Multiple domain name support

Hi All:

I am working with sendmail 8.13 on a CentOS 4.5 Linux system. I need
to make some configuration changes and I have been having problems
with determining the correct terminology in order to do the neccessary
research into how to implement the change we want. If someone code
review the following and provide me with the correct terminalogy
(and possibly even links to reference sites?) I would be greatly
appreciative.

Currently our internal mail is handled by sendmail 8.13 running on
one of our CentOS 4.5 boxes. Every email user has a corresponding
Linux UserId on this box. Additional email addresses have been
implemented using aliases to one (or more) "real" users. We also
have three separate domain names (doma.com, domb.com and domc.com)
and sendmail is configure to process all three using the Fw param
and the contents of the local-host-names file.

This has worked well until recently. It seems that changes to the
Hotmail.com spam filters have now started filtering our email and
not delivering it to the intended recipient. I beleive that any
mail we send out with a "user1@domc.com" will have problems when
communicating to Hotmail.com as it will appear to be coming from
"server1@doma.com" not from "domc.com".

I suspect that what I need to do is setup three "virtual" domains
on three separate IP addresses on the current mail server. I am
reasonably sure that this will work to some extent as is this not
what ISPs do when they host thier client smail servers? I am
just not sure of the exact terminology. Can some one advise if
I am on the right path and provide some pointers or am I just
talking out of my hat.

TIA

Regards, Hugh

Re: Multiple domain name support

hec wrote:
> I suspect that what I need to do is setup three "virtual" domains
> on three separate IP addresses on the current mail server. I am

It's not trivial -if at all possible- to force sendmail to use
the "right" interface/ip-number for outbound messages.

You are talking now about three domains; a manageable number.
This will certainly not scale to an arbitrary large number of
domains. Although you probably never want to use huge numbers of
domains the ability to scale is an indication of the quality
of a solution. If you can't scale it up it's probably just a
workaround instead of a solution for the problem.

> reasonably sure that this will work to some extent as is this not
> what ISPs do when they host thier client smail servers? I am
> just not sure of the exact terminology. Can some one advise if
> I am on the right path and provide some pointers or am I just
> talking out of my hat.

What you want/need to do is publish in DNS which servers are
allowed to send outbound email messages on behalf of your domains.
As always, there are several standards to choose from. Start
googleing for "SPF" and for Microsoft's implementation
"Sender ID".

Regards,

Kees.

--
Kees Theunissen

Re: Multiple domain name support

Kees Theunissen wrote:
> hec wrote:
> > I suspect that what I need to do is setup three "virtual" domains
> > on three separate IP addresses on the current mail server. I am
>
> It's not trivial -if at all possible- to force sendmail to use
> the "right" interface/ip-number for outbound messages.

It is possible with some limited success. For incoming messages, it's
possible to bind them to the inbound IP address (and yes, each domain
will need its own IP address for this). Messages that are then
forwarded to other places will be sent with that same IP address as
the outbound source. This is done with the "b" modifier in the
DAEMON_OPTIONS() statement in the "m4" file one uses to generate
sendmail.cf.

However, I have noted one problem with this - which I have posted
previously, but I don't think our sendmail staff picked up on it: If
the server operates both IPv4 and IPv6, binding to the address also
binds to the address family. This can be a problem for a message
being forwarded to an IPv4 only host that came in via IPv6. Such a
message gets stuck in the queue as it has nowhere to go via IPv6.
It's not bounced immediately ("no route" error) - it just stays
there. (I never left one in there long enough to time out - so maybe
it does eventually get returned tot he sender.)

I think that there needs to be a new modifier that binds a message to
the hostname it arrived on, regardless of IP address. If the host is
set up properly to use the same hostname on IPv4 and IPv6 forward and
reverse DNS lookups, then the above problem can be avoided.

> You are talking now about three domains; a manageable number.
> This will certainly not scale to an arbitrary large number of
> domains. Although you probably never want to use huge numbers of
> domains the ability to scale is an indication of the quality
> of a solution. If you can't scale it up it's probably just a
> workaround instead of a solution for the problem.

And if each of these domains has SSL'ed web servers, you will already
be using separate IPs (one each) for them anyway....

Re: Multiple domain name support

- wrote:
> Kees Theunissen wrote:
>> hec wrote:
>>> I suspect that what I need to do is setup three "virtual" domains
>>> on three separate IP addresses on the current mail server. I am
>> It's not trivial -if at all possible- to force sendmail to use
>> the "right" interface/ip-number for outbound messages.
>
> It is possible with some limited success. For incoming messages, it's
> possible to bind them to the inbound IP address (and yes, each domain
> will need its own IP address for this). Messages that are then
> forwarded to other places will be sent with that same IP address as
> the outbound source. This is done with the "b" modifier in the
> DAEMON_OPTIONS() statement in the "m4" file one uses to generate
> sendmail.cf.

A big problem is to make make sure that incoming messages will arrive
at the proper IP number. This means that for instance I can't use
the mail server as 'smarthost' anymore on my linux workstation.
Instead of using a single smarthost I would need to relay to different
mail relays depending on the sender address.
You'll need to reconfigure all systems that relay through the server
when you add or remove a domain.

