Sendmail: Virtual Hosts & Virtual Users

[ridetehpenguin]

I think it's the windows in me, but I have read several tutrorials on how to set-up the virtual users. I still don't get it. Maybe I'm tired. So let me ask what I want to accomplish...

I'll be hosting a few domains' emails. Let's use an example of domain.tld and somewhere.com.

1) domain.tld
joe (sales mgr)
mary (sales agent)
john (sales & marketing)
-aside from their individual emails, the company wants a sales@domain.tld email that goes to all three of the sales people
-and an info address to go to joe and john

2) somewhere.com
mark
jane (manager)
david
luke (manager)
-the company wants an email info@domain.tld to go to both, jane & luke
-luke wants all his company email forwarded to his gmail account (just because he wants it)

So.....something like this:

Code:

# A domain-specific form of aliasing, allowing multiple virtual domains to be
# hosted on one machine.
#
# ===== emails for domain.tld =====
  joe@domain.tld  	joe
  mary@domain.tld	mary
  john@domain.tld    	john
  sales@domain.tld	joe,mary,john
  info@domain.tld	joe,john
#
# ===== emails for somewhere.com =====
  mark@somwhere.com     mark
  jane@somewhere.com	jane
  david@somewhere.com  	david
  luke@somewhere.com    luke@gmail.com	
  managers@somewhere.com luke@gmail.com,jane
#
#

How? Suggestions?

p.s. I'm a windows guy. This is only my 2nd month into linux and am still learning. be gentle.

[scottro]

Postfix might be easier for the task. I haven't done virtual users with postfix, so I could be wrong, but...

There's actually a good,albeit dated tutorial at http://freebsddiary.org/postfix.php. Even though it's FreeBSD oriented, the basic configuration of main.cf is going to be similar.

[GrapeShot]

Once you have your mail server all set up to handle the 2 domains (postfix, sendmail), you can set the aliases in /etc/aliases. After you have entered all of the aliases, run newaliases to update the aliases.db that sendmail and postfix rely on.

[ridetehpenguin]

Still does not solve my quandry.

1)

Code:

#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks or from /bin/mail.
#
#	>>>>>>>>>>	The program "newaliases" must be run after
#	>> NOTE >>	this file is updated for any changes to
#	>>>>>>>>>>	show through to sendmail.
#

# Basic system aliases -- these MUST be present.
mailer-daemon:	postmaster
postmaster:	root

# General redirections for pseudo accounts.
bin:		root
daemon:		root

So my server is allowed only one postmaster? I know that's not right.

2)

Code:

www:		webmaster
webmaster:	root
noc:		root
security:	root
hostmaster:	root
info:		postmaster
marketing:	postmaster
sales:		postmaster
support:	postmaster

So, every email sent to webmaster@*.* is sent to root! or only to one email address? Again, that's not solving my quandry.

How do I setup sendmail so I can host multiple domains (like eric@domain.tld and eric@somewhere.com - not being same user) and having different postmasters per domain?

Anyone.

aka /bump for the day

[William Haller]

List each of your domains in virtual-domains, one per line

Code:

domain.tld
somewhere.com

List each of your users in virtusertable, but I'd suggest using an alias instead of listing each group of users there and use /etc/aliases to keep track of your lists, so - tab separated...

Code:

joe@domain.tld      joe
mary@domain.tld   mary
...
sales@domain.tld            domaintld_sales
postmaster@domain.tld    john
abuse@domain.tld           john
webmaster@domain.tld    mary
...

Do the same with somewhere.com - you can redirect to a different system if you want like the luke reference.


That way you can have different postmasters as needed. At the bottom, add

Code:

@domain.tld  error:nouser 550 5.1.1 User not defined in this domain
@somewhere.com error:nouser 550 5.1.1 User not defined in this domain

to catch e-mails to any user that doesn't have a valid address and immediately error out.

Then in your /etc/aliases file, define how the lists are distributed

Code:

domaintld_sales: joe,mary,john

Modify /etc/mail/local-host-names to reflect all host names your host is known by and make sure that the DNS is properly configured for each, with the appropriate MX record pointing to your host.

If you have backup servers, you'll need to distribute a copy of the virtusertable to them as well so that they can properly reject mail that doesn't exist, and you'll have to modify the format so you have lines like...

Code:

joe@domain.tld   joe@postoffice.domain.tld

or whatever to cause the backup server to send the mail on to the primary server when it comes online.

You can do spam processing on the backup servers to reduce load if you want, but if you do that, you'll have to do the spam processing on the main server via a /etc/procmailrc setup rather than the milter with a test to see if it's already been done on your backup box. I'd run clamAV on all primary and backup servers via a milter.

If you get a lot of mail, I'd recommend adding the dnsbl directly into the sendmail system via

Code:

FEATURE(`dnsbl', `bl.spamcop.net')

call - use whatever ones you feel you qualify for based on mail volume and licensing. Others include dnsbl.njabl.org, xbl.spamhaus.org, sbl.spamhaus.org, and zen.spamhaus.org.

Set up certificates on your host, although I haven't found a good way to support multiple domains for this. Enable the daemon for global....

Code:

DAEMON_OPTIONS(`Port=smtp, Name=MTA')
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')
DAEMON_OPTIONS(`Port=smtps, Name-TLSMTA, M=s')

Don't accept unresolvable domains...

Code:

dnl FEATURE(`accept_unresolvable_domains')

Make sure the virtusertable is turned on

Code:

FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')

Most of the timeouts are OK, but you might want to add

Code:

define(`confTO_COMMAND', `2m')

Run newaliases and run make in the /etc/mail directory and restart sendmail.

That should get you started. Good luck.

[ridetehpenguin]

William,

First off, thanks for the help and info. That helps me out a ton!

However...

you lost me from:

Quote:

If you have backup servers, you'll need to distribute a copy of the virtusertable to them as well so that they can properly reject mail that doesn't exist, and you'll have to modify the format so you have lines like...

I would like to be able to filter spam etc. But I have no clue as to what you were talking about. This is my very first time in setting up sendmail and was litterally flashing a "deer in the headlights" look at the screen while reading it.

Could you clarify?

p.s. I have so many things I have to go thru for setting up these Linux servers so bear with me.......

[William Haller]

Backup servers simply mean that you have a primary mail server, and other mail servers - usually hosted elsewhere - that can take over for you if your primary mail server is down. The problem with backup servers that aren't under your control is they usually can't be easily configured to know who your valid users are, so can't immediately junk mail as coming to an invalid user name. The configuration shown is an example of how the virtual user table would be configured at a backup server so that it would then route mail to your primary mail server when it came back up.

Backup servers aren't a real requirement these days as most mail servers will buffer the mail that is inbound to you at the source and try again later for up to a week.

If you aren't doing backup servers - just ignore that bit.

You can filter with spamassassin directly in sendmail via a milter - my comment was that if you use the milter approach on your primary server, then it will also filter inbound mail coming from backup servers which may not be desired if they also run spamassassin. In this case, use procmail to do your filtering on your primary instead of the milter and only send messages that aren't already processed by your backup server to spamassassin.

The clamav links directly into sendmail as a milter. I personally prefer the clamav package from atrpms.net because it seems to be more up to date than the Fedora package and it comes in one rpm versus the split up mess that Fedora decided to go with.

The lines to add to sendmail.mc are something like...

INPUT_MAIL_FILTER(`clamav-milter', `S=local:/var/run/clamav/clmilter.socket, F=T, T=C:3m;S:5m;R:5m;E:10m')dnl

and

define(`confINPUT_MAIL_FILTERS', `clamav-milter')

making sure that your socket name matches the requirements of whatever package you select.

If you end up adding spamassassin in (with its milter RPM), the sendmail lines would be

INPUT_MAIL_FILTER(`spamass-milter', `S=unix:/var/run/spamass-milter/spamass-milter.sock, F=T, T=C:3m;S:5m;R:5m;E:10m')

and with both enabled, your extra enable line would be

define(`confINPUT_MAIL_FILTERS', `clamav-milter,spamass-milter')

[okcomputer44]

Hi ridetehpenguin!

If you want to use your server for more domain the solution is easy.

Just put into your users the /etc/virtualusertable file as this:

info@domain1.com infodomain1
info@domain2.com infodomain2

sales@domain1.com salesdomain1
sales@domain2.com salesdomain2

etc....

make those user on your server and issue the newaliases command.

The sendmail will know how to deal with the users with "same begin" names.

The "local-host-name" file contains the local domains. This means your domains will be in this file if you don't want to move them to another server.
So just put your domain here into this file like this:

domain1.com
domain2.com

Don't forget to put into the access file both domain names.

Access file:
domain1.com: Relay
domain2.com: Relay

To filter the domains just use William's idea I think that is the best and easy way I mean clamav and spamass-milter.

You can install both with yum.

yum install clamav-milter spamass-milter

If you want to filter between two server the sendmail can do that as well. (spam filter gateway)
In this case don't put the "local-host-name" file your domain instead put it in the mailertable file.

Server one the filter gateway server two the domain supporter server.

Server one:

local-host-name:
just the local names
domain1.com
domain2.com


Access file:
domain1.com: Relay
domain2.com: Relay

To:domain3.com: Relay "This is the domain what you are filtering for domain 3"


And finaly:

mailertable file usually is not there you need to create this file with editor.

So mailertable:

domain3.com smtp:[145.145.145.145] or

domain3.com smtp:[yourno-ip.com address]

The brilliant is on this case is the domain name things.
If you want to filter domains for small companies you don't need to register their ADSL to have fix addresses.
The spam-gateway will forward all messages to the no-ip address obviouselly those address will change in few days but it does not matter because the mailertable file contains only the no-ip adress.

So for 10 companies just 1 fix address needs.

I've been using it for more than 1 year with any problem. One machine filters for 4 different domain names.

I hope it helped. {Except my crazy English}

Laz