Sendmail: The Fun, The Pain - Part I · 18 October 2007, 20:17
After a break of many years from writing custom sendmail rules, I had the opportunity to create some very interesting custom sendmail rules and to integrate a custom rule with our LDAP server (SunOne). After initially struggling to remember how sendmail address handling works, I had some fun.
Thank goodness for O’Reilly’s “Sendmail: The Definitive Guide” and “Sendmail Cookbook,” were it not for those books I would have spent a lot more time re-learning how text matching and replacement works with sendmail. It also took me quite a while to re-wrap my head around the sequence of parsing that sendmail does for From and To addresses. Finally, rule syntax had completely escaped me and I had to re-read parts of several chapters of both books to get back up to speed with them.
Once I spent a half a day catching up, however, I was able to implement some really interesting rules. At the client with this sendmail installation there are groups of testers that have to get mail, real users who get mail, and sysadmins who get admin messages.
The difficulty comes with the 3 development environments at this client and the testers and real users all in the same place. Rules:
- Mail addressed to any address at any dev machines (nightly mails for instance) goes to our sysadmin group
- Mail addressed to any address outside of the domain space the client owns needs to get sent to the testers as it is generated by the custom software this client produces
- Mail addressed to any real local user has to get sent to their email address
- Mail addressed to any account in our application that goes to the local domain has to be rewritten to the testers’ email boxes.
- dev machine domains – use a custom rule that removes host names from domains at any of the dev machines from the envelope recipient along with virtusertable to forward any email at those domains to the sysadmin group
- outside domains – create a custom class that includes the domains we do handle, write a custom rule that checks the recipient address domain against that list, anything that doesn’t match gets sent to the testers
- For the last two – for application users, check LDAP to see if the LHS is in our LDAP store, if it is, rewrite the email recipient so it goes to the testers. If the LHS is not in our LDAP, attempt to deliver it to the user at the local domain as it is a real user (or mailing list/alias) email.
After working pretty hard :p to get all of the custom rules working, I expected the worst from the LDAP integration but was very pleasantly surprised to find that it was well documented and writing a rule that tested against an LDAP store was really pretty easy, even with a custom LDAP search. Woot.
I also developed a small test framework to ensure that any time I make changes to my m4 sendmail configuration file I can regression test the rewriting rules to ensure that I have not broken anything. I will write about that script and post its’ contents in a future installation of this short series on sendmil.
Finally, I will also post some of the basic tenets of sendmail rules that I re-learned and some simple examples of writing custom rules that I hope will help others get started with sendmail rewriting.
— Max Schubert
SMTP AUTH debugging: nice HOW-TO · 17 August 2007, 07:08
This works on Redhat variants:
- Stop sendmail and put it in debugging mode, logging SMTP transaction output to a file.
/usr/sbin/sendmail -bD -X /tmp/test.log
- Trigger your mail action
- Stop your debug mode sendmail with Ctrl-C
- Restart sendmail in normal mode
- View the log file passed to -X to see the complete SMTP protocol-level output
— Max Schubert