Transcript 슬라이드 1

Sun Educational Services
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
1
Sun Educational Services
Agenda
• DNS Structure and Configuration
• Sendmail Installation
• Sendmail Configuration
• Troubleshooting
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
2
Sun Educational Services
1. Introduction to DNS
1) Domain Name System history
• Early Internet naming problems
• HOSTS.TXT file maintenance
• Server/network load
• Server/network load
• The solution
• Name uniqueness
• HOSTS.TXT file maintenance
• Server/network load
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
3
Sun Educational Services
2) Domain
• Is a collection of names
• Specifies keys for DNS look up
• Is an Inverted tree structure
• Is capable of spannig a large physical area
• Can be broaken into subdomains
• Supports parent/child domain relationships
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
4
Sun Educational Services
3) DNS Namespace - structure
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
5
Sun Educational Services
3) DNS Namespace – structure (cont)
Domain
Description
com
Commercial organizations
edu
Educational organizations
gov
Governmental(U.S.) organizations
mil
Millitary (U.S.) organizations
net
Networking organizations and ISPs
org
Non-profit and other organizations
arpa
Used for inverse address lookups
ca
Country code-based domains
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
6
Sun Educational Services
4) DNS Namespace – Naming rule
• Fully qualified name of a domain (FQDN)
• Relative domain name (RDN)
• Domain naming rules
• A 255 character limit per FQDN
• A 63 character limit per domain
• Only alphas, numerics, and the dash are permitted
• Naming conventions decided by domain
administrator
• in-addr.arpa. domain
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
7
Sun Educational Services
5) Zone of Authority
• Is the portion of the name space for which
a server is authoritive
• Consists of domains and all associated data
• Can be one or more domains
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
8
Sun Educational Services
5) Zone of Authority (cont)
nameless root
Controlling authority
NIC
admin
suned
edu
com
org
net
203
admin
hped
234
suned
sun100
arpa
In-addr
247
sun200
admin.edu. domain
zone
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
Pointer
100
9
Sun Educational Services
6) DNS Server Types
• Root Servers
• Primary (master) servers
• Secondary (slave) servers
• Caching-only servers
• Forwarding servers
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
10
Sun Educational Services
Forwarding servers
인터넷
외부 라우터
3
4
경계선 네트웍
내부 라우터
1
5
내부 네트웍
2
options {
forwarders { 192.168.129.1; 192.168.129.3; };
forward olny;
};
내부 클라이언트
내부 클라이언트
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
BIND 4
Forwarders 192.168.129.1; 192. 168.129.3
Option forward-only
11
Sun Educational Services
7) Client Resolver
( DNS client name resolution process )
# /etc/resolv.conf
Search corp.sun.com eng.sun.com sun.com
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
12
Sun Educational Services
8) BIND (Berkeley Internet Name Domain)
• Most frequently used DNS implementation
• Available at http://www.isc.org/bind.html
• Available at ftp.isc.org.
• Solaris 7 implements BIND version 8.1.2
• Solaris 8 implements BIND version 8.2.2
• Latest BIND version may not be supported
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
13
Sun Educational Services
8) BIND (Berkeley Internet Name Domain)
# ftp ftp.isc.org
ftp> cd /isc/bind/src/cur/bind-8
ftp> binary
ftp> get bind-src.tar.gz
ftp> !
# gzip –dc bind-src.tar.gz | tar xvf –
# make stdlinks
# make clean
# make depend
# make
# make install
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
14
Sun Educational Services
2. DNS Server Configuration
1) Notice When DNS Server Configuration
• Location of names and addresses of root
servers
• Information to resolve all domains for which the
server is authoritive
• Information to resolve all inverse domains for
which the server is authoritive
• Location of servers one level below the domain
being served
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
15
Sun Educational Services
2) BIND Configuration File
# vi /etc/named.conf
options {
DIRECTORY "/var/named";
};
zone "." in {
type hint;
file “named.root";
};
zone "lab1.com" in {
type master;
file "domain-info";
};
zone “247.234.203.in-addr.arpa" in {
type master;
file "inverse-domain-info";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "loopback-domain-info";
};
/var/named
named.root
domain-info
inverse-domain-info
loopback-domain-info
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
16
Sun Educational Services
2) BIND Configuration File
• options : Name Server 전체 config file의 default값
설정 ( 특히, 기준 디렉토리 )
• server : Remote Name Server를 가진 환경시 setting
( secondary server 설정시 사용 )
• zone : 하나의 domain을 운영하는 단위
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
17
Sun Educational Services
2) BIND Configuration File
DNS Resource Records
[name] [ ttl ] [class] [type] [data]
[name] : resource record for domain name
[ ttl ]
: caching time
[class] : IN
[type] : record type
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
18
Sun Educational Services
2) BIND Configuration File
[record type ]
A
IP address
CNAME
alias of hostname
MX
mail exchange server
NS
Name Server of each domain
PTR
reverse domain ( indicate point of hostname )
SOA
host that manage a Domain
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
19
Sun Educational Services
2) BIND Configuration File
/var/named/named.root
.
