Very Computer

Subject: Queue-R-Mail-HOWTO 1.01

V 1.01 of "Queue-R-Mail-HOWTO"  -   Note that this is an UPDATE from V 1.0
published earlier TODAY.

Here goes a suggested new HOWTO dealing with Sendmail V8 in a typical Linux
situation, where You want to write and "send" several mails before actually
dialling up an TCP/IP connection to actually empty the queue. Unlike some
other suggestioons I've heard, this approach gives You instantaneous
delivery for local mail. It's just remotely destined mail that's being held
in /var/spool/mqueue until somebody dials up an IP connection and executes
"sendmail -q".

-------------------------------- cut here ----------------------------------

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
Queue-R-Mail-HOWTO      Queue Remote Mail + Deliver Local Mail (V8)
                        Designed for sendmail 8.6.12

        Author:         Leif Erlingsson <Leif.Erlings...@mailbox.swipnet.se>
        First written:  19 Sep 1995     Version:        1.0
        Last updated:   19 Sep 1995     Version:        1.01

Update History:

        1.01    /usr/src/sendmail.8.6.12/cf/cf/obj/elijah.smtp.cf section
                lacked the following items:

                < OcTrue
                > OcFalse

                Consequences:   None, if You updated the .mc and .m4 files
                as instructed, and performed 'make' on them. Big if You
                edited /etc/sendmail.cf directly --- omitting this change
                would make the patch NOT WORK. Remote mail would be
                delivered same as local, immediately.

                Updated By:     Leif.Erlings...@mailbox.swipnet.se

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
If all the below instructions is followed, it even works during boot!
REMOTE MAIL will not be delivered from the mail queue unless a user
executes sendmail -q.

At the end of the document is some suggested edits to
/var/X11R6/lib/fvwm/system.fvwmrc to give some menu support for this
for the benifit of Linux hackers and others! Some of those edits assume
that other homemade programs are available, so study and implement YOUR way!

Designed for sendmail 8.6.12

/Leif Erlingsson, home:                         work:
Tel:    +46 8 604 0995                          Tel:    +46 8 764 8495
Fax:    +46 8 604 0995 (ask 1'st)               Fax:    +46 8  29 4975
E-mail: Leif.Erlings...@mailbox.swipnet.se E-mail: lei...@rsv.svskt.se

[No, I'm not a sendmail expert. Yes, I'm reading the "sendmail" book from
cover to cover.]

============================================================================
| The Configuration Changes Neccessary to Make Sendmail Deliver Local Mail |
| ***Now*** While Stashing Remote Mail in The Queue Until "I Say So":      |
============================================================================

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
Create system mail queue and hideaway for system mail queue files
to be used while starting the sendmail daemon during system boot:

mkdir -p /var/spool/mqueue /var/spool/mqueue.hide
chmod 0700 /var/spool/mqueue /var/spool/mqueue.hide

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
Start the sendmail daemon section of /etc/rc.d/rc.M heavily re-programmed:

The below section starts the sendmail daemon so that it won't process
"expensive" mail the first time around. And so "delivery runs" are NOT
performed every 15 minutes. The -os flag makes ALL mail queued (that
doesn't mean it can't be delivered immediately all the same).

Delivery happens when any user runs "sendmail -q".

# Start the sendmail daemon:
if [ -x /usr/sbin/sendmail ]; then
  # If the queue isn't empty, stash away the queued items in mqueue.hide...
  mqquery=`/usr/sbin/sendmail -bp`      # mqquery=`/usr/bin/mailq`
  if [ ! "${mqquery}" = "Mail queue is empty" ]; then
    mv /var/spool/mqueue/* /var/spool/mqueue.hide
  fi
  echo "Starting sendmail daemon (/usr/sbin/sendmail -bd -os -q)..."
  echo "[Special note: As configured on this system, REMOTE MAIL is queued only!!!]..."
  /usr/sbin/sendmail -bd -os -q         # "15m" removed from off the "-q" flag!
  if [ ! "${mqquery}" = "Mail queue is empty" ]; then
    echo "[/var/spool/mqueue wasn't empty, now being copied back from mqueue.hide!!!]..."
    sleep 2; mv /var/spool/mqueue.hide/* /var/spool/mqueue
  fi
fi
#
# There is an alternative solution, but this approach queues *only* ALL MAIL,
# LOCAL TOO. It goes like this, and doesn't need any /var/spool/mqueue.hide,
# nor all the reconfiguration of sendmail.cf that will follow further below:
#
# # Start the sendmail daemon:
# if [ -x /usr/sbin/sendmail ]; then
#   echo "Starting sendmail daemon (/usr/sbin/sendmail -bd -osdq) [queue only mode]..."
#   /usr/sbin/sendmail -bd -osdq        # NOT EQ "-bd -q 15m", the "standard" flags! )
# fi

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
/usr/src/sendmail.8.6.12/cf/cf/obj/elijah.smtp.cf = /etc/sendmail.cf
changes. This is for information only, the real editing should be done
in the files:
                        sendmail.8.6.12/cf/cf/yourhostname.smtp.mc
                        sendmail.8.6.12/cf/mailer/local.m4
                        sendmail.8.6.12/cf/mailer/smtp.m4
                        sendmail.8.6.12/cf/ostype/linux.m4    (Use Your OS!)
< # After the edits:

< OcTrue

< Msmtp,                P=[IPC], F=mDFMuXe, S=11/31, R=21, E=\r\n,

< Mesmtp,               P=[IPC], F=mDFMuXae, S=11/31, R=21, E=\r\n,

< Mrelay,               P=[IPC], F=mDFMuXae, S=11/31, R=61, E=\r\n,

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
Very simple makescript          sendmail.8.6.12/cf/cf/make_yourhostname:

        #!/bin/sh

        # ALT 1:        m4 yourhostname.smtp.mc > obj/yourhostname.smtp.cf
        # ALT 2:        pmake yourhostname.smtp.cf

        m4 yourhostname.smtp.mc > obj/yourhostname.smtp.cf

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
The above /etc/sendmail.cf changes can be entered like described in the
following passages in the here listed .mc and .m4 files:

                /usr/src/sendmail.8.6.12/cf/cf/yourhostname.smtp.mc
                /usr/src/sendmail.8.6.12/cf/mailer/local.m4
                /usr/src/sendmail.8.6.12/cf/mailer/smtp.m4
                /usr/src/sendmail.8.6.12/cf/ostype/linux.m4   (Use Your OS!)

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
/usr/src/sendmail.8.6.12/cf/cf/yourhostname.smtp.mc

dnl # Defer Delivery to "expensive" mailers until next time the queue is
dnl # processed using "OcTrue" and make sure smtp mailers are "expensive".
dnl # (The "sendmail" book, Chapter 30: Options, "Oc - Don't connect to expensive
dnl # mailers".)                   / Leif.Erlings...@mailbox.swipnet.se
define(`confCON_EXPENSIVE', `True')
define(SMTP_MAILER_FLAGS, e)
MAILER(local)dnl
MAILER(smtp)dnl

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
/usr/src/sendmail.8.6.12/cf/mailer/local.m4

[SECURITY PATCH         THIS PATCH DOESN'T MAKE ANY DIFFERENCE FOR OUR     ]
[                       PRESENT PURPOUSES, BUT IT HIGHTENS SECURITY!       ]

# MODIFICATION BY Leif.Erlings...@mailbox.swipnet.se:
# According to the "sendmail" book, chapter 19, "The Queue", page 249,
# "Overview of the Queue" and chapter 26, "Delivery Agents", page 385,
# "Paths of Working Directories (V8 only): D=" and for tigthest possible
# queue security, queue (/var/spool/mqueue) permissions is set to 0700
# and in the below Mprog line Paths of working directories is set to
# D=$z:/tmp:/
#                                       / Leif.Erlings...@mailbox.swipnet.se
#
Mlocal,         P=LOCAL_MAILER_PATH, F=CONCAT(`lsDFM', LOCAL_MAILER_FLAGS), S=10, R=20/40,
                A=LOCAL_MAILER_ARGS
Mprog,          P=LOCAL_SHELL_PATH, F=CONCAT(`lsDFM', LOCAL_SHELL_FLAGS), S=10, R=20/40, D=$z:/tmp:/,
                A=LOCAL_SHELL_ARGS

