Building a custom sendmail.cf
Dear List,
I bothered you a few times this week concerning my sendmail troubles.
The reason is my attempt to integrate an antivirus filter shipped by Kaspersky
Labs. in the running Sendmail.
I wrote a letter to their support but have not received their answer yet and
am trying to solve it myself for the time being.
The outline:
I am running the latest sendmail 8.13.3-6 on Debian unstable installed this
Tuesday.
Without the antivirus program sendmail accepts mails from local domain and
external domains. And everything is ok.
When i fire up the antivirus - mail from local domain is processed ok but mail
from external domains is rejected and notification sent to postmaster as in
the lines below"
Feb 13 10:55:16 mail1 sendmail[525]: j1D8tFn8000525: from=<videff@abv.bg>,
size=1190, class=0, nrcpts=1,
msgid=<590211730.1108284881984.JavaMail.nobody@app2.ni.bg>,
bodytype=8BITMIME, proto=ESMTP, daemon=MTA-v4, relay=mr-bricolage.bg
[10.50.0.8]
Feb 13 10:55:16 mail1 sendmail[530]: gethostbyaddr(10.50.0.29) failed: 1
Feb 13 10:55:16 mail1 sendmail[530]: j1D8tG0p000530: ruleset=check_rcpt,
arg1=<chavdar@mail1.mr-bricolage.bg>, relay=root@localhost, reject=550 5.7.1
<chavdar@mail1.mr-bricolage.bg>... Access denied
Feb 13 10:55:16 mail1 sendmail[530]: j1D8tG0p000530: from=<videff@abv.bg>,
size=0, class=0, nrcpts=0, proto=SMTP, relay=root@localhost
Feb 13 10:55:16 mail1 sendmail[527]: j1D8tFn8000525:
to=<chavdar@mail1.mr-bricolage.bg>, delay=00:00:00, xdelay=00:00:00,
mailer=smtpscanner, pri=121190, relay=smtpscanner, dsn=5.2.0, stat=Service
unavailable (5.7.1 <chavdar@mail1.mr-bricolage.bg>... Access denied)
Feb 13 10:55:16 mail1 sendmail[527]: j1D8tFn8000525: j1D8tGn8000527: DSN:
Service unavailable (5.7.1 <chavdar@mail1.mr-bricolage.bg>... Access denied)
Feb 13 10:55:16 mail1 sendmail[532]: gethostbyaddr(10.50.0.29) failed: 1
Feb 13 10:55:16 mail1 sendmail[532]: j1D8tGqp000532: ruleset=check_rcpt,
arg1=<videff@abv.bg>, relay=root@localhost, reject=550 5.7.1
<videff@abv.bg>... Access denied
Feb 13 10:55:16 mail1 sendmail[527]: j1D8tGn8000527: to=<videff@abv.bg>,
delay=00:00:00, xdelay=00:00:00, mailer=smtpscanner, pri=30000,
relay=smtpscanner, dsn=5.2.0, stat=Service unavailable (5.7.1
<videff@abv.bg>... Access denied)
Feb 13 10:55:16 mail1 sendmail[527]: j1D8tGn8000527: j1D8tGn9000527: return to
sender: Service unavailable (5.7.1 <videff@abv.bg>... Access denied)
Feb 13 10:55:16 mail1 sendmail[532]: j1D8tGqp000532: from=<>, size=0, class=0,
nrcpts=0, proto=SMTP, relay=root@localhost
Feb 13 10:55:16 mail1 sendmail[534]: gethostbyaddr(10.50.0.29) failed: 1
Feb 13 10:55:16 mail1 sendmail[534]: j1D8tGI5000534: from=<>, size=2134,
class=0, nrcpts=1, msgid=<200502130855.j1D8tGI5000534@mail1.mr-bricolage.bg>,
proto=SMTP, relay=root@localhost
Feb 13 10:55:16 mail1 sendmail[527]: j1D8tGn9000527: to=postmaster,
delay=00:00:00, xdelay=00:00:00, mailer=smtpscanner, pri=30000,
relay=smtpscanner, dsn=2.0.0, stat=Sent
Feb 13 10:55:17 mail1 spamd[426]: connection from localhost [127.0.0.1] at
port 1038
Feb 13 10:55:17 mail1 spamd[426]: info: setuid to videff succeeded
Feb 13 10:55:17 mail1 spamd[426]: processing message
<200502130855.j1D8tGI5000534@mail1.mr-bricolage.bg> for videff:10050.
Feb 13 10:55:17 mail1 spamd[426]: clean message (-2.8/8.0) for videff:10050 in
0.8 seconds, 2493 bytes.
Feb 13 10:55:17 mail1 spamd[426]: result: . -2 -
ALL_TRUSTED,MSGID_FROM_MTA_HEADER
scantime=0.8,size=2493,mid=<200502130855.j1D8tGI5000534@mail1.mr-bricolage.bg>,autolearn=ham
Feb 13 10:55:17 mail1 sendmail[536]: j1D8tGI5000534: to=videff,
delay=00:00:01, xdelay=00:00:00, mailer=local, pri=32435, dsn=2.0.0,
stat=Sent
And now the details about the deployment of the antivirus program.
During installation the antivirus builds a custom sendmail.cf.listen file
which is invoked by sendmail instead of the sendmail.cf file.
Then after it processes the message the antivirus relays it to sendmail
running the sendmail.cf file.