3600000 IN NS
A.ROOT-SERVERS.NET.
ftp://ftp.rs.internic.net/domain/named.root
A.ROOT-SERVERS.NET.
3600000
A
198.41.0.4
;
; formerly NS1.ISI.EDU
;
.
3600000
B.ROOT-SERVERS.NET.
NS
B.ROOT-SERVERS.NET.
3600000
A
128.9.0.107
;
; formerly C.PSI.NET
;
.
3600000
C.ROOT-SERVERS.NET.
NS
C.ROOT-SERVERS.NET.
3600000
A
192.33.4.12
;
; formerly TERP.UMD.EDU
;
.
3600000
D.ROOT-SERVERS.NET.
NS
D.ROOT-SERVERS.NET.
3600000
A
128.8.10.90
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
20
Sun Educational Services
/var/named/domain-info
;@domain-info
IN
SOA
@
)
)
IN
IN
sun111.lab1.com.
20010426
root.lab1.com.
(
; Serial
SOA sun111.lab1.com. root.lab1.com.
12H
43200
20010426 ; Refresh
; Serial
12H
; Refresh
1H
; Retry
3600 43200
1H
; Retry 3600
1W
;
expire
604800
1W
; expire
604800
1D
; TTL
86400
1D
; TTL
86400
NS
(
sun111.lab1.com.
IN forNS
sun111.lab1.com. ; primary server
; hosts
this domain
sun111
A sun112.lab1.com.
203.234.247.111
IN
NS IN
; slave server
sun112
IN
A
; hosts for this domain
sun111
IN
A
; CNAME aliases
www
sun112
mail
IN
IN
IN
; CNAME aliases
203.234.247.112
203.234.247.111
sun111
ACNAME203.234.247.112
CNAME
; Loopback IN
domain
www
CNAME
localhost IN INCNAME
A
mail
sun111
sun111
127.0.0.1
sun111
; Loopback domain
localhost
IN
A
127.0.0.1
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
21
Sun Educational Services
/var/named/inverse-domain-info
; inverse-domain-info
@
IN
SOA
sun111.lab1.com.
20010425
root.lab1.com. (
; Serial
12H
; Refresh 43200
1H
; Retry 3600
1W
; expire 604800
1D
; TTL 86400
)
IN
NS
sun111.lab1.com. ; primary server
IN
NS
sun112.lab1.com. ; slave server
;
111 IN
PTR
sun111.lab1.com.
112 IN
PTR
sun112.lab1.com.
113 IN
PTR
sun113.lab1.com.
…….
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
22
Sun Educational Services
/var/named/loopback-domain-info
;loopback-domain-info
@
IN
SOA
sun111.lab1.com. root.lab1.com. (
200011325
; Serial
12H
; Refresh 43200
1H
; Retry 3600
1W
; expire 604800
1D
; TTL 86400
)
1
IN
NS
IN
PTR
sun111.lab1.com.
localhost.lab1.com.
DNS Daemon start
# /etc/init.d/inetsvc stop
# /etc/init.d/inetsvc start
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
23
Sun Educational Services
2) BIND Configuration File
- Client / Server Common file Setup
# vi /etc/nsswitch.conf
hosts: files dns
# vi /etc/resolv.conf
domain suned.co.kr
search suned.co.kr sales.suned.co.kr fin.suned.co.kr
nameserver 203.234.247.1 ; master server
nameserver 203.234.247.2 ; slave server
nameserver 203.234.247.3 ; slave server
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
24
Sun Educational Services
•
2) BIND Configuration File
DNS Trouble shooting ( nslookup )
•Send queries to and display replies from my resource record types
• Query the DNS server of choice
• Debug domain that is not protected by a firewall
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
25
Sun Educational Services
2) BIND Configuration File
nslookup (cont)
# nslookup
Default Server: sun111.lab1.com
Address: 203.234.247.1
>sun112.lab1.com.
Server: sun111.lab1.com
Address: 203.234.247.111
>set type=ns
>lab1.com.
