sendmail ldap exchange

Randal, Phil prandal at herefordshire.gov.uk
Fri Oct 12 17:21:06 IST 2007 

For smf-sav to work with Exchange 2003, you have to enable a recipient
policy to reject unknown recipients:
 
There's a simple howto here:
 
  http://www.amset.info/exchange/filter-unknown.asp
 
Cheers,
 
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK 
 


________________________________

	From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin
Miller
	Sent: 12 October 2007 16:54
	To: MailScanner discussion
	Subject: RE: sendmail ldap exchange
	
	
	I sorta hesitate to send the whole thing for privacy's sake, but
most is pretty straight forward.  The parts that gave me pause I'll
outline below - if you have questions beyond that holler and I'll try to
fill in the blanks.
	 
	Whitelist your internal networks so any host on the inside can
use your mail server.  
	For example:
	   WhitelistIP     192.168.0.0/16
	
	 
	
	
	The host I grabbed the config from is called mx2.ci.juneau.ak.us
- so that's what goes in "PublicName".  You'll want to enter the name of
your mail gateway as I would see it - i.e., what is used for the MX
record in DNS.
	 
	  # FQDN of the publicly visible IP address of the interface
	  # of an outgoing connection of your Sendmail daemon
	  # It will be used with the SMTP HELO command for SAV and RAV
	  #
	  #PublicName     yourhost.yourdomain.tld         # it *MUST* be
corrected properly
	  PublicName      mx2.ci.juneau.ak.us
	 
	Mail to this address is whitelisted I think, so
complaints/errors can come in:
	  # Any valid e-Mail address of your local domain for the safe
call-out purposes
	  #SafeCallBack   postmaster at yourdomain.tld       # it *MUST* be
corrected properly
	  SafeCallBack    postmaster at ci.juneau.ak.us
	
	 
	This is the one that wasn't really clear to me.  Basically it's
asking for the name or address of the host that knows who all your users
are.  In this case it's my Exchange server.  I used a phoney name here
(but the real name in my actual config).  This is the machine the LDAP
looks are directed to.
	  #MailStore      yourhost.yourdomain.tld         # uncomment
and set it properly
	  MailStore       cbjmail.ci.juneau.ak.us
	
	Pretty much everything else was just left as the default.  Of
course, I've added remote hosts to the whitelist section as the
situation warranted.  You can see who's being denied in /var/log/mail
(or where ever you mail logs go).
	 
	Re: the milter.  You have to add the following to the end of
your sendmail.mc then rebuild your sendmail.cf file:
	 
	define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`,
{verify}')dnl
	INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock,
T=S:30s;R:4m')dnl
	
	Sendmail shouldn't be running, of course, while all this is
happening.  I presume that you were able to successfully compile smf-sav
and it's installed.  Now you just need to start smf-sav before you start
MailScanner (since MailScanner starts sendmail).  You do that via the
normal Linux startup scripts.  If you're new to Linux, you'll find them
in /etc/init.d/.   In that directory are many different scripts to start
the system related stuff you have installed.  Common examples are you
networking stuff, database programs, web servers, etc.  There are four
scripts that come with smf-sav, if memory serves: one each for
slackware, redhat, freebsd and solaris.  If you're using Redhat or one
of it's clones like Fedora, copy the smfsav.redhat over to the
/etc/init.d directory and then create the links to it in the appropriate
run level directories.  That varies slightly from linux flavor to
flavor.   
	 
	If you're not familiar with that, grab a manual appropriate to
your distribution and read about how that works.  It's really pretty
straight forward, simple to explain, but potentially a lot of typing to
do so. <g>  It's a pretty fundemental skill for managing a Linux box, so
if you don't already understand it, you really need to get an
understanding of it before you get in much deeper.
	 
	Hope this helps...
	 
	...Kevin
	--
	Kevin Miller                Registered Linux User No: 307357
	CBJ MIS Dept.               Network Systems Admin., Mail Admin.
	155 South Seward Street     ph: (907) 586-0242
	Juneau, Alaska 99801        fax: (907 586-4500
	  
	 

________________________________

	From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steven
Andrews
	Sent: Friday, October 12, 2007 4:59 AM
	To: MailScanner discussion
	Subject: RE: sendmail ldap exchange
	
	
	any chance you can share your config?  i've got it installed,
but i really don't understand what smf-sav.conf is wanting me to config.
	 
	also the readme says to add this milter to startup scripts
before sendmail....also not quite sure what that's asking.  it
references some start up script examples...can't seem to find them.
	 
	thanks.
	 
	steve

________________________________

	From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Kevin
Miller
	Sent: Thursday, October 11, 2007 3:20 PM
	To: MailScanner discussion
	Subject: RE: sendmail ldap exchange
	
	
	Take a look at the smf-sav milter - a number of folks here are
using it, including myself, and it works just jiffy.  Quite easy to set
up.  I'm not sure about the multiple domains part.  I accept for
multiple domains, but my Exchange server knows about all of them, so it
isn't a problem.  If you have multiple Exchange servers that don't do
address synchronization it may or may not work.  But it's easy, free and
works well for us here...
	 

	...Kevin
	--
	Kevin Miller                Registered Linux User No: 307357
	CBJ MIS Dept.               Network Systems Admin., Mail Admin.
	155 South Seward Street     ph: (907) 586-0242
	Juneau, Alaska 99801        fax: (907 586-4500
	  

	 

________________________________

	From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steven
Andrews
	Sent: Thursday, October 11, 2007 10:52 AM
	To: MailScanner discussion
	Subject: sendmail ldap exchange
	
	
	Can anyone comment on if this works?
	
http://www.mailarchive.ca/lists/comp.mail.sendmail//2005-06/0022.html
	 
	I'm currently running as suggested in the wiki:
	
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
:sendmail:how_to:setup_a_gateway
	 
	I tried the above and everything got bounced back 550.
	 
	Also wondering if you have multiple domains, I assume you need
multiple:
	LDAPROUTE_DOMAIN(`yourdomain.com') 
	 
	One for each domain, but do you need multiple
define('confLDAP_DEFAULT_SPC.... lines?
	 
	OS is CentOS 4.3, sendmail is 8.13.1  The author makes reference
to compiling sendmail to work with ldap.  sendmail -bt -d0.1 responds:
	 
	Using username "root".
	Last login: Thu Oct 11 11:47:16 2007 from mail.xxxxxxx.com
	[root at spamfiilter ~]# sendmail -bt -d0.1
	Version 8.13.1
	 Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG
MAP_REGEX
	                MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND
NETINET NETINET6
	                NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF
SOCKETMAP STARTTLS
	                TCPWRAPPERS USERDB USE_LDAP_INIT
	 
	============ SYSTEM IDENTITY (after readcf) ============
	      (short domain name) $w = spamfilter
	  (canonical domain name) $j = spamfilter.xxxxxxx.com
	         (subdomain name) $m = xxxxxxx.com
	              (node name) $k = spamfiilter
	========================================================
	 
	ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
	Enter <ruleset> <address>
	>
	
	 
	 
	Thanks!
	 
	Steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20071012/df393f3b/attachment.html

More information about the MailScanner mailing list