sendmail ldap exchange

Kevin Miller Kevin_Miller at ci.juneau.ak.us
Fri Oct 12 16:53:38 IST 2007 

I sorta hesitate to send the whole thing for privacy's sake, but most is
pretty straight forward.  The parts that gave me pause I'll outline
below - if you have questions beyond that holler and I'll try to fill in
the blanks.
 
Whitelist your internal networks so any host on the inside can use your
mail server.  
For example:
   WhitelistIP     192.168.0.0/16

 
The host I grabbed the config from is called mx2.ci.juneau.ak.us - so
that's what goes in "PublicName".  You'll want to enter the name of your
mail gateway as I would see it - i.e., what is used for the MX record in
DNS.
 
  # FQDN of the publicly visible IP address of the interface
  # of an outgoing connection of your Sendmail daemon
  # It will be used with the SMTP HELO command for SAV and RAV
  #
  #PublicName     yourhost.yourdomain.tld         # it *MUST* be
corrected properly
  PublicName      mx2.ci.juneau.ak.us
 
Mail to this address is whitelisted I think, so complaints/errors can
come in:
  # Any valid e-Mail address of your local domain for the safe call-out
purposes
  #SafeCallBack   postmaster at yourdomain.tld       # it *MUST* be
corrected properly
  SafeCallBack    postmaster at ci.juneau.ak.us

 
This is the one that wasn't really clear to me.  Basically it's asking
for the name or address of the host that knows who all your users are.
In this case it's my Exchange server.  I used a phoney name here (but
the real name in my actual config).  This is the machine the LDAP looks
are directed to.
  #MailStore      yourhost.yourdomain.tld         # uncomment and set it
properly
  MailStore       cbjmail.ci.juneau.ak.us

Pretty much everything else was just left as the default.  Of course,
I've added remote hosts to the whitelist section as the situation
warranted.  You can see who's being denied in /var/log/mail (or where
ever you mail logs go).
 
Re: the milter.  You have to add the following to the end of your
sendmail.mc then rebuild your sendmail.cf file:
 
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock,
T=S:30s;R:4m')dnl

Sendmail shouldn't be running, of course, while all this is happening.
I presume that you were able to successfully compile smf-sav and it's
installed.  Now you just need to start smf-sav before you start
MailScanner (since MailScanner starts sendmail).  You do that via the
normal Linux startup scripts.  If you're new to Linux, you'll find them
in /etc/init.d/.   In that directory are many different scripts to start
the system related stuff you have installed.  Common examples are you
networking stuff, database programs, web servers, etc.  There are four
scripts that come with smf-sav, if memory serves: one each for
slackware, redhat, freebsd and solaris.  If you're using Redhat or one
of it's clones like Fedora, copy the smfsav.redhat over to the
/etc/init.d directory and then create the links to it in the appropriate
run level directories.  That varies slightly from linux flavor to
flavor.   
 
If you're not familiar with that, grab a manual appropriate to your
distribution and read about how that works.  It's really pretty straight
forward, simple to explain, but potentially a lot of typing to do so.
<g>  It's a pretty fundemental skill for managing a Linux box, so if you
don't already understand it, you really need to get an understanding of
it before you get in much deeper.
 
Hope this helps...
 
...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
  
 

________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steven
Andrews
Sent: Friday, October 12, 2007 4:59 AM
To: MailScanner discussion
Subject: RE: sendmail ldap exchange


any chance you can share your config?  i've got it installed, but i
really don't understand what smf-sav.conf is wanting me to config.
 
also the readme says to add this milter to startup scripts before
sendmail....also not quite sure what that's asking.  it references some
start up script examples...can't seem to find them.
 
thanks.
 
steve

________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin
Miller
Sent: Thursday, October 11, 2007 3:20 PM
To: MailScanner discussion
Subject: RE: sendmail ldap exchange


Take a look at the smf-sav milter - a number of folks here are using it,
including myself, and it works just jiffy.  Quite easy to set up.  I'm
not sure about the multiple domains part.  I accept for multiple
domains, but my Exchange server knows about all of them, so it isn't a
problem.  If you have multiple Exchange servers that don't do address
synchronization it may or may not work.  But it's easy, free and works
well for us here...
 

...Kevin
--
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
  

 

________________________________

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steven
Andrews
Sent: Thursday, October 11, 2007 10:52 AM
To: MailScanner discussion
Subject: sendmail ldap exchange


Can anyone comment on if this works?
http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html
 
I'm currently running as suggested in the wiki:
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
:sendmail:how_to:setup_a_gateway
 
I tried the above and everything got bounced back 550.
 
Also wondering if you have multiple domains, I assume you need multiple:
LDAPROUTE_DOMAIN(`yourdomain.com') 
 
One for each domain, but do you need multiple
define('confLDAP_DEFAULT_SPC.... lines?
 
OS is CentOS 4.3, sendmail is 8.13.1  The author makes reference to
compiling sendmail to work with ldap.  sendmail -bt -d0.1 responds:
 
Using username "root".
Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com
[root at spamfiilter ~]# sendmail -bt -d0.1
Version 8.13.1
 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET
NETINET6
                NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP
STARTTLS
                TCPWRAPPERS USERDB USE_LDAP_INIT
 
============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = spamfilter
  (canonical domain name) $j = spamfilter.xxxxxxx.com
         (subdomain name) $m = xxxxxxx.com
              (node name) $k = spamfiilter
========================================================
 
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
>

 
 
Thanks!
 
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/3f9f2d2d/attachment.html

More information about the MailScanner mailing list