Sendmail Milter Question

Paul Howarth paul at city-fan.org
Thu Oct 28 07:43:18 UTC 2004 

On Thu, 2004-10-28 at 03:02, Ow Mun Heng wrote:
> On Fri, 2004-10-22 at 22:52, Paul Howarth wrote:
> 
> > At least that's how I *think* you do it in sendmail 8.12.x. I'm using 8.13.x 
> > and only run milters on the MTA daemon, not on the MSA:
> > 
> > MAIL_FILTER(`headercheck-milter', 
> > `S=unix:/var/run/headercheck-milter/headercheck-milter.sock, F=T, 
> > T=C:4m;S:4m;R:8m;E:16m')dnl
> > MAIL_FILTER(`spfmilter', `S=unix:/var/run/spfmilter/spfmilter.sock, F=T, 
> > T=C:4m;S:4m;R:8m;E:16m')dnl
> > FEATURE(`no_default_msa')dnl
> > DAEMON_OPTIONS(`Port=smtp, Name=MTA, 
> > InputMailFilters=headercheck-milter;spfmilter')dnl
> > DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
> 
> Ah.. You were answering the other post from me regarding the
> MSA/MTA/MSP.
> 
> You mentioned you run the milters on the MTA instead of the MSA. Right
> now, I have both the MTA and MSA running, and the milters (spam/clamav)
> are running on the MTA.
> 
> Evo is configured to hand off the emails to the local sendmail program,
> but from what it looks like, I think it's still going to the MTA, hence
> going through the milters. This should not be necessary right? How do I
> change it?

There's more than one way to do this. Alexander's approach is probably
the simplest, having multiple MTAs listening on different interfaces
(one on localhost, one on your external IP) and only scanning mail that
comes through the "external" MTA. However, this isn't a suitable
approach for you because in a different email you said that you use
fetchmail to collect mail and then push it through your local MTA (on
localhost presumably) to get the virus/spam scanning done. So you need
the milters to run on the localhost MTA. A slight variation would be to
run another, non-scanning MTA on a different localhost address (e.g.
127.1.1.1) and have your submit.cf use that MTA.

However, to answer your original question, I have my MSP send mail out
via my MSA, not my MTA, and this is how I do it:

1. Create an AUTH user ID for the client:

  saslpasswd2 -a Sendmail -c -u <server-hostname> <msp-username>
  --> when prompted, enter the password

2. Create an authinfo database for the client to use:

  cat > /etc/mail/msp-authinfo
  AuthInfo:127.0.0.1    "U:<msp-username>" "P:secret" "M:DIGEST-MD5"
  ^D
  makemap hash msp-authinfo < msp-authinfo
  chgrp smmsp msp-authinfo*

3. Add msp-authinfo.db to the end of the "all" target in
/etc/mail/Makefile

4. Add to submit.mc:

  dnl Use the MSA with AUTH
  define(`RELAY_MAILER_ARGS', `TCP $h 587')
  FEATURE(`authinfo', `hash /etc/mail/msp-authinfo')

  these need to go before the FEATURE(`msp'... line.

5. Add to sendmail.mc:

  LOCAL_RULESETS
  SLocal_trust_auth
  R$*           $: $&{auth_authen}
  Rsmmsp        $# OK

6. Update .cf files:

  make

7. Restart sendmail

  service sendmail restart

Paul.
-- 
Paul Howarth <paul at city-fan.org>

More information about the fedora-list mailing list