…
Lab1.com. Nameserver = sun111.lab1.com
Sun111.lab1.com internet address = 203.234.247.111
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
26
Sun Educational Services
2) BIND Configuration File
nslookup (cont)
>set type=ptr
>203.234.247.111
…
111.247.234.203.in-addr.arpa name = sun111.lab1.com
>set class=chaos
>set type=txt
>version.bind
VERSION.BIND
text = “BIND 8.2.2-p5”
>server xxx.co.kr
>ls xxx.co.kr
//-- zone file info list……….
cause to security
problem
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
27
Sun Educational Services
2) BIND Configuration File
BIND Debugging Tools
• # pkill –INT in.named
/var/named/named_dump.db
• # pkill –USR1 in.named
/var/named/named.run
Debug level on
• # pkill –USR2 in.named
Debug level off
• # pkill –HUP in.named
Reread configuration file
Cached info retain
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
28
Sun Educational Services
3) Secondary DNS Server Setup ( /etc/named.conf )
options {
DIRECTORY "/var/named";
};
zone "." in {
type hint;
file “named.root";
};
zone "lab1.com" in {
type slave;
file "domain-info";
masters { 203.234.247.200; };
};
zone “247.234.203.in-addr.arpa" in {
type slave;
file "inverse-domain-info";
masters { 203.234.247.200; };
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "loopback-domain-info";
};
/var/named
named.root
domain-info
inverse-domain-info
loopback-domain-info
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
29
Sun Educational Services
4) DNS Security
• Using BIND configuration file
• Restricting queries
• Preventing unauthorized zone transfers
• Configuring Access Control lists
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
30
Sun Educational Services
4) DNS Security (ex)
Restricting All Queries
Options {
};
allow-query { 203.234.247.100; 203.234.247.112; };
Restricting Queries for a Specific Zone
Zone “lab1.com” in {
};
type master;
file “domain-info” ;
allow-query { 203.234.247.0” ; };
*** can’t find server name for address --:query refused
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
31
Sun Educational Services
4) DNS Security(ex)
Preventing Unauthorized Zone Transfers
Options {
allow-transfer { 203.234.247.112; };
};
Block All Zone Transfers
Zone “lab1.com” in {
type master;
file “domain-info” ;
allow-transfer{ none; };
};
*** Can’t list domain lab1.com : unspecified error
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
32
Sun Educational Services
5) Miscellaneous DNS Topics
•
•
•
•
•
$ORIGIN
$INCLUDE
h2n
DIG
DNS Resource
•
•
•
•
O’Relly book
info.bind newgroup
http://www.internic.net.
RFCs
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
33
Sun Educational Services
6) Q & A
•
•
•
•
•
•
•
•
•
•
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
34
Sun Educational Services
2. Introduction to Sendmail
1) Email Fundamental
Introduction to Electronic Mail
• Supports communication within the local domain and
among other, external domains
• Has a history
• Standardized by Internet Engineering Task Force
( IETF)
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
35
Sun Educational Services
2. Introduction to Sendmail
1) Email Fundamental
Three component of Email
• MUA – the program that acts as the interface between
the user and MTA
ex) mail, mailx, mailtool, dtmail, …
• MTA – mail messages routing and resolution of mail address
ex) Berkeley sendmail, smail…
• MDA – program that impliments a mail delivery protocol
which is responsible for putting email into a user’s
local mailbox file.
ex) mail.local, SMTP
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
36
Sun Educational Services
1) Email Fundamental
mailx
mail
dtmail
Mail Program Interaction
User send message
Message is collected
/bin/mailx(MUA)
Message is routed
sendmail
qmail
MS-Exchange
/usr/lib/sendmail(MTA)
/usr/lib/mail.local(local MDA)
Message is delivered
SMTP(remote MDA)
User reads message
/usr/lib/mail.local
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
37
Sun Educational Services
1) Email Fundamental
Concept of Mail Routing
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
38
Sun Educational Services
1) Email Fundamental
Types of Mail Addresses
• Unqualified address
user01
• Qualified address
user01@sun100
• Fully qualified address
[email protected]
• UUCP address
machinex!machiney!machinez!user01
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
39
Sun Educational Services
1) Email Fundamental
Alias Resolution
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
40
Sun Educational Services
1) Email Fundamental
Using Mail Aliases
• $HOME/.mailrc
alias manager [email protected] [email protected] (~1024)
• /etc/mail/aliases
root: mary
friend: mike, tom, betty, steve
sales: [email protected], [email protected]
manager: :include:/home/group/manager
nobody: /dev/null
user01: “| /usr/bin/cat | /usr/bin/sed ‘s/A/a/g’ > /file01”
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
41
Sun Educational Services
1) Email Fundamental
Using Mail Aliases (cont)
$HOME/.forward
\user01
/export/home/user01/mail.backup
\user01, “|/usr/bin/vacation user01 || exit 75”
/export/home/user01/mail.backup
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
42
Sun Educational Services
1) Email Fundamental
Planning Your Mail System
• Configuring Local Mail only
• Configuring Local Mail in Remote Mode
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
43
Sun Educational Services
3) Sendmail Overview
• History of sendmail
• Definition and feature of sendmail
• Security issues with sendmail
• Functions of sendmail processing
• Changes to sendmail under the Solaris 7 OS
• Directory structure for sendmail
• Configuration files for sendmail
• The stopping and starting of sendmail
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
44
Sun Educational Services
3) Sendmail Overview
History of sendmail
• Originally written by Eric Allman at University of
Caifornia, Berkley
• V8.7 and later written in conjunction with Internet
Engineering Task Force(IETF)
• Sendmail version 8.9.1 is distributed with Solaris7
• Sendmail version 8.10.2 is distributed with Solaris8
• Sendmail version 8.11.6 is distributed with Solaris9
• upgrade to sendmail 8.12.9 (security patch)
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
45
Sun Educational Services
3) Sendmail Overview
Feature of sendmail of sendmail
• It supports UNIX System V mail, UNIX Version 7 mail, and
Internet mail.