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
/usr/src/sendmail.8.6.12/cf/mailer/smtp.m4

[The code isn't really changed in                                          ]
[/usr/src/sendmail.8.6.12/cf/mailer/smtp.m4, it's just the below comments  ]
[that is added, so they appear in the resulting sendmail.cf file above the ]
[following lines, that are not modified:                                   ]

# If any F= below contains the e flag, this is an 'expensive mailer'.
# (The "sendmail" book, Chapter 30: Options, "Oc - Don't connect to expensive
# mailers".)                               / Leif.Erlings...@mailbox.swipnet.se

[Unchanged lines...                                                        ]

Msmtp,          P=[IPC], F=CONCAT(mDFMuX, SMTP_MAILER_FLAGS), S=11/31, R=ifdef(`_ALL_MASQUERADE_', `11/31', `21'), E=\r\n,
                ifdef(`_OLD_SENDMAIL_',, `L=990, ')ifdef(`SMTP_MAILER_MAX', `M=SMTP_MAILER_MAX, ')A=IPC $h
Mesmtp,         P=[IPC], F=CONCAT(mDFMuXa, SMTP_MAILER_FLAGS), S=11/31, R=ifdef(`_ALL_MASQUERADE_', `11/31', `21'), E=\r\n,
                ifdef(`_OLD_SENDMAIL_',, `L=990, ')ifdef(`SMTP_MAILER_MAX', `M=SMTP_MAILER_MAX, ')A=IPC $h
Mrelay,         P=[IPC], F=CONCAT(mDFMuXa, SMTP_MAILER_FLAGS), S=11/31, R=61, E=\r\n,
                ifdef(`_OLD_SENDMAIL_',, `L=2040, ')A=IPC $h

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~
/usr/src/sendmail.8.6.12/cf/ostype/linux.m4    (or whatever ostype You have)

define(`LOCAL_MAILER_PATH',`/usr/bin/procmail')dnl
dnl             `LOCAL_MAILER_FLAGS',`ShP' results in F=lsDFMShP, but I don't
dnl             want the "S" flag, it's a security risc, see "sendmail",
dnl             chapter 18, "The A= of Deliver Agents", page 234, so....
define(`LOCAL_MAILER_FLAGS',`hP')dnl
dnl             `LOCAL_MAILER_FLAGS',`hP' results in F=lsDFMhP.
dnl             For this to work, /usr/bin/procmail must be SUID root!
define(`LOCAL_MAILER_ARGS',`procmail -d $u')dnl
define(`QUEUE_DIR', /var/spool/mqueue)dnl

^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~

#### sendmail.cf Done. ####

THAT'S THE sendmail.cf MODIFICATIONS. BUT I THINK I'D BETTER INCLUDE MY
COMPLETE  /usr/src/sendmail.8.6.12/cf/cf/yourhostname.smtp.mc  IN CASE
YOU HAVE ANY TROUBLE WITH THIS SETUP:
...

read more »

WARNING: THIS TEXT IS LONG AND DETAILED, and possibly of only
Philosophical Interest! What could possibly be of wider interest
is my included /etc/resolv.conf file. This might help you along,
should you have any difficulty with your dial-in, dynamic IP connection!
/Leif

Hello John

I too found your mail very interesting. I don't agree that my solution
is much more complex than Yours, but I know I used a lot of ascii
characters to describe it in detail and in in context.

I am looking to satisfy my need to feel that a certain solution feels
'right' in some undefinable way. I haven't yet decided what I feel about
Your solutions, they might be able to satisfy this feeling with me.
This reply is my way of figuring out my feelings for `Your way'.

