Y]
Mailer name? [MAILER-DAEMON]
Enable me too option? [N]
Message timeouts? [4h/5d]
Start sendmail now? (Y/n)
4. The name of the host which, to the outside world,
we will masquerade as has not been set by the
above! Edit /etc/mail/sendmail.mc and add the
following lines to the LOCAL_CONFIG section:
MASQUERADE_AS(`<externally-recognised-fqhn>')dnl
FEATURE(`masquerade_entire_domain')dnl
RELAY_DOMAIN(`<internally-recognised-domainname>')dnl
FEATURE(`masquerade_envelope')dnl
5. Regenerate the config files, reload them by running:
root# sendmailconfig
Configure sendmail with the existing /etc/mail/sendmail.conf? [Y]
Configure sendmail with the existing /etc/mail/sendmail.mc? [Y]
Reload the running sendmail now with the new configuration? [Y]
Testing:
1. Verify the output of the following command:
root# egrep ^DM /etc/mail/sendmail.cf
DM<externally-recognised-fqhn>
2. If you know a email address for which the MX
holder does not refuse mail directly from DUL, then
now send an email to it and verify receipt. Check
that it was correctly masqueraded.
3. If you have other machines in the home network
then send mail from one of them and very that the
relaying and masquerading was done correctly.
10.3.2 Extending host-based authentication to host-and-user-based authentication.
Procedure
1. Run the following command and verify the output:
user$ ident /usr/share/sendmail/cf/m4/proto.m4 | xargs echo | cut -f4 -d' '
8.649.2.28
user$
2. Edit the file /usr/share/sendmail/cf/m4/proto.m4 and
replace this:
R$* $: <$(authinfo AuthInfo:$&{server_name} $: ? $)>
with this:
R$* $: <$(authinfo AuthInfo:$&{server_name}:$&f $: ? $)>
R<?> $: <$(authinfo AuthInfo:$&{server_name} $: ? $)>
(The large amount of space after the first
word on each line must be a tab! The new version of proto.m4
is included in the source distribution of this document.)
3. Edit /etc/mail/sendmail.mc and in the LOCAL_CONFIG
section add the following line:
define(`RELAY_MAILER_MAXMSGS',`1')dnl
(This will prevent two mails from two different local users,
but both meant to go through the same mail relay, from sharing
credentials.)
4. Regenerate the sendmail configuration files as described
above.
10.3.3 Sender-address rewriting and sender-address based routing
Procedure
1. Edit /etc/mail/sendmail.mc and add the following
lines inside the LOCAL_CONFIG section:
FEATURE(`genericstable')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
2. Edit /etc/mail/genericstable and add lines of the form:
<local-user-name><tab><externally-recognisable-email-address>
for example:
alexis ahu...@gmx.net
fred fred....@hotmail.com
3. Run the command:
root# makemap hash /etc/mail/genericstable < /etc/mail/genericstable
4. Edit /etc/mail/generics-domains and add just:
<internally-recognised-fqhn>
5. Edit /etc/mail/sendmail.mc and add the following
lines inside the LOCAL_CONFIG section:
FEATURE(`virtusertable')dnl
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtuser-domains')dnl
6. Edit /etc/mail/virtusertable and, for each local
user, add a line of the form:
<externally-recognisable-email-address><tab><local-user-name>
for example:
ahu...@gmx.net alexis
fred....@hotmail.com fred
7. Run the command:
root# makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable
8. Edit /etc/mail/virtuser-domains and add entries of
the form:
<fqhn-part-of-externally-recognisable-email-address>
for example:
9. Edit /etc/mail/smarttable and, for each local user, add
an entry of the form:
<local-user-name>@<internally-recognised-fqhn><tab><fqhn-of-mail-server>
for example:
ale...@dione.myth.net mail.gmx.net
(These instructions related to smarttable are taken from
http://anfi.homeunix.net/sendmail/smarttab.html.)
10. Run the command:
root# makemap hash /etc/mail/smarttable < /etc/mail/smarttable
11. Download smarttable.m4 from
http://anfi.homeunix.net/sendmail/smarttab.html and
save it into /usr/share/sendmail/cf/feature/.
12. Edit /etc/mail/sendmail.mc and add the following
lines inside the LOCAL_CONFIG section:
FEATURE(`smarttable')dnl
13. Edit /etc/mail/authinfo and, for each mail relay,
add an entry of the form:
AuthInfo:<fqhn-of-mail-server>:<local-user-name>@<internally-recognised-fqhn><tab>"U:<account-at-webmail-provider-of-any-local-user>" "I:<account-at-webmail-provider-of-any-local-user>" "P:<password>" "M:<authentification-method>"
e.g.:
AuthInfo:mail.gmx.net:ale...@dione.myth.net "U:ahu...@gmx.net" "I:ahu...@gmx.net" "P:XXXXXX" "M:CRAM-MD5"
AuthInfo:mail.gmx.net:fr...@dione.myth.net "U:fred....@hotmail.com" "I:fred....@hotmail.com" "P:YYYYYY" "M:CRAM-MD5"
14. Regenerate the sendmail config files and reload
them as instructed above.
Testing
1. Send out a mail to a remote address and check the
headers to see that it went via the correct relay.
2. Send a mail from another host on the home network
and check the headers to see that it went via the
relay (and was correctly masqueraded).
---------------------- end -------------------------