MASQURADE_AS Solaris 10 not working
stra...@notapplicable.yahoo.com
please edit return address when replying to prevent spam. thank you.
--------------------
Greetings,
I have an issue with sendmail 8.14.4 and MASQUERADE_AS( ).
Solaris 10u9 on Sparc.
I have checked svccfg properties and sendmail is using sendmail.cf and
not local.cf.
This is a local machine that uses Exchange 07 as its SMTP host.
I've copied /usr/lib/mail/sendmail.mc to sendmail.mc.orig then edited:
/usr/lib/mail/sendmail.mc
Everything that is commented out was tried and did not work, but I
left it in there so as not to try it again as my memory is not what it
once was.
divert(0)dnl
VERSIONID(`sendmail.mc (Sun)')
OSTYPE(`solaris8')dnl
DOMAIN(`solaris-generic')dnl
#
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl
MASQUERADE_AS(`cd.company.com')dnl
#MASQUERADE_DOMAIN(`na.company.local')dnl
#
#FEATURE(`always_add_domain')dnl
#FEATURE(`allmasquerade')dnl
#define(`confDOMAIN_NAME', `cd.company.com')dnl
#
#FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl
#GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl
#FEATURE(generics_entire_domain)dnl
#GENERICS_DOMAIN(`cd.company.com')
#
MAILER(`local')dnl
MAILER(`smtp')dnl
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
Once this was completed, I run a quick script from /usr/lib/mail/
#/bin/sh
svcadm -v disable sendmail
/usr/ccs/bin/make
cp /usr/lib/mail/sendmail.cf /etc/mail/sendmail.cf
svcadm -v enable sendmail
which outputs:
svc:/network/smtp:sendmail disabled.
test ! -f sendmail.cf || /usr/bin/mv sendmail.cf sendmail.cf.prev
/usr/ccs/bin/m4 ../m4/cf.m4 sendmail.mc > sendmail.cf
svc:/network/smtp:sendmail enabled.
If I send an email locally it works as expected, the domain gets
rewritten. However, when I send to an external domain, then it does
not work as expected, and I end up with sent from:
us...@localmachine.domainname.local
-----------------------------------------------------
BEFORE THE CHANGE:
Mail to root as a normal user.
Message 1:
From zc12...@nadc-jss-p01.na.company.local Wed Sep 7 10:15:58 2011
Date: Wed, 7 Sep 2011 10:15:58 -0700 (PDT)
From: Smith <zc12...@nadc-jss-p01.na.company.local>
To: ro...@nadc-jss-p01.na.company.local
Subject: test
this is a test
------------------------------------------------------
AFTER THE CHANGE:
mail to local root as a normal user.
? 5
Message 5:
From bill....@cd.company.com Thu Sep 22 19:32:50 2011
Date: Thu, 22 Sep 2011 19:32:50 -0700 (PDT)
From: Smith <bill....@cd.company.com>
To: ro...@nadc-jss-p01.na.company.local
Subject: test
this is a test
------------------------------------------------------
more /etc/mail/genericstable
zc1268as bill....@cd.company.com
------------------------------------------------------
-bash-3.00$ /usr/lib/sendmail -d0.12 -bt < /dev/null
Version 8.14.4+Sun
Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER
MIME7TO8
MIME8TO7 NAMED_BIND NDBM NETINET NETINET6 NETUNIX
NEWDB NIS
NISPLUS PIPELINING SCANF STARTTLS TCPWRAPPERS USERDB
USE_LDAP_INIT XDEBUG
OS Defines: HASCLOSEFROM HASFCHOWN HASFCHMOD HASFDWALK
HASGETUSERSHELL HASINITGROUPS HASLDAPGETALIASBYNAME
HASLSTAT
HASNICE HASRANDOM HASRRESVPORT HASSETREGID HASSETREUID
HASSETRLIMIT HASSETSID HASSETVBUF HASURANDOMDEV
HASSTRERROR
HASULIMIT HASUNAME HASUNSETENV HASWAITPID IDENTPROTO
IP_SRCROUTE SAFENFSPATHCONF SYS5SETPGRP SYSTEM5
USE_DOUBLE_FORK
USE_SA_SIGACTION USE_SIGLONGJMP USESETEUID
Kernel symbols: /dev/ksyms
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
libsm Defines: SM_CONF_GETOPT SM_CONF_LDAP_MEMFREE SM_CONF_LONGLONG
SM_CONF_MEMCHR SM_CONF_MSG SM_CONF_SEM
SM_CONF_SETITIMER
SM_CONF_SIGSETJMP SM_CONF_SHM SM_CONF_SSIZE_T
SM_CONF_STDDEF_H
SM_CONF_UID_GID DO_NOT_USE_STRCPY SM_HEAP_CHECK
SM_OS=sm_os_sunos SM_VA_STD
Canonical name: nadc-jss-p01.cd.company.local
UUCP nodename: nadc-jss-p01
a.k.a.: nadc-jss-p01
a.k.a.: loghost
a.k.a.: [159.119.238.131]
a.k.a.: [127.0.0.1]
a.k.a.: [172.22.81.10]
a.k.a.: nadc-jss-p01-latisys
Conf file: /etc/mail/sendmail.cf (selected)
Pid file: /var/run/sendmail.pid (selected)
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = nadc-jss-p01
(canonical domain name) $j = cd.company.com
(subdomain name) $m = na.company.local
(node name) $k = nadc-jss-p01
========================================================
I've looked at the Oracle metalink article on this but it fails to
accomplish:
1003568.1
ISSUE:
How to implement masquerading for a Solaris 8 or Solaris 9 sendmail
mailhost (main) or client (subsidiary) machine.
