how to write a Scalilx-conform sendmail.mc (not cf)

[Jens]

The under the title SpamAssassin integration technote specified description is working or explaining the Spam-Assassin Integration only with the sendmail.cf.
I would really like to avoid working with this file, because it's too dangerous.

Therefore the first question:
Where can I find a full description regarding the necessary definition of the sendmail.cf file which fulfils the Scalix needs?
In another thread you say it's only

Code: Select all

DSsmartmail.smarthostserver.com'

and to use the access.db. This didn't work for me, therefore I created a seperate auth-file, see esp. the three seperated lines of my sendmail.mc below.

The original sendmail.cf which was created during the installation works, yes!
But because of the complexity this would hinder me to make any changes in the future (who knows what is necessary?).

Therefore only to change the sendmail.mc-file would be 100% the better way.
But this does not working (e.g. after upgrading) because – as far as I understood – there is not a Scalix created sendmail.mc base file, isn’t it?

After the complete upgrade of a Fedora Core 4 installation I was trying to work with the M4 file to integrate a smarthost with authentication.
This should not be a problem because there are only some lines and an additional client-authentification-db-file.
But this fails also, because it will produce a mismatch of the working .cf-file and the content of the .mc-file.

So therefore my urgend second question:
Where can I find a full description regarding a sendmail.mc file with Scalix/Spamassassin-support, e.g. as an example-file or (as you support FC4 a special file for this OS)?

Please have a look at the existing mc-file.

Code: Select all

divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
define(`SMART_HOST',`mail.smarthostserver.com')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash /etc/mail/client-auth/client-info')dnl
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl


Of course there are NO Scalix-parts. Can you advise me what I should change (to have Scalix as MTA/MUA and integrated Spamassassin/Procmail)? I hope it is not necessary to change Fetchmail too because it delivers only to the local user.
I would like to build the cf-file with M4 via the mc-filefrom the scratch (if this is possible).

[btisdall]

The under the title SpamAssassin integration technote specified description is working or explaining the Spam-Assassin Integration only with the sendmail.cf.
I would really like to avoid working with this file, because it's too dangerous.

I was a sendmail virgin when I started working with Scalix & one the first things you learn is that working directly with sendmail.cf isn't considered best practice - I think it would be a good idea if the tech note for SA was updated to reflect this.

I don't usually use spamass-milter (see my HOWTO in the CE wiki if you're interested in using amavisd though) but as a very quick test adding the following lines to my sendmail.mc:

Code: Select all

define(`_FFR_MILTER', 1)dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl

And then rebuilding sendmail.cf seemed to have spamass-milter working perfectly well (comments?)

As far as the scalix additions to sendmail.cf are concerned, these are inserted by the command

Code: Select all

omsendin

Which should be run after every sendmail.cf rebuild. I think you can be confident that this process has been tested to a very high standard & won't fsck your sendmail config.

Regarding procmail, I believe I'm right in saying that standard UNIX MDAs aren't compatible with Scalix as it does its own local delivery in a proprietary manner. You don't need procmail with spamass-milter though.

Fetchmail should integrate easily since as far as sendmail is concerned it's just another connecting MTA.

HTH

[kanderson]

The DSsmartmail.smarthost.com line specifies a smarthost. So that if you want email to ALWAYS go through a single server, you'd modify that line appropriately.

This basically says send outbound email to smartmail.smarthost.com to be relayed to the outside world. In the event that your organization has 10 servers spread across the country, this would mean that all outbound email would be sent through 1 main corporate server. The advantage of this is that it would appear to come from the mail server defined if the company's MX record, and therefore not immediately score higher on spam tests.

omsendin adds the lines neccessary to check a message through Scalix. If you type
cat /path/to/sendmail.cf | grep -i scalix
You'll see the lines. There are 6 or 8 of 'em (from memory).

Kev.

[Jens]

Greetings from Berlin.
Yes, I am very appreciating this answer.
It gives me a better understanding.

Sometimes I feel lost in the inconsistence of the different docs.
My aim is only to make Scalix run!
But it's (beside the fast basic installation) not really easy.

To clarify: Even in a multi-domain environment it's not necessary to use Procmail?
Fine, this prevents me from other possible faults.

By the way in the meanwhile I (unwillingly) tried to change the original cf and it works.
The last step now is only to create the correct integration of Spamassassin (local.cf) which currently didn't work. But then I should have the most important work done :-)))
At least I hope so.

Jens

@kanderson
just in this moment you wrote your message and you are right:
This is the reason why I want to use an external smarthost (because of dynamic IP).
It's a mail provider, but he needs smtp auth, which is now in place.

[ScalixSupport]

Greetings from Berlin.
Yes, I am very appreciating this answer.
It gives me a better understanding.

Sometimes I feel lost in the inconsistence of the different docs.
My aim is only to make Scalix run!
But it's (beside the fast basic installation) not really easy.

Please can you detail where you believe the docs to be inconsistent ?

Cheers

Dave

[Jens]

There are some examples.
This thread (or problem) is one of those. It would be very easy if it would be written in the technical documentation, nobody would claim a lack of documentation.
And it would be easy for the skilled person too (esp. if this is not a atypical question).
Or what about the necessity of reverse DNS. Why the manual tells me it is an absolute must but it isn't?
Or where I can find a detailed illustrated basic overview about the interaction of the different LINUX parts and your MTA?
There are some other smaller detail, which I can't tell exact.

But please note.
I know your position may be different, but if you want to sell this solution into the market then you have to prepare yourself that the most prospects and user (or as an perfect example a comunity-user / which is mostly an single person without a big IT departement) do not have the deep LINUX knowledge. There are some (esp. bigger companies/authorities), but I don't believe that this is the majority. Correct me if I am wrong.

And it is (even if you have the manual) hard work to create a typical environment, which means e.g.
- different domains
- Spam-Filter Integration
- externer mail hoster (smarthost)
- different rules
- best tomcat integration

For me the forum was more important then the manual, which I have particular read (esp. if you are looking for something). But it should completely vice versa.
Or there should be a step by step guidance.
I hope I were able to clarify my thoughts (but do not claim in every word the truths).

The product may be really well developed (that's the reason why I am try) and very flexible, but the user (or the most as I can assume/see in this forum) are not.
:-)