Monday, May 2, 2011

Sendmail Configuration in AIX


Sendmail behaves a little differently on AIX compared to other UNIX® systems. So before beginning, I'll quickly review the basics.
To start the Sendmail daemon, use the startsrc command. For example:
# startsrc -s sendmail -a "-bd -q30m"
The –s flag specifies the subsystem to start, and the –a flag instructs startsrc to execute the subsystem with the specified arguments.
The -bd flag starts Sendmail as a daemon (running in the background) as a Simple Mail Transfer Protocol (SMTP) mail router. The –q flag specifies the interval at which the Sendmail daemon processes saved messages in the mail queue. In this example, Sendmail will process the mail queue every 30 minutes.
To start the Sendmail daemon automatically on a reboot, uncomment the following line in the /etc/rc.tcpip file:
# vi /etc/rc.tcpip
start /usr/lib/sendmail "$src_running" "-bd -q${qpi}"

Execute the following command to display the status of the Sendmail daemon:
# lssrc -s sendmail

To stop Sendmail, use stopsrc:
# stopsrc -s sendmail

The Sendmail configuration file is located in the /etc/mail/sendmail.cf file, and the Sendmail mail alias file is located in /etc/mail/aliases.
If you add an alias to the /etc/mail/aliases file, remember to rebuild the aliases database and run the sendmail command with the -bi flag or the /usr/sbin/newaliases command. This forces the Sendmail daemon to re-read the aliases file.
# sendmail –bi

To add a mail relay server (smart host) to the Sendmail configuration file, edit the /etc/mail/sendmail.cf file, modify the DS line, and refresh the daemon:
# vi /etc/mail/sendmail.cf
DSsmtpgateway.xyz.com.au
# refresh -s sendmail

To log Sendmail activity, place the following entry in the /etc/syslog.conf file, create the log file, and refresh the syslog daemon:
# grep mail /etc/syslog.conf
mail.debug  /var/log/maillog rotate time 7d files 4 compress
# touch /var/log/maillog
# refresh –s syslogd

There were two challenges that Sendmail helped me overcome. Both were requests from my corporate messaging team. They were unable to develop a solution to a mail routing problem using Exchange. I'm not sure what prevented them from providing a solution, but it gave me a chance to develop my Sendmail skills!
The messaging team asked if there was a way for the AIX system to forward mail, destined for a particular mail address, to a foreign SMTP mail server; that is, one they did not administer. However, the server was within the corporate network and isolated by a firewall. The servers "NAT'ed" IP address was contactable on the network. It was not an internet-connected host.
The second request was similar to the first. However, this time the messaging team needed to forward the mail to a different SMTP server on a different SMTP port; that is, not port 25, the default SMTP port.
To protect the innocent, I have changed the host and domain names in the examples that follow. The organisation's domain name will be known as xyz.com.au, and the remote SMTP server will be known as notus.com.au.
The first request required that mail destined for any user at notus.com.au to be redirected to the NotUs mail server. Mail would be sent from a user's desktop mail client to the following mail address: user@notus.com.au. The mail would arrive on the corporate mail server. A rule on the Exchange server would redirect the message to the AIX SMTP host (aixmta01). The Sendmail daemon, on aixmta01, would receive the message and pass it on to the notus.com.au SMTP server, where the message would finally be delivered to the user's mailbox. See Figure 1 for a diagram.
For this process to work, on the AIX server side I had to make a couple of changes to my Sendmail configuration. First, I needed to enable the mailer table rule. I placed the entries shown in Listing 1 in the /etc/mail/sendmail.cf file:

Kmailertable hash /etc/mail/mailertable.db
# not local -- try mailer table lookup
R$* <@ $+ > $*          $: < $2 > $1 < @ $2 > $3        extract host name
R< $+ . > $*            $: < $1 > $2                    strip trailing dot
R< $+ > $*              $: < $(mailertable $1 $) > $2   lookup
R< $~[ : $* > $*        $>MailerToTriple < $1 : $2 > $3         check -- resolved?
R< $+ > $*              $: $>Mailertable <$1> $2                try domain
# End of mailer table rules

A mailer table in Sendmail can be used to override routing for particular domains, which are not local host names.
Next, I created a new /etc/mail/mailertable file. This text file contained the name of the domain for which mail would be forwarded and the name of the SMTP server that would receive the mail.
notus.com.au   esmtp:[notus.com.au]

Mail to the domain notus.com.au would be forwarded to the specific SMTP host notus.com.au. The square brackets ([ ]) instructed Sendmail to ignore MX record lookups for notus.com.au and prevent "mail loops back to self" errors for this non-internet-connected and non-DNS resolvable host.
I then had to create the mailertable database (mailertable.db) using the mailertable text file I created earlier. This was accomplished with the makemap utility:
# cd /etc/mail
# makemap hash /etc/mail/mailertable  < mailertable
# ls mailertable.db
mailertable.db

I also needed to add the NotUs server into my local /etc/hosts file.
10.1.1.20      notus.com.au

Sendmail needed to be able to resolve the hostname, and this server was outside of my DNS.
After making these changes, I refreshed the Sendmail daemon (refresh –s sendmail). To verify that the mailertable entry was correct and that mail would be delivered to the correct host, I ran the following command:
$ sendmail -bv user@notus.com.au
user@notus.com.au... deliverable: mailer esmtp, host [notus.com.au],
user user@notus.com.au

The –bv flag will start Sendmail with a request to verify the user IDs provided in the Address parameter field of the command. The sendmail command will respond with a message advising which IDs can be resolved to a mailer command. It does not try to deliver the mail. You can use this mode to validate the format of user IDs, aliases, or mailing lists.
From the previous output I was able to confirm that Sendmail would redirect all mail, for any user, bound for notus.com.au to the SMTP host notus.com.au.
Reviewing the mail activity in the Sendmail log (/var/log/maillog) also confirmed that this was indeed the case.
Dec 18 12:34:54 aixmta01 sendmail[16724]: hBI1Yr315494:
to=<admin@notus.com.au>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=120998, relay=notus.com.au. [10.1.1.20], dsn=2.0.0, stat=Sent (OK)

A simple yet effective solution. It only took a few minutes to configure and test. It also cost nothing but my time to set it up.
The second request also involved forwarding mail to a specific server. However, the server that would receive the mail did not have an SMTP port listening on port 25. It had its own special port for accepting mail. Users would send a report via e-mail to an SAP system, which would then process the report. The SAP system (sapaix01) had its own SMTP server listening on port 25250. Mail had to be delivered to SAP on that port.
For some reason, the Exchange SMTP relay server was not able to establish a connection to sapaix01 on port 25250. It had to be listening on port 25. Otherwise, the messages would remain on the Exchange server mail queue as "destination unreachable." The messaging team never resolved this problem. It was up to Sendmail to save the day!
The messaging team requested the following (see Figure 2):
  1. Users will send e-mail reports to SAPRPT@xyz.com.au.
  2. Exchange would route the e-mail to SAPRPT@aixmta01, the AIX Sendmail server.
  3. The Sendmail server then routes the e-mail to SAPRPT@sapaix1.xyz.com.au on port 25250. The e-mail report is then automatically processed by SAP.
Rather than use the SAP system's actual hostname (sapaix01), I created a DNS alias named icm01. This pointed to the actual IP address of the SAP server. This helped to clearly identify traffic (in the logs) destined for the SAP systems "Internet Communication Manager" (ICM) SMTP server. I also placed entries in the /etc/hosts files for the ICM DNS alias.
# grep -p icm /etc/hosts
10.1.1.22  icm01.xyz.com.au

Again, I could use the Sendmail mailertable entry here, but I also needed a way to handle the unusual SMTP port.
I created a new mailer definition in the /etc/mail/mailertable file and updated the mailertable database, just as I did before, with the makemap utility.
# grep 25250 /etc/mail/mailertable
icm01.xyz.com.au esmtp25250:[sapaix01.xyz.com.au]

This specified that mail destined for icm01.xyz.com.au would be redirected to SMTP host sapaix01.xyz.com.au via esmtp25250.
In the /etc/mail/sendmail.cf file I created a new entry that mapped a new SMTP port identity named esmtp25250. This Mesmtp entry specified that if esmtp25250 was called from the mailertable definition, then the associated port would be used when delivering the mail, that is, sapaix01.xyz.com.au:25250.
# grep 25250 /etc/mail/sendmail.cf
Mesmtp25250,    P=[IPC], F=mDFMuXa, S=EnvFromSMTP/HdrFromSMTP,
R=EnvToSMTP/HdrFromSMTP, E=\r\n, L=990,
A=TCP $h 25250

There was also an entry in the /etc/mail/aliases file that instructed Sendmail to send any mail for the "user" SAPRPT to the icm01.xyz.com.au host.
# grep –p SAPRPT /etc/mail/aliases
SAPRPT: @icm01.xyz.com.au

To verify that the mailertable and aliases would direct mail to the correct user, host, and port, I ran the sendmail command with the -bv flag:
# sendmail -bv SAPRPT
SAPRPT@icm01.xyz.com.au... deliverable: mailer esmtp25250, host
[sapaix01.xyz.com.au], user SAPRPT@icm01.xyz.com.au

This confirmed that mail sent to SAPRPT@icm01.xyz.com.au would be redirected to sapaix01.xyz.com.au on SMTP port 25250. Sendmail activity, in /var/log/maillog, also confirmed that mail was being successfully delivered to sapaix01 on port 25250.
Aug  9 20:02:59 aixmta01 mail:info sendmail[299822]: k79K2xh299822:
from=<Chris.Gibson@xyz.com.au>, size=1384, class=0, nrcpts=1,
msgid=<E45223DDBB33774EA13C993829A75AA504B203E5@EXCHANGE.xyz.com.au>,
proto=ESMTP, daemon=MTA, relay=exchange.xyz.com.au [10.1.1.24]
 
Aug  9 20:03:00 aixmta01 mail:info sendmail[68896]: k79K2xh299822:
to=SAPRPT@icm01.xyz.com.au, delay=00:00:01, xdelay=00:00:01,
mailer=esmtp25250, pri=31582, relay=sapaix01.xyz.com.au. [10.1.1.22],
dsn=2.0.0, stat=Sent (OK)

1 comment:

  1. Thats so good. can you please share me the procedure to configure mailx on AIX

    ReplyDelete