SOLUTION:
1. Add the following 4 lines to the appropriate .mc file:
(The template files, main-v7sun.mc and subsidiary-v7sun.mc can be
found
in /usr/lib/mail/cf.)
NOTE: These lines must come after the "DOMAIN(solaris-generic)dnl"
line
and before the "MAILER(local)dnl" line.
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl
*MASQUERADE_AS(masq_domain.com)dnl
MASQUERADE_DOMAIN(masq_domain.com)dnl
*Substitute your domain name for "masq_domain.com".
2. Edit the .mc file and compile it to generate a new sendmail.cf
file.
For example:
# cd /usr/lib/mail/cf
# cp main.mc hostname.mc
# vi hostname.mc
(add the following lines, as directed above)
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl
MASQUERADE_AS(foo.com)dnl
MASQUERADE_DOMAIN(undesirable_domain)dnl
(and save the file)
then...
# pwd
/usr/lib/mail/cf
# /usr/ccs/bin/make hostname.cf
NOTE: Substitute the name of the machine for "hostname", referenced in
the commands (above and below).
The line MASQUERADE_AS means you are only using the domain name
foo.com
and MASQUERADE_DOMAIN means you are converting user@undesirable_domain
to
us...@foo.com.
# cp hostname.cf /etc/mail/sendmail.cf
and stop/start sendmail:
#/etc/init.d/sendmail stop
#/etc/init.d/sendmail start
NOTE: When you test this, test from a regular user account, not the
root
account, unless the following line is commented out in the sendmail.cf
file:
CE root
Any advice/pointers things to try are much appreciated at this point
as I have exhausted all my resources.
I am going to open a SR with Oracle but I imagine they will only point
me to the metalink I've already read and then tell me that this is not
supported under my platinum contract or whatever it is now.
TIA!
jeff
Kees Theunissen
> --------------------
> please edit return address when replying to prevent spam. thank you.
> --------------------
>
> Greetings,
> I have an issue with sendmail 8.14.4 and MASQUERADE_AS( ).
> Solaris 10u9 on Sparc.
> I have checked svccfg properties and sendmail is using sendmail.cf and
> not local.cf.
>
> This is a local machine that uses Exchange 07 as its SMTP host.
>
> I've copied /usr/lib/mail/sendmail.mc to sendmail.mc.orig then edited:
> /usr/lib/mail/sendmail.mc
>
> Everything that is commented out was tried and did not work, but I
> left it in there so as not to try it again as my memory is not what it
> once was.
Did you record somewhere how you combined the different "FEATURES"
and "defines". You need a proper combination of those to get it
working. And you'll get a lot of not working combinations if you
just try them at random.
> divert(0)dnl
> VERSIONID(`sendmail.mc (Sun)')
> OSTYPE(`solaris8')dnl
> DOMAIN(`solaris-generic')dnl
> #
> FEATURE(`masquerade_envelope')dnl
> FEATURE(`masquerade_entire_domain')dnl
> MASQUERADE_AS(`cd.company.com')dnl
> #MASQUERADE_DOMAIN(`na.company.local')dnl
You need this one. This defines the domain
that should be rewritten to the value
specified by "MASQUERADE_AS".
Subdomains will also be masqueraded if you
use the FEATURE(`masquerade_entire_domain').
If you just uncomment the MASQUERADE_DOMAIN
line, then you'll get a working config at
first glance.