• It uses existing software for delivery whenever possible.
• It can be configured to handle complex environments using
configuration files.
• Groups can maintain their own mailing lists.
• Individual forwarding can be specified without modifying the
domain-wide alias file.
• Each user can specify a custom mailer to process incoming
mail.
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
46
Sun Educational Services
3) Sendmail Overview
Security Issues With sendmail
• sendmail Version 8.10.2 is more secure than earlier version.
• Due to it’s open exchange of arbitrary data, sendmail still
has some security drawbacks.
• For information about sendmail security and other
sendmail topics, refer to:
• Costales, Brian. 1997. Sendmail, Second Edition,
O’Reilly.
• Sun Microsystem web site:http://www.sun.com
•The sendmail web site –> http://www.sendmail.org
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
47
Sun Educational Services
3) Sendmail Overview
Functions of sendmail Processing
• Argument processing and address parsing
• Scanning of the arguments
• Processing of the option specifications
• Message collection
• Envelope, message header, and message body
• Message delivery
• Queue for retransmission
• Return to sender
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
48
Sun Educational Services
Generic SMTP Flow
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
49
Sun Educational Services
3) Sendmail Overview
Changes to sendmail Under the Solaris 7 OS
• The sendmail program now has its own packages.
• SUNWsndmr installs the configuration files.
• SUNWsndmu installs the binaries.
• Configuration files are built using the m4 language.
• strong anti-spam support is available.
• Permissions and the ownership have been changed
to increase security.
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
50
Sun Educational Services
3) Sendmail Overview
Directory Structure for sendmail
• The files and locations of the sendmail hierarchy
includes the:
• Hierarchy of /usr/lib/mail directory
• Featured files in /usr/lib/mail
• Contents of the /etc/mail directory
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
51
Sun Educational Services
/usr/lib/mail/ Function
m4/
General support routines that are important and should not be
changed without very careful consideration.
cf/
The configuration files which have .mc a suffixes, and must be
run through m4 to become complete. The resulting output should
have a .cf suffix.
ostype/
Definitions describing a particular operating system type. These
should always be referenced using the OSTYPE macro in the .mc
file.
Domain/
Definitions describing a particular domain, referenced using the
DOMAIN macro in the .mc file.
Mailer/
Descriptions of mailers. These are referenced using the MAILER
macro in the .mc file.
Sh/
Shell files used when building the .cf file from the .mc file in the
cf subdirectory.
Feature/
These hold special features that you might want to include. They
should be referenced using the FEATURE macro.
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
52
Sun Educational Services
File/Directory
Description
README
Describing the configuration files
cf/main-v7sun.mc
Is the main configuration file
cf/Makefile
Contains rules for building new configuration files
cf/subsidiary-v7sun.mc
Is the configuration file for hosts that NFS-mount
/var/mail from another host
domain/generic.m4
Is the generic domain file from Berkeley
domain/solaris-antispam.m4
Is the domain file which contains the changes that
make sendmail function like previous Solaris version,
except that relaying is disabled completely, sender
addresses with no hostname are rejected, and
unresolved domains are rejected
domain/solaris-generic.m4
Is the domain file which contains the changes that
make sendmail function like previous Solaris
versions(default)
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
53
Sun Educational Services
File/Directory(cont) Description
ostype/solaris2.m4
Defines local mailer as mail
ostype/solaris.m1.m4
Defines local mailer as mail.local(default)
sh/sheck-permissions
Checks permissions of : include: aliases and .forward
files and their parent directory path for correct
permissions
sh/check-hostname
Vefifies that sendmail is able to determine the fully
qualified host name
feature
Defines specific features for particular hosts ( see
README for a full description of the features)
mailer
Defines mailers which include local, smtp and uucp
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
54
Sun Educational Services
/etc/mail
Description
Mail.rc
Contains default settings for the mailtool user agent
aliases
Contains main-forwarding information
aliases.dir
Is the binary form of mail-forwarding information(created by
running newaliases
aliases.pag
Is the binary form of mail-forwarding information(created by
running newaliases
mailx.rc
Contains default settings for the mailx user agent
main.cf
Sample configuration file for main systems
relay-domains
Contains a list of all domains for which relaying is allowed; by
default, only the local domain is allowed
sendmail.cf
Is the configuration file for mail routing
sendmail.cw
Is the optional file that you can create if the number of aliases
for the mail host is too long (sendmail 8.11.6에서 /etc/mail/local-hostnames 으로 변경됨)
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
55
Sun Educational Services
/etc/mail
Description
sendmail.hf
Is the help file used by the SMTP HELP command
sendmail.pid
Lists the Process Identification Number of the listing daemon
Sendmail.st
Is the sendmail statistics file; if this file is parent, sendmail logs
the amount of traffic through each mailer
sendmailvars
Stores macro and class definitions for name space lookup from
sendmail.cf
subsidiary.cf
Is the sample configuration file for subsidiary systems
aliases.db
Is the alias database map, which can be created in three
different format, dbm, hash, and btree; the aliases.db map is
created using the makemap command.
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
56
Sun Educational Services
3) Sendmail Overview
Configuration Files for sendmail( /etc/mail/sendmail.cf)
• sendmail.cf contains most of the sendmail
configuration and provides the following functionality.
• It defines the sendmail environment using symbols,
classes, options, and parameters
• It specifies how sendmail will rewrite addresses
• It determines how addresses are to be interpreted
• It determines how mail will be routed
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
57
Sun Educational Services
3) Sendmail Overview
/etc/mail/sendmail.cf (cont)
Contents
• Mail delivery agents – The program used to deliver mail
• Macro – Built-in or user-defined variables
• Options – Definitions of sendmail behavior
• Rule sets – A subroutine of rewrite rules
• Rewrite rules – Rules governing the transformaion of
address
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
58
Sun Educational Services
3) Sendmail Overview
m4 Preprocessor
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
59
Sun Educational Services
3) Sendmail Overview
m4 Preprocessor(cont)
# cat example.mc
divert (-1)
divert (0) dnl
VERSIONID(‘@(#)main-v7sun.mc 1.2 (sun) 01/27/98’)
OSTYPE(solaris2.ml)dnl
DOMAIN(solaris-generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
FEATURE(relay_entire_domain)dnl
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
60
Sun Educational Services
3) Sendmail Overview
How to build a New Configuration file
1.
2.
3.
4.
5.
6.
# cd /usr/lib/mail/cf
# cp main-v7sun.mc sendmail.mc
# vi sendmail.mc
# vi Makefile
# /usr/ccs/bin/make
# cp sendmail.cf /etc/mail
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
61
Sun Educational Services
3) Sendmail Overview
The Stopping and Starting of sendmail
• Automatic startup is performed using
the /etc/init.d/sendmail script
• sendmail can be stopped and restarted using
/etc/init.d/sendmail stop
/etc/init.d/sendmail start
• Manual startup can be performed using the sendmail
command lines located within the startup script maintain
proper startup values.
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
62
Sun Educational Services
# vi /etc/init.d/sendmail
case "$1" in
'start')
if [ -f /usr/lib/sendmail -a -f /etc/mail/sendmail.cf ]; then
if [ ! -d /var/spool/mqueue ]; then
/usr/bin/mkdir -m 0750 /var/spool/mqueue
/usr/bin/chown root:bin /var/spool/mqueue
fi
MODE="-bd"
if [ -f /etc/default/sendmail ]; then
. /etc/default/sendmail
fi
……………………..
;;
'stop')
/usr/bin/pkill -x -u 0 sendmail
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
63
Sun Educational Services
3) Sendmail Overview
Miscellaneous sendmail Support
• Configuration file version values
• Additional mail service program and files, such as:
• /usr/bin directory used for mail services
• /usr/lib mail files
• Additional files used for mail services
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
64
Sun Educational Services
/usr/bin
Description
aliasadm
A program to manipulate the NIS+ aliases map
mail
A user agent
mailcompat
A filter to store mail in SunOS4.1 mailbox format
mailq
Link to /usr/lib/sendmail; used to list the mail queue
mailstats
A program used to read mail statistics stored in the
/etc/mail/sendmail.st file ( if present )
mailx
A user agent
mconnect
An Interactive connection to sendmail
newaliases
An aliases of /usr/lib/sendmail which causes the aliases
database to be rebuilt
rmail
A link to /usr/bin/mail
vacation
A program which allows automatic response to incoming mail
messages
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
65
Sun Educational Services
/usr/lib
Description
mail.local
Mailer that delivers mail to mailboxes
sendmail
The routing program, also known as the mail
transfer agent
/etc/shells
Lists the valid login shells
/usr/sbin/in.comsat
Are the mail-notification daemons
/usr/sbin/makemap
Builds binary forms of keyed map
/usr/sbin/syslogd
Logs error messages used by sendmail
/usr/dt/bin/dtmail
Is the CDE mail user agent
/var/mail/user_name
Is the location of the user’s incoming mailbox
/var/spool/mqueue
Is the location of the outgoing mail queue
$OPENWINHOME/bin/mailtool
Is the Open Windows mail user agent
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
66
Sun Educational Services
2. Introduction to Sendmail
3) Sendmail Overview
• Debugging sendmail with mconnect
• Using simple Mail Transfer Protocol (SMTP)
• Testing the mail configuration
• Verifying a user
• Expanding an an alias or list
• Setting up the postmaster alias
• Administrating the mail configuration
• Defining SPAM
• Detecting masquerading hosts
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
67
Sun Educational Services
3) Sendmail Overview
Debugging sendmail With mconnect
• Use mailx –v
• Issue SMTP commands
• mconnect
• telnet
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
68
Sun Educational Services
3) Sendmail Overview
Simple Mail Transfer Protocol
• Is used to send/receive a message
• Is a simple command set
• Follows a basic handshaking process
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
69
Sun Educational Services
3) Sendmail Overview
Some of its command are:
• HELO <hostsname> - Initials a session, and identifies the
sending hostname
• MAIL FROM: <sender> - Identifies who the mail is from
• RCPT TO: <recipient> - Identifies who the mail is to (use
multiple ECPT TO:commands)
• DATA – Signal the start of the text (which is terminated by a
line with a signal dot[.])
• QUIT – Ends session
• RSET – Resets the session
• NOOP – Does nothng
• HELP – Displays help text
• EXPN <recipient> - Expands the address (for example,
taking into account aliases/ forward files)
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
70
Sun Educational Services
3) Sendmail Overview
# mconnect
connecting to host localhost (127.0.0.1), port 25
connection open
220 oss2.ioss.co.kr ESMTP Sendmail 8.10.2+Sun/8.10.2; Thu, 3 Jul 2003 16:44:26
+0900 (KST)
helo my.netian.com
250 oss2.ioss.co.kr Hello localhost [127.0.0.1], pleased to meet you
mail from: [email protected]
250 2.1.0 [email protected]... Sender ok
rcpt to: [email protected]
250 2.1.5 [email protected]... Recipient ok
data
354 Enter mail, end with "." on a line by itself
hi....
how are you?
.
250 2.0.0 h637ixb27726 Message accepted for delivery
quit
221 2.0.0 oss2.ioss.co.kr closing connection
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
71
Sun Educational Services
# /usr/bin/mailx –v [email protected]
Subject: hi....
this is test mail
please remove it.....
.
EOT
oss2 / # [email protected]... Connecting to mail2.orgio.net. via esmtp...
220 orgio.net ESMTP WBlock.ps 2.27; Mon, 7 Jul 2003 06:44:24 +0900
>>> EHLO oss2.test.co.kr
250-mail2.orgio.net Hello [211.63.131.242], pleased to meet you
250-8bitmime
250-size 20480000
250 help
>>> MAIL From:<[email protected]> SIZE=105
250 [email protected]... Sender OK
>>> RCPT To:<[email protected]>
250 [email protected]... Recipient OK
>>> DATA
354 Enter mail, end with "." on a line by itself
>>> .
250 Message accepted for delivery
[email protected]... Sent (Message accepted for delivery)
Closing connection to mail2.orgio.net.
>>> QUIT
221 Bye..
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
72
Sun Educational Services
3) Sendmail Overview
# /usr/lib/sendmail –v [email protected]
test mail
.
[email protected]... Connecting to mail6.orgio.net. via esmtp...
220 orgio.net ESMTP WBlock.ps 2.27; Mon, 7 Jul 2003 06:50:14 +0900
>>> EHLO oss2.test.co.kr
250-mail6.orgio.net Hello [211.63.131.242], pleased to meet you
250-8bitmime
250-size 20480000
250 help
>>> MAIL From:<[email protected]> SIZE=10
250 [email protected]... Sender OK
>>> RCPT To:<[email protected]>
250 [email protected]... Recipient OK
>>> DATA
354 Enter mail, end with "." on a line by itself
>>> .
250 Message accepted for delivery
[email protected]... Sent (Message accepted for delivery)
Closing connection to mail6.orgio.net.
>>> QUIT
221 Bye...
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
73
Sun Educational Services
3) Sendmail Overview
Testing the Mail Configuration
• Run tests after changing the configuration files
• Record common problem
• Gather additional diagnostic information
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
74
Sun Educational Services
3) Sendmail Overview
Addition Diagnostic Information
• Look at the receive lines in the header of the message. These lines
trade the route the message took as it was relayed
• Look at the message from MAILER –DAEMON. These typically
report delivery problems.
• Check the system logs in /var/adm/messages and /var/log/syslog
for delivery problems.
• Since the sendmail program always records what it is doing
in the system log, modify the crontab file to run a shell script
nightly that searches the log for SYSERR. Message and mails
any that it finds to the postmaster.
• Use the mailstats program to test mail types and determine
the number of message coming in and going out.
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
75
Sun Educational Services
3) Sendmail Overview
Verifying a User
# mconnect oss1
connecting to host oss1 (192.168.0.251), port 25
connection open
220 oss1.ioss.co.kr ESMTP Sendmail 8.10.2+Sun/8.10.2; Thu, 3 Jul 2003 14:27:57 +0900 (KST)
vrfy joosy
250 2.1.5 <[email protected]>
vrfy hong
550 5.1.1 hong... User unknown
……………………………………………………….
vrfy user01
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
# vi /usr/lib/mail/cf/sendmail.mc
DOMAIN(`solaris-generic')dnl
define(`confPRIVACY_FLAGS',`noexpn,novrfy')dnl
MAILER(`local')dnl
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
76
Sun Educational Services
3) Sendmail Overview
Expanding an Alias or List
# mconnect oss1
expn staff
550 5.1.1 olson... User unknown
expn Postmaster
250 2.1.5 Super-User [email protected]
…………………
expn staff
502 5.7.0 Sorry, we do not allow this operation
# vi /usr/lib/mail/cf/sendmail.mc
DOMAIN(`solaris-generic')dnl
define(`confPRIVACY_FLAGS',`noexpn,novrfy')dnl
MAILER(`local')dnl
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
77
Sun Educational Services
Duties of the postmaster
• Check the mail queues to be sure mail is flowing in and out.
• Check any downed systems where mail is backing up. It the
system is not needed, delete it from the mail services, or bring
the system up to keep mail moving
• Fix personal aliases, as required.
• administer alias databases as people move in and out of the
domain.
• Set up temporary forwarding files.
• Contacts owners of mailing lists and help them fix mailing list
problems.
• Go through postmaster mail daily and look for problems, like
broken, forwarding files and mail alias loops.
• Answer questions outside the company
• Truncate log files periodically.
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
78
Sun Educational Services
3) Sendmail Overview
Format of Queue file
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
79
Sun Educational Services
Code for the qf file
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
80
Sun Educational Services
Forcing the queue
1.
2.
3.
4.
5.
6.
7.
8.
Root login
# kill sendmail_pid
# mv /var/spool/mqueue /var/spool/omqueue
# mkdir /var/spool/mqueue
# chmod 755 mqueue
# chown daemon mqueue; chgrp daemon mqueue
# /usr/lib/sendmail –bd –q1h
# /usr/lib/sendmail –oQ/var/spool/omqueue –q
# /usr/lib/sendmail -Ruser01
# /usr/lib/sendmail -Mnnnn(queue id)
1. # rmdir /var/spool/omqueue
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
81
Sun Educational Services
/etc/syslog.conf
*.err;kern.notice;auth.notice
*.err;kern.debug;daemon.notice;mail.crit
mail.crit;mail.info;mail.debug
*.alert;kern.err;daemon.err
*.alert
*.emerg
root
/dev/sysmsg
/var/adm/messages
/var/log/syslog
operator
*
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice
ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug
ifdef(`LOGHOST', /var/log/syslog, @loghost)
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
82
Sun Educational Services
3) Sendmail Overview
Mailer Statics
• Local delivery agent
• SMTP delivery agent
• UUCP delivery agent
# touch /etc/mail/sendmail.st
# touch /etc/mail/statistics(ver 8.10.x)
# /usr/bin/mailstats
Statistics from Thu Jul 3 16:09:08 2003
M msgsfr bytes_from msgsto bytes_to msgsrej msgsdis Mailer
3
9
13K
5
9K
0
0 local
5
2
2639K
9
7920K
3
0 esmtp
=============================================================
T
11
2652K
14
7929K
3
0
C
11
14
3
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
83
Sun Educational Services
3) Sendmail Overview
.forward File
1. Disabling .forward Files
# cd /usr/lib/mail/domain
# vi solaris-generic.m4
define(`confFORWARD_PATH', `’)dnl
 Build and install a new sendmail.cf
2. Change the .forward File Search Path
# cd /usr/lib/mail/domain
# vi solaris-generic.m4
define(`confFORWARD_PATH', `$z/.forward:/var/forward/$u')dnl
 Build and install a new sendmail.cf
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
84
Sun Educational Services
3) Sendmail Overview
SPAM
• Defining
• Forging a mail header
• Deciphering email headers
• Using trace tools
• Disabling SPAM
• Stopping SPAM with sendmail
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
85
Sun Educational Services
Forging a Mail Header Example
# mconnect hostname or
# telnet hostname 25
HELO my.forged.hostname
MAIL FROM: [email protected]
RCPT TO: [email protected]
DATA
DATE: 09:05:00 Wed 19 Jul 2003
SUBJECT: GREAT DEALS
TO: friendly spammers
FROM: [email protected]
Hi,
I’m selling vacuum cleaners…..want to buy?
.
quit
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
86
Sun Educational Services
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
87
Sun Educational Services
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
88
Sun Educational Services
3) Sendmail Overview
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
89
Sun Educational Services
3) Sendmail Overview
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
90
Sun Educational Services
3) Sendmail Overview
Other Trace Tools
• traceroute
• whois
• dig
• nslookup
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
91
Sun Educational Services
3) Sendmail Overview
Stopping SPAM with sendmail
1. # cd /usr/lib/mail/cf
2. # cp main-v7sun.mc sendmail.mc
3. # vi sendmail.mc
divert(0)dnl
VERSIONID(`@(#)main-v7sun.mc 1.5 (Sun) 09/12/01')
OSTYPE(`solaris8')dnl
define(`DATABASE_MAP_TYPE',`dbm')
FEATURE(access_db)
DOMAIN(`solaris-generic')dnl
define(`confPRIVACY_FLAGS',`noexpn,novrfy')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
92
Sun Educational Services
3) Sendmail Overview
Stopping SPAM with sendmail(cont)
4. # /usr/ccs/bin/make
5. # cp sendmail.cf /etc/mail
6. # vi /etc/mail/access
192.168.0 RELAY
sun.co.kr REJECT
[email protected] OK
[email protected] REJECT
[email protected] 555 We don't accept mail from spam
7. # cd /etc/mail
8. # makemap dbm access < access
9. /etc/mail/sendmail stop
/etc/mail/sendmail start
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
93
Sun Educational Services
3) Sendmail Overview
Stopping SPAM with sendmail(cont)
Result: (ex1)
>>> MAIL From:<[email protected]> SIZE=57
550 5.7.1 <[email protected]>... Access denied
spam... forward: /export/home/spam/.forward.sun100+: World writable directory
spam... forward: /export/home/spam/.forward+: World writable directory
spam... forward: /export/home/spam/.forward.oss1: World writable directory
spam... forward: /export/home/spam/.forward: World writable directory
/export/home/spam/dead.letter... Saved message in /export/home/spam/dead.letter
Closing connection to sun100.sun.co.kr.
>>> QUIT
221 2.0.0 sun100.sun.co.kr closing connection
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
94
Sun Educational Services
3) Sendmail Overview
Stopping SPAM with sendmail(cont)
Result: (ex2)
>>> MAIL From:<[email protected]> SIZE=57
555 5.0.0 We don't accept mail from spam
spam... forward: /export/home/spam /.forward.sun100l+: World writable directory
spam... forward: /export/home/spam /.forward+: World writable directory
spam... forward: /export/home/spam /.forward.sun100: World writable directory
spam... forward: /export/home/spam /.forward: World writable directory
/export/home/ spam/dead.letter... Saved message in /export/home/spam/dead.letter
Closing connection to mail.marine.co.kr.
>>> QUIT
221 2.0.0 mail.sun.co.kr closing connection
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
95
Sun Educational Services
3) Sendmail Overview
Hide hostnames
• Hide hostnames
• MASQUERADE_AS(host.domain)
• MASQUERADE_DOMAIN(otherhost.domain)
• FEATURE (masquerade_envelope)
• EXPOSED_USER(usernames)
• Enable host masquerading
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
96
Sun Educational Services
3) Sendmail Overview
Enabling Host Masquerading
1. # cd /usr/lib/mail/cf
2. # cp main-v7sun.mc sendmail.mc
3. # vi sendmail.mc
…………..
MASQUERADE_AS(sa389.edu)dnl
FEATURE(masquerade_entire_domain)dnl
…………..
4. # /usr/ccs/bin/make
5. # cp sendmail.cf /etc/mail
6. sendmail daemon stop/start
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
97
Sun Educational Services
4) Q & A
•.Jan 21 17:14:47 Umyun sendmail[782]: g0L8Ek300780: SYSERR(root):
config error: mail loops back to me (MX problem?)
• sendmail[13177]:NOQUEUE : low on space (have SMTP-DAEMON needs 101 in
/var/spool/mqeue)
• Oct 20 10:22:06 ofphp sendmail[24249]: KAA24249: SYSERR(root): putbody:
write error: File too large
Oct 20 10:22:06 ofphp sendmail[24249]: KAA24249: Losing qfKAA24249: savemail
panic
Oct 20 10:22:06 ofphp sendmail[24249]: KAA24249: SYSERR
• Aug 27 20:30:40 CFOS sendmail[6238]: f7RBJf706238: collect: premature EOM:
Connection reset by h100.137.74.211.seed.net.tw
• Jan 16 01:15:08 ktnet sendmail[2199]: BAA02199: collect: premature EOM: Error 0
DNS and Sendmail
Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. Enterprise Services
98