One thing I want, for no good reason maybe, except to fulfill this sense
of 'rightness', is for my Linux box sendmail to be as nearly as possible
configured as a big Unix site's, is to have all functionality. When I
have IP up, I want it to be possible for the rest of the world to send
mail to the 'smtp            25/tcp          mail' - port of my box.
I just want this. And I want to have sendmail handle this case same as on
any normal internet site. I still have some work to do to catch my dynamic
IP number and convert this to the assigned hostname from my IP provider
and make my box recognise this name as it's own identity for the purpouse
of E-mail. I'm not doing this because I have to, but because I feel that
a Unix box connected to Internet (even if highly temporarily) should be
able to handle all standard services, especially Mail.

The result of the above is "I will run the sendmail daemon".
Second, I prefer the inetd approach, for emotional reasons.

What do I have now?... Your alternative 1a for Incoming mail!
Just "/usr/sbin/sendmail -bd" doesn't specify any delivery mode at all.
What would happen if someone on the outside managed to send a mail through
port 25 and your box recognised the recipient hostname as it's own?

As I wrote, I'm no sendmail expert, and it is highly likely that my first
solution is far from ideal. Your approach very well might work in this
case too, as far as I know now, without careful study.

Lets read Your mail, and I'll continue commenting in it's body:
(Btw, did You post this?... Yes, I see now that You did! Then I'm too.)

I prefer this.

As I have my sendmail configured, if the lookup fails, the mail will
Bounce! How do I change this? (This is the reason I wanted to queue only
remote mail.)

As I have my sendmail configured, local mail works just fine even with no
DNS or IP. I have been very careful to follow all relevant advice in The
Linux Network Administrators' Guide. Here's for example my /etc/resolv.conf
---------------------------------------------------------------------------
#
# /etc/resolv.conf      - see The Linux Network Administrators' Guide 6.1.3
#
# Default domain tacked onto a hostname if BIND fails on 1'st query:
domain          swipnet.se
#
# We use nic.swip.net = 192.71.220.10 as central nameserver:
nameserver      192.71.220.10
# Failing this we use sunic.sunet.se = 192.36.125.2 (and 192.36.148.18):
nameserver      192.36.125.2
# Failing this we use nic.nordu.net = 192.36.148.17:
nameserver      192.36.148.17
#
# -------------------------------------------------------------------------
#
# As much as we would have liked to, we can't have our own dns domain, as
# our IP number is dynamically assigned every time we connect to swip.net,
# so we have no business setting up any local name server, and thus, sadly,
# we can't develop a nice local cache (sob...), so we won't edit named.boot
# and we won't comment out the above nameserver-entries. (See 6.2.1 The
# named.boot File, 6.1.4 Resolver Robustness and 6.1.3 Configuring Name
# Server Lookups - resolv.conf in The Linux Network Administrators' Guide.)
#
# -------------------------------------------------------------------------

End /etc/resolv.conf

As You can see in the comments in my /etc/resolv.conf, the domain
swipnet.se is tacked onto a hostname if BIND fails on 1'st query.
Maybe this is why I don't seem to have Your problem? My local e-mail gets
delivered as it should when I'm offline, without any rule-rewriting or
sorting any rules in different order. Something I yet hesitate to do,
but something that I undoubtedly soon will do too! Btw, I have taken it as
a habit to put in references to books in configuration files where I make
changes - it helps both myself later, and also anyone I share the file
with!

I would prefer this. I don't want to depend on the correctness of another
sendmail setup, of which I know nothing. Only when the destination host
of one of my mails is unreachable, I explicitly mail this to a smart host
for delivery when the destination is up again:

To: First.Lastname%destination.domain...@smart.host.se

This sends the mail to smart.host.se, where the @smart.host.se is removed,
and the % is converted to a @, and delivery is attempted for a few days.

If I normally connect directly to the destination, I will know that my mail
reached that host, at least!

Who knows, I might try Your solution one day. But as it is, the one I have
is working as a charm, so I don't really feel the need.

It's probably because I'm so naive --- how does local mail get delivered?
Is it the Mail User Agent (e.g. pine) that calls sendmail to deliver?
I guess it would be. YES OF COURSE, IT IS. Is this how local mail gets
delivered immediately? But this would only take care of local mails
generated locally --- right?    Still, not bad!

As I wrote, I found Your solution very interesting too, and will keep it
for reference in a file near my ...

read more »