> #
> #FEATURE(`always_add_domain')dnl
> #FEATURE(`allmasquerade')dnl
> #define(`confDOMAIN_NAME', `cd.company.com')dnl
>
> #
Leave the generictable stuff below commented out
for now. Genericstable processing will interact
with masquerading. Configure the genericstable stuff
after masquerading is working, if you need both.
This is clearly not the result of the above configuration
if message 5 was send by the same user (zc1268as) as message 1.
Masquerading changes only the host.domain part of an address
and leaves the user part (the "local part" in rfc822/2822/5222
speak) untouched.
Genericstable processing does change the local part, but is
disabled in the above configuration.
It's hard to diagnose problems if the config and the test
results that you post don't match with each other.
Regards,
Kees.
--
Kees Theunissen.
Kees Theunissen
>> Everything that is commented out was tried and did not work, but I
>> left it in there so as not to try it again as my memory is not what it
>> once was.
>
> Did you record somewhere how you combined the different "FEATURES"
> and "defines". You need a proper combination of those to get it
> working. And you'll get a lot of not working combinations if you
> just try them at random.
>
>> divert(0)dnl
>> VERSIONID(`sendmail.mc (Sun)')
>> OSTYPE(`solaris8')dnl
>> DOMAIN(`solaris-generic')dnl
>> #
>> FEATURE(`masquerade_envelope')dnl
>> FEATURE(`masquerade_entire_domain')dnl
>> MASQUERADE_AS(`cd.company.com')dnl
>> #MASQUERADE_DOMAIN(`na.company.local')dnl
Why didn't I see this directly?
Lines in sendmail.cf starting with a hash sign will be
recognized by sendmail as comment lines. Yes. But this is
not sendmail.cf and sendmail will not read this file.
The m4 macro processor will not recognize this as a
comment. You need to insert the macro "dnl" (without
the quotes; dnl stands for "delete through newline")
to comment things out. Everything on a line from the "dnl"
until the end of the line is a comment.
To comment the line above properly out you need to insert
the dnl right at the beginning of the line:
dnl #MASQUERADE_DOMAIN(`na.company.local')dnl
I left the hash sign inplace to make it more look like
the comments we are used to in most scripts and config
files.
The same applies for the other lines below that should
be commented out.
Forget most of what I wrote in my previous message;
it doesn't make sense anymore as it was based on the
wrong interpretation of the hash signs in your config.
stra...@notapplicable.yahoo.com
Thank you for your time.
I have put the sendmail.mc into original configuration to show what I
have compared to what it will become once I make the masquerade
change. Here is the header from a mail to root from a regular user. I
am x'ing out the domainname of course only in our correspondence.
Here is the sendmail.mc:
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
dnl FEATURE(`always_add_domain')dnl
dnl FEATURE(`allmasquerade')dnl
dnl FEATURE(`masquerade_envelope')dnl
dnl FEATURE(`masquerade_entire_domain')dnl
dnl FEATURE(`limited_masquerade')dnl
dnl MASQUERADE_AS(`xxxx.xxxxxxx.com')dnl
dnl MASQUERADE_DOMAIN(`na.xxxxxxx-dpg.local')dnl
MAILER(`smtp')dnl
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
>N 1 Martin Mon Sep 26 10:42 17/832 test original config
? 1
Message 1:
From z306...@nadc-jss-p01.na.xxxxxx-dpg.local Mon Sep 26 10:42:34
2011
Date: Mon, 26 Sep 2011 10:42:34 -0700 (PDT)
From: Martin <z306...@nadc-jss-p01.na.xxxxxxx-dpg.local>
To: ro...@nadc-jss-p01.na.xxxxxxx-dpg.local
Subject: test original config
this is a test
------
Now, this is after I make the Masquerade change in sendmail.mc:
BTW... this is good, it works on the localhost, just not external
emails.
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_entire_domain')dnl
MASQUERADE_AS(`xxxx.xxxxxxx.com')dnl
MASQUERADE_DOMAIN(`xx.xxxxxxx-dpg.local')dnl
MAILER(`smtp')dnl
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
>N 1 Martin Mon Sep 26 10:51 17/785 Test afet mc change
? 1
Message 1:
From z306...@xxxx.xxxxxx.com Mon Sep 26 10:51:00 2011
Date: Mon, 26 Sep 2011 10:51:00 -0700 (PDT)
From: Martin <z306...@xxxx.xxxxx.com>
To: ro...@nadc-jss-p01.na.xxxxxx-dpg.local
Subject: Test afet mc change
this is another test
?
---------------
However when I send to an external domain, such as yahoo.. I get the
original hostname.localdomain.local as the send from address.