How do they do this:
The sendmail.cf file is copied and the following lines are inserted in it:
1. Adjust the 98-th rule in the sendmail.cf.listen file created during
installation as follows :
SParseLocal=98
R$* $#smtpscanner[tab character]$@ $1 $: $1
2. Provide the description of smtpscanner in the file. For example:
Msmtpscan, P=/opt/kav/bin/smtpscanner, F=PCXmnz9, S=EnvFromSMTP, R=EnvToSMTP,
E=\r\n, L=2040, T=SMTP, A=smtpscanner
Then sendmail is fired with the following commands:
/usr/sbin/sendmail -bd -q10m -C /etc/mail/sendmail.cf.listen
/usr/sbin/sendmail -q10m -C /etc/mail/sendmail.cf
/usr/sbin/sendmail q10m C /etc/mail/submit.cf
And on a Slackware Box that used to be our mail-server it really works.
However we decided to switch to Debian for a number of reasons: fluent package
management, regular updates, ease of deployment, my experience with Debian,
after deploying it on all our other servers, etc.
But on our Debian box we have the situation described above.
I admitted earlier in my posts that my experience with Sendmail is too little
and I find it daunting to struggle with the M4 macro language of the
configuration.
But I figured out that the invocation of sendmail in Debian is rather complex
and that it would be better to stick to Deian's procedure. For this reason I
decided that if I replace the sendmail.cf with the custom sendmail.cf.listen
file and later instruct the antivirus to invoke the original sendmail
configuration for further delivery - it would work.
Wrong!
I found out that it checks the contents of the .cf file against sendmail.mc at
least and if it doesn't comply with it the unneeded lines are erased.
After that I figured that I should change my approach and really build the
sendmail.cf file so that it is rendered legitimate.
Here is the point of my post:
How to achieve this knowing the result only: the lines from the Kaspersky
manual about 98 rule and the declaration of a new mailer: smtpscanner.
I successfully appended to sendmail.mc the lines and it ended like this:
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl
Msmtpscanner, P=/opt/kav/bin/smtpscanner, F=PSXmnz9,
S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=2040,
T=SMTP,
A=smtpscanner
And these lines appeared in the sendmail.cf!
However Ruleset 98 was not at all easy to crack:
I decided to tweak it in the /usr/share/sendmail/cf/m4/proto.m4
It looked like this:
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
undivert(3)dnl LOCAL_RULE_0
I thought that editing it like this:
###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
SParseLocal=98
R$* $#smtpscanner $@$1 $:$1
undivert(3)dnl LOCAL_RULE_0
would do the job, but again I was wrong!
When building everything by using sendmailconfig I get the following error:
Updating /etc/mail/aliases...
/etc/mail/aliases: line 13: MAILER-DAEMON... cannot alias non-local names
/etc/mail/aliases: line 14: postmaster... cannot alias non-local names
/etc/mail/aliases: line 17: bin... cannot alias non-local names
/etc/mail/aliases: line 18: daemon... cannot alias non-local names
/etc/mail/aliases: line 19: games... cannot alias non-local names
/etc/mail/aliases: line 20: ingres... cannot alias non-local names
/etc/mail/aliases: line 21: nobody... cannot alias non-local names
/etc/mail/aliases: line 22: system... cannot alias non-local names
/etc/mail/aliases: line 23: toor... cannot alias non-local names
/etc/mail/aliases: line 24: uucp... cannot alias non-local names
/etc/mail/aliases: line 27: manager... cannot alias non-local names
/etc/mail/aliases: line 28: dumper... cannot alias non-local names
/etc/mail/aliases: line 29: webmaster... cannot alias non-local names
/etc/mail/aliases: line 30: abuse... cannot alias non-local names
/etc/mail/aliases: line 33: decode... cannot alias non-local names
/etc/mail/aliases: line 42: root... cannot alias non-local names
/etc/mail/aliases: 0 aliases, longest 0 bytes, 0 bytes total
And when I try to send mail I get the error:
Feb 13 10:25:14 mail1 sm-mta[13140]: gethostbyaddr(10.50.0.29) failed: 1
Feb 13 10:25:14 mail1 sm-mta[13697]: starting daemon (8.13.3):
SMTP+queueing@00:10:00
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTe013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTe013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTe013724: from=chavdar, size=15,
class=0, nrcpts=0, msgid=<200502130826.j1D8QVTe013724@mail1.mr-bricolage.bg>,
relay=chavdar@localhost
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTe013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 last message repeated 3 times
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTe013724: j1D8QVTf013724:
postmaster notify: buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTe013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTf013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTf013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTf013724: j1D8QVTg013724: return
to sender: buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTf013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTg013724: SYSERR(chavdar):
buildaddr: unknown mailer smtpscanner
Feb 13 10:26:31 mail1 sendmail[13724]: j1D8QVTf013724: Saved message
in /var/lib/sendmail/dead.letter
What is happening? And how can I solve this?
I am stuck here and have no ideas.
Reading Sendmail documentation helps me no further, and I find the m4
documentation too difficult to cope with for now: it cannot be learned in a
day or two.
Any starting points, hints or even better: an explicit explanation of how to
add these line or two of code, would be very helpful.
Thank you in advance for any ideas, even for your sympathy.
Looking forward to your reply.
Yours faithfully
Chavdar Videff
Reply to: