19.5 A Simple Mail Cluster Configuration

Previous page
Table of content
Next page
     

The idea of this simple configuration is to utilize a file distribution facility such as NFS to allow us to centralize all user mailboxes onto what we now call the mail hub . We don't want users to have to log in to the mail hub to read their email. With a tweak of the sendmail configuration, we can ensure that users can access their mailboxes as if they were local, as well as forwarding outgoing email onto the mail hub. The other advantage of this configuration is that the client machines will not be running a sendmail daemon continuously, a benefit as far as security is concerned (it's one less daemon for a hacker to attack). Here is a summary of the steps required:

  1. Set up the mail hub as the host to accept local delivery of all email for all mail clients .

  2. Ensure that all usernames are configured on the mail hub.

  3. Ensure that all client machines have access to the /var/mail directory.

  4. Configure clients to forward all mail to our mail hub.

  5. Configure clients to mount the /var/mail directory from the mail hub.

  6. Test sending an email to another user.

We go through each of these tasks in turn .

19.5.1 Set up the mail hub as the host to accept local delivery of all email for all mail clients

Previously, when an email arrived for a specific user at a particular machine in our domain, the mail server would forward that email to the respective host. This is all going to change. When an email arrives for any machine in our domain, we need to ensure that the email is stored locally on the mail hub. This can be quite a daunting task if you have a large number of machines. We need to configure the w class on the sendmail server to recognize other hostnames as being local to this server. This can be accomplished in one of two places in the sendmail.cf file: 

 

 root@hpeos004[mail]  pwd  /etc/mail root@hpeos004[mail]  vi sendmail.cf  ... ################## #   local info   # ##################  Cwlocalhost  # file containing names of hosts for which we receive email  Fw/etc/mail/sendmail.cw  ... root@hpeos004[mail]

The simple class Cw is a list of hostnames that this machines will treat as being local; this means we could simply add additional hostnames on this line. When we have only a few machines in our NFS mail cluster, this might be enough. Beyond a handful of machines, this becomes cumbersome. We will use the file class Fw , which allows us to add hostnames to the file /etc/mail/sendmail.cw . We will add an FQDN (and an alias if we like) for all hosts in our mail domain. If this server is acting as the mail server for our entire domain, this will include hostnames for the maabof.com domain. (In reality, if we delegated a domain for ease of administration, we would also have separate mail servers as well.) As mentioned, this can be a daunting task if we have lots of machines in our network. I suppose it would be easiest to use the information from the /etc/hosts file on our DNS master server to update the sendmail.cw file. It so happens that my mail server is the DNS server for the domain hq.maabof.com . Here's the command I used to update the sendmail.cw file using /etc/hosts as my source file: 

 

 root@hpeos003[mail]  awk ' ~ /^[0-9]/ {  >  print  >  if ( substr(,1) != "#" ) { print  }  >  }' /etc/hosts >> /etc/mail/sendmail.cw  root@hpeos003[mail]

This gives me the FQDN and a single alias if it exists for each host in my /etc/hosts file. I asked the DNS master server for the same information for the maabof.com domain: 

 

 root@hpeos003[mail]  more sendmail.cw.maabof  hpeos002.maabof.com hpeos002 hpeos004.maabof.com hpeos004 hpeos004.maabof.com hpeos004 ckpc2.maabof.com ckpc2 ckhome1.maabof.com ckhome1 ntpdc1.maabof.com ntpdc1 frog001.maabof.com frog001 frog002.maabof.com frog002 frog003.maabof.com frog003 frog004.maabof.com frog004 frog005.maabof.com frog005 frog006.maabof.com root@hpeos003[mail]

I concatenated these files together to give me my final sendmail.cw file. I will need to instigate a process whereby if a new host is added to the DNS server and that host is participating in our NFS mail cluster, the hostname is added to this sendmail.cw file.

19.5.2 Ensure that all usernames are configured on the mail server

We need to establish mailboxes for all users on our network. To achieve this, we need an entry in /etc/passwd for every user in our network. We also need to ensure that the user IDs match those on each individual machine on the network; in other words, fred : uid = 105 must be the same on the mail server as on fred 's own workstation. We need to undertake this task whenever we use NFS to share files. This can be a considerable task when you have a large number of users involved.

19.5.3 Ensure that all client machines have access to the /var/mail directory

We need to export the /var/mail directory from our mail hub using NFS. This in itself is not that difficult; however, we should note that this directory is going to store the emails for all users in the network. It might be a good idea to create this directory as a separate logical volume. You will need to ensure that you save all current mailboxes before mounting the filesystem: 

 

 root@hpeos003[]  bdf /var/mail  Filesystem          kbytes    used   avail %used Mounted on /dev/vg00/lvol9    1024000    1357  958735    0% /var/mail root@hpeos003[]

You need to ensure that the permissions allow the mail group to create files in this directory: 

 

 root@hpeos003[mail]  ll -d /var/mail  drwxr-xr-x   3 root       root            96 Oct 24 13:41 /var/mail root@hpeos003[mail]  chgrp mail /var/mail  root@hpeos003[mail]  chmod g+w /var/mail  root@hpeos003[mail]  ll -d /var/mail  drwxrwxr-x   3 root       mail            96 Oct 24 13:41 /var/mail

The interesting part of this configuration is the need to give NFS-root access to some machines. Where we manage a number of machines on the network, we may want to give them root access in order to centralize the email for the root user as well. If we don't do this, root will be known as the nobody user, and mail will come and go under that username. Again, when we have a number of machines, this can become a considerable task. Here's my /etc/exports file, which gives access to all member of the hq.maabof.com and maabof.com domains, with root access to three machines: 

 

 root@hpeos003[]  cat /etc/exports  /var/mail -access=.hq.maabof.com:.maabof.com,root=hpeos001:hpeos002:hpeos004.maabof.com root@hpeos003[]

Obviously, you could use /etc/ netgroups as well.

19.5.4 Configure clients to forward all mail to our mail server (hub)

We need to configure each client to forward email to the mail server hub. There are two parts to this. First, we don't really need to have each client constantly running the sendmail daemon. On these machines, we can configure the sendmail startup configuration file to not run the daemon but only run the sendmail program to forward email to our mail hub. This is accomplished in the startup configuration file /etc/rc.config.d/mailservs : 

 

 root@hpeos004[]  vi /etc/rc.config.d/mailservs  ######################################### # Mail configuration.  See sendmail(1m) # ######################################### # # @(#)B.11.11_LR # #  BSD's popular message handling system # # SENDMAIL_SERVER:      Set to 1 if this is a mail server and should #                       run the sendmail deamon. # SENDMAIL_SERVER_NAME: If this is not a mail server, but a client being #                       served by another system, then set this variable #                       to the name of the mail server system name so that #                       site hiding can be performed. # SENDMAIL_SERVER=   export SENDMAIL_SERVER_NAME=  hpeos003.hq.maabof.com  root@hpeos004[]

Next, we configure the sendmail.cf file to masquerade emails as if they came from either the mail hub itself or, as we did on the mail hub earlier, we could masquerade the From line to look like the email came from maabof.com. We also set up the DH macro to inform the sendmail to forward email to the mail hub. 

 

 root@hpeos004[mail]  pwd  /etc/mail root@hpeos004[mail]  vi sendmail.cf  ... # who gets all local email traffic ($R has precedence for unqualified names)  DHhpeos003.hq.maabof.com  # dequoting map Kdequote dequote # class E: names that should be exposed as from this host, even if we masquerade # class L: names that should be delivered locally, even if we have a relay # class M: domains that should be converted to $M # class N: domains that should not be converted to $M #CL root CEroot C{TrustAuthMech}GSSAPI DIGEST-MD5 # who I masquerade as (null for no masquerading) (see also $=M)  DMmaabof.com  # my name for error messages DnMAILER-DAEMON CPREDIRECT ... ################################################################### ###  Ruleset 94 -- convert envelope names to masqueraded form   ### ################################################################### S94 R$+                     $@ $>93  R$* < @ *LOCAL* > $*   $:  < @ $j . >  ... root@hpeos004[mail]

I have included enabling Ruleset 94 for those of you with earlier versions of sendmail . We are now ready to restart our sendmail daemon: 

 

 root@hpeos004[mail]  killsm  Sendmail pid is 1152 Killing sendmail... Sendmail killed. root@hpeos004[mail] root@hpeos004[mail]  /sbin/init.d/sendmail start  hpeos003.hq.maabof.com root@hpeos004[mail]  ps -ef  grep send  root@hpeos004[mail]

As you can see, at startup it is telling me the name of my mail hub. You can also see that the sendmail daemon is no longer running. It will run whenever we need to forward an email to the mail hub.

19.5.5 Configure clients to mount the /var/mail directory from the mail server

This should be simple and straightforward. It's worth checking that we do have root access where we expect it: 

 

 root@hpeos004[mail]  showmount -e hpeos003.hq.maabof.com  export list for hpeos003.hq.maabof.com: /var/mail .hq.maabof.com,.maabof.com root@hpeos004[mail]  mount hpeos003.maabof.com:/var/mail /var/mail  root@hpeos004[mail]  cd /var/mail  root@hpeos004[mail]  ll  total 0 drwxr-xr-x   2 root       root            96 Oct 24 13:24 lost+found root@hpeos004[mail]  touch me  root@hpeos004[mail]  ll  total 0 drwxr-xr-x   2 root       root            96 Oct 24 13:24 lost+found -rw-rw-r--   1 root       sys              0 Oct 24 13:41 me root@hpeos004[mail]  rm me  root@hpeos004[mail]

Obviously, you would set up an appropriate entry in /etc/fstab .

19.5.6 Test sending an email to another user

We will test this using fred and barney on separate machines. 

 

 fred@hpeos004[fred] $  mail barney@hpeos002   Hi barney,   Fancy a beer ???   Fred  fred@hpeos004[fred] $

We should be able to track this message being relayed to our mail hub: 

 

 root@hpeos004[mail]  more /var/adm/syslog/mail.log  ... Oct 24 14:01:59 hpeos004 sendmail[3034]: h9OD1x503034:   from=fre   d, size=36, class=0, nrcpts=1, msgid=<200310241301.h9OD1x503034@hpeos004.maabof.com>, relay=fred@localhost Oct 24 14:02:00 hpeos004 sendmail[3036]: h9OD1x503034: to=   barney@hpeos002   , ctladdr=fred (109/20), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120036,   relay=hpeos003.hq.maabof.com   . [192.168.0.65], dsn=2.0.0, stat=Sent (h9OD1xU03275   Message accepted for delivery   ) root@hpeos004[mail]

On the mail hub the email should have arrived and be ready to be picked up by barney : 

 

 root@hpeos003[mail]  ll /var/mail  total 2 -rw-rw----   1 barney     mail           607 Oct 24 14:02 barney drwxr-xr-x   2 root       root            96 Oct 24 13:24 lost+found root@hpeos003[mail]

When barney reads this message it should be masqueraded as coming from maabof.com: 

 

 barney@hpeos002[barney] $  mailx  mailx Revision: 1.179.214.2    Date: 98/12/01 01:29:55    Type ? for help. "/var/mail/barney": 1 message 1 new >N  1   fred@maabof.com   Fri Oct 24 14:02   18/607 ?  1  Message  1: From fred@maabof.com Fri Oct 24 14:02:00 BST 2003 Received: from hpeos004.maabof.com (hpeos004.maabof.com [192.168.0.66])         by hpeos003.hq.maabof.com (8.11.1 (Revision 1.5) /8.9.3) with ESMTP id h9OD1xU03275         for <barney@hpeos002.maabof.com>; Fri, 24 Oct 2003 14:01:59 +0100 (BST) Received: (from fred@localhost)         by hpeos004.maabof.com (8.11.1 (Revision 1.5) /8.9.3) id h9OD1x503034         for barney@hpeos002; Fri, 24 Oct 2003 14:01:59 +0100 (BST) Date: Fri, 24 Oct 2003 14:01:59 +0100 (BST) From: fred@maabof.com Message-Id: <200310241301.h9OD1x503034@hpeos004.maabof.com> Status: R Hi barney, Fancy a beer ??? Fred ?  d  ?  q  barney@hpeos002[barney] $

This all appears to be working well.

19.5.7 Conclusions on a simple mail cluster configuration

This section dealt with setting up what is considered an NFS mail cluster. As the number of users and machines increases , this solution starts to become cumbersome. At that point (beyond a team of approximately 20 machines), I would start looking at commercial email software. However, this has shown us sendmail working as a routing and delivery agent, and it works well.


Previous page
Table of content
Next page
HP-UX CSE(c) Official Study Guide and Desk Reference
HP-UX CSE(c) Official Study Guide and Desk Reference
ISBN: N/A
EAN: N/A
Year: 2006
Pages: 434
BUY ON AMAZON
Project Management JumpStart
Building Web Applications with UML (2nd Edition)
The Complete Cisco VPN Configuration Guide
Visual C# 2005 How to Program (2nd Edition)
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Special Edition Using Crystal Reports 10
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy