Operating System - HP-UX
1839249 Members
1936 Online
110137 Solutions
New Discussion

Re: More then 1 domain on sendmail ..

 
SOLVED
Go to solution
someone_4
Honored Contributor

More then 1 domain on sendmail ..

Good morning out there in HP land!
Here I am again with more sendmail questions.
I would like to know if sendmail can host more then 1 domain.
And how would I go about doing that?
I am using sendmail 8.9.3.

Thanks

 

 

 

 P.S.This thread has been moved from HP-UX>System Administration to HP-UX > messaging-HP Forums Moderator

23 REPLIES 23
Berlene Herren
Honored Contributor

Re: More then 1 domain on sendmail ..

You can try using domaintables..

The domaintable feature is currently not documented in sendmail.cf shipped by HP. Nevertheless, the config file has been build with the FEATURE(domaintable) and has all needed rulesets. If you want to use the domaintable you need to

Enable the mailertable lookup by removing the comment in the line following
# Domain table (adding domains)

Remove the comments in the lines belonging to the comment in ruleset 96
# look up domains in the domain table

Create an external database containing the transition information for domains, eg /etc/mail/domaintable.txt and build the database with
makemap hash /etc/mail/domaintable < /etc/mail/domaintable.txt>

A domaintable can temporarily be used when trasitioning from an old domain to a new one. The domaintable enables transitions to operate smoothly by rewriting the old domain to the new. An example input file might look as follows:
my.old.domain my.new.domain

The use of the domaintable should be limited to your own domains. The LHS of each line is a domain name or one of possibly many fully qualified hostnames and the RHS is the new domain name or one of your local hostnames. Anything in domain tables is reflected into headers as the lookup is called in ruleset 3 via ruleset 96.
There are two other database lookups introduced with sendmail 8.8:

GenericsTable to transform sender addresses.
Looks up every sender in the database if enabled. Changes the sender part of the header.
VirtUserTable for virtual domains.
This is again a hook into ruleset 0 and only reroutes delivery but does not change headers.

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
Dave Kelly_1
Respected Contributor
Solution

Re: More then 1 domain on sendmail ..

You can configure sendmail to be more than 1 domain by editing the file

/etc/mail/sendmail.cw

This file contains a list of all the names that this machine is known by. Obviously, your DNS records will need to point both domains to this machine.

The only drawback to this method is that you can't masquerade as separate domains, i.e. if you have masquerading configured then *all* mail from this machine will have the same domain name, unless you start configuring userdb (see section 33.5 of O'Reilly). Also, you cannot have duplicate names in separate domains, i.e. john.smith@domain1.com and john.smith@domain2.com are not allowed.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

The reason you cannot have duplicate names in separate domains, i.e. john.smith@domain1.com and john.smith@domain2.com are not allowed.
Would that be because sendmail does not know who goes where? If we have user john.smith
and his email file under /var/mail/john.smith
sendmail knows to get that file for that user regardless of the domain is this thought right?
Would if I edit the sendmail.cw file would I have to add an entry to etc/hosts? Can more then 1 domain work of one IP address? What is the limit of domains?
Dave Kelly_1
Respected Contributor

Re: More then 1 domain on sendmail ..

I don't know the limit to the number of domains.

The reason why you can't have duplicates is because when sendmail receives a message for john.smith@domain1.com or john.smith@domain2.com, it refers to /etc/mail/sendmail.cw and finds that the machine is known as either one of those names. This means that as far it is concerned, the address must be local and so the domain is stripped off and the address just becomes john.smith.

As long as your DNS records state that the machine is known as both names, you will be OK.
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

For multidomain configs, we use sendmail.cw. It's reasonably scaleable-we've got well over 900 domains in our sendmail.cw table.

Don't forget to enable sendmail.cw in sendmail.cf:
# file containing names of hosts for which we receive email
Fw/etc/mail/sendmail.cw

I'm not sure it's enabled by default.

To get duplicate accounts to work
e.g.
joe@domain1.com
joe@domain2.com

use /etc/mail/virtusertable

it maps e-mail addresses to local or non-local accounts.
Don't forget to enable it in sendmail.cf:
# Virtual user table (maps incoming users)
Kvirtuser dbm /etc/mail/virtusertable

The virtusertable is a dbm style hash table. The entries are formatted like
username@domain.com localaccount
yourname@domain.com someotheraccount@aol.com

To build the dbm style database use
/usr/sbin/makemap dbm /etc/mail/virtusertable < /etc/mail/virtusertable

Buy the BAT book (sendmail by Costales w/ Allman)
it's essential.

http://www.sendmail.org
and
nntp://comp.mail.sendmail
are also extremely valuable.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

Is all this done with 1 IP ???
Or for 900 domains do you have 900 IPs?
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

re: 1 IP or many IPs

You can use one IP or many IPs. In our case, we use one IP as a mail exchanger for 900+ domains.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

Ok .. so what I would do is point
each domain in DNS to the same IP. And just edit my .cw file.
hmm ok ill give it a try
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

How secure is 900 domains on 1 ip ?
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

No more or less secure than 1 domain on 1 IP given that the host is initially secure.

Most of the our mail problems on the general Internet are caused by our customers who violate our AUP and send SPAM, or SPAM/UCE sent by folks on the Internet at large to our mail servers.

We've actually been able to use sendmail to help with security if you can believe that. You can configure sendmail to filter well known viruses based on e-mail subject, to address, from address, etc.
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

BTW, in sendmail.cf, there's some other commented rulesets for virtuser:

Uncomment the following:
SParse1
# handle virtual users
R$+ < @ $=w . > $: < $(virtuser $1 @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
R<@> $+ + $* < @ $* . >
$: < $(virtuser $1 + * @ $3 $@ $1 $: @ $) > $1 + $2 < @
$3 . >
R<@> $+ + $* < @ $* . >
$: < $(virtuser $1 @ $3 $@ $1 $: @ $) > $1 + $2 < @ $3 .
>
R<@> $+ < @ $+ . > $: < $(virtuser @ $2 $@ $1 $: @ $) > $1 < @ $2 . >
R<@> $+ $: $1
R< error : $- $+ > $* $#error $@ $( dequote $1 $) $: $2
R< $+ > $+ < @ $+ > $: $>97 $1
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

What about passwords for the users?
I have it set up in the .cw file and it works.
But my users and passwords are in the actull unix box that I added though sam. Where do you have your usernames and passwords stored that sendmail reads and lets the user get that mail file. user1@thisdomain.com and user1@thatdomain.com have 2 differnt passwords. Where are the passwords stored?
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

In /etc/mail/virtusertable

case 1
joe@joe.com joe
joe is a valid unix account on localhost.

case 2
fred@fred.com fred@mailhandler.fred.com
fred is now either a valid entry on the host mailhandler.fred.com or it's another virtusertable entry on the host mailhandler.fred.com.
Dave Kelly_1
Respected Contributor

Re: More then 1 domain on sendmail ..

Looking back at your previous messages in the forum, it looks like you want your users to retrieve their messages using a client like Outlook Express.

If this is the case, you obviously have a POP3 daemon running on the mail server. HP, as standard, does not supply a POP3 daemon.

Passwords to mailboxes are handled by the POP3 daemon so I would consult your documentation to see if multiple domains can be handled. If they can, they are likely to indicate how they need messages to be stored.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

yes I am using an outlook client.
and I am running pop3 qpoppper.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

I got this working ..2 domains on 1 mail server. And getting emails from outlook.
But it seems to me that we are assumming that
user@domain1.net does not know he can get his mail from user@domain2.net too .
Dave Kelly_1
Respected Contributor

Re: More then 1 domain on sendmail ..

That is correct. Unless qpopper has any documentation for this, there is nothing that sendmail can do.
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

Here's your POP3 config:
POP account:
username@validaddressforpophost.com

This address must look up and return an A record:
# nslookup validaddressforpophost.com
A.B.C.D

SMTP:
validaddressforsmtphost.com
This address must look up and return an A record:
# nslookup validaddressforsmtphost.com
A.B.C.D

REPLY TO:
you@vanitydomain.com
vanitydomain.com should have an MX record that points to validaddressforsmtphost.com

Feel free to add all the vanity you want for POP host and SMTP host. It adds to configuration, but it's perfectly acceptable if not preferable.

The only thing you really need is the vanity replyto address in the POP3 client.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

Ok ,
from all I have read and that we have talked about today. As of right now. I have
mydomain1.com and mydomain2.com both going to the same sendmail server both going to 1 IP. I added the 2nd domain in the .cw file. And everything works now. But the issue that I am still at a loss of is to have 2 users with the same username but differnt domains get and send emails. But this is step one in my quest to get where I am.
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

When dealing with the virt stuff, it's important to distinguish between Unix accounts and e-mail accounts

- in general, expect Unix accounts to be unique
- e-mail accounts are unique with a domain

Thus, in the virtusertable
joe@domain1.com joe
says deliver mail bound for joe@domain1.com to the local Unix account joe. The POP account used to check joe@domain1.com is the same as the Unix account (joe).

joe@domain2.com fred
says delvier mail bound for joe@domain2.com to the local Unix account fred. The POP account for used to check joe@domain2.com is the same as the Unix account (fred).

For the purposes of this discussion, Unix accounts fred and joe must be unique on a given host. E-mail accounts
joe@domain1.com
and
joe@domain2.com
must be unique within the domain.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

Yes that is right. After playing with it I came to that conclusion. But I still cant get virtusertable to work
Christopher Caldwell
Honored Contributor

Re: More then 1 domain on sendmail ..

To get virtusertable to work ...

There are two rulesets referenced in earlier posts. You must uncomment both. It suffices to say that if you edit sendmail.cf and search for virt, you'll find it (and associated rulesets) in two distinctly different places in sendmail.cf. Uncomment all of the stuff associated with virt. Restart sendmail.

Make a file called virtusertable in /etc/mail (watch permissions or sendmail will complain). In the file,
I put
e-mail@addr.com [tab][tab]destination

Use the makemap command referenced earlier to build the database. (Again, watch perms).

It should work then.

To T/S - look at /var/adm/syslog/mail.log to see if sendmail is fussing about perms or configurations.
Make sure the MX/DNS stuff works correctly on the local host using nslookup.
someone_4
Honored Contributor

Re: More then 1 domain on sendmail ..

That was it .. it was a premissions problem on the virtusertbale.