> However, I have noted one problem with this - which I have posted
> previously, but I don't think our sendmail staff picked up on it: If
> the server operates both IPv4 and IPv6, binding to the address also
> binds to the address family. This can be a problem for a message
> being forwarded to an IPv4 only host that came in via IPv6. Such a
> message gets stuck in the queue as it has nowhere to go via IPv6.
> It's not bounced immediately ("no route" error) - it just stays
> there. (I never left one in there long enough to time out - so maybe
> it does eventually get returned tot he sender.)

I've seen similar problems mentioned on this newsgroup with local
generated messages that are submitted to 127.0.0.1

> I think that there needs to be a new modifier that binds a message to
> the hostname it arrived on, regardless of IP address. If the host is
> set up properly to use the same hostname on IPv4 and IPv6 forward and
> reverse DNS lookups, then the above problem can be avoided.
>
>> You are talking now about three domains; a manageable number.
>> This will certainly not scale to an arbitrary large number of
>> domains. Although you probably never want to use huge numbers of
>> domains the ability to scale is an indication of the quality
>> of a solution. If you can't scale it up it's probably just a
>> workaround instead of a solution for the problem.
>
> And if each of these domains has SSL'ed web servers, you will already
> be using separate IPs (one each) for them anyway....

The web server is not necessary also the outbound mail server.

Regards,

Kees.

--
Kees Theunissen.

Re: Multiple domain name support

"-" wrote in message
news:1188373853.124785.98700@m37g2000prh.googlegroups.com...
> Kees Theunissen wrote:
> > hec wrote:
> > > I suspect that what I need to do is setup three "virtual" domains
> > > on three separate IP addresses on the current mail server. I am
> >
> > It's not trivial -if at all possible- to force sendmail to use
> > the "right" interface/ip-number for outbound messages.
>
> It is possible with some limited success. For incoming messages, it's
> possible to bind them to the inbound IP address (and yes, each domain
> will need its own IP address for this). Messages that are then
> forwarded to other places will be sent with that same IP address as
> the outbound source. This is done with the "b" modifier in the
> DAEMON_OPTIONS() statement in the "m4" file one uses to generate
> sendmail.cf.

I will check that out.

> However, I have noted one problem with this - which I have posted
> previously, but I don't think our sendmail staff picked up on it: If
> the server operates both IPv4 and IPv6, binding to the address also
> binds to the address family. This can be a problem for a message
> being forwarded to an IPv4 only host that came in via IPv6. Such a
> message gets stuck in the queue as it has nowhere to go via IPv6.
> It's not bounced immediately ("no route" error) - it just stays
> there. (I never left one in there long enough to time out - so maybe
> it does eventually get returned tot he sender.)
>
> I think that there needs to be a new modifier that binds a message to
> the hostname it arrived on, regardless of IP address. If the host is
> set up properly to use the same hostname on IPv4 and IPv6 forward and
> reverse DNS lookups, then the above problem can be avoided.

I am not going to worry about this now. I have my hands full with IPv4 they
will
probably have to drag me kicking and screaming to IPv6. So I do not think it
will
be an issue for now.

> > You are talking now about three domains; a manageable number.
> > This will certainly not scale to an arbitrary large number of
> > domains. Although you probably never want to use huge numbers of
> > domains the ability to scale is an indication of the quality
> > of a solution. If you can't scale it up it's probably just a
> > workaround instead of a solution for the problem.
>
> And if each of these domains has SSL'ed web servers, you will already
> be using separate IPs (one each) for them anyway....
>

You are correct. We do have multiple IP addresses and I can easily set the
DNS
MX entries to point to different IP addresses. Currently all three MX
entries point
to the same CNAME and therefore IP address. As for the number of domains, I
do
not see us expanding beyond the three we currently have at least for the
foreseeable
future.

Thanks to both of you for your comments.

Regards, Hugh

--
Hugh E Cruickshank, Forward Software, www.forward-software.com

Re: Multiple domain name support

hugh@portal.ca wrote:

> You are correct. We do have multiple IP addresses and I can easily
> set the DNS MX entries to point to different IP addresses. Currently
> all three MX entries point to the same CNAME and therefore IP address.

Setting the DNS MX entries to point to different IP addresses will
route _inbound_ messages to different IP numbers based on the
_destination_ email address.
If I understood your original posting correctly your problem is about
the source IP number of _outbound_ messages -especially to the
hotmail.com domain- based on the _sender's_ email address.
Setting MX entries won't help you in this case, but you might be
able to configure your user's mail clients to send outbound messages
to the proper IP number.

Regards,

Kees.

--
Kees Theunissen.

Re: Multiple domain name support

Kees Theunissen wrote:
> hugh@portal.ca wrote:
>
> > You are correct. We do have multiple IP addresses and I can easily
> > set the DNS MX entries to point to different IP addresses. Currently
> > all three MX entries point to the same CNAME and therefore IP address.
>
> Setting the DNS MX entries to point to different IP addresses will
> route _inbound_ messages to different IP numbers based on the
> _destination_ email address.
> If I understood your original posting correctly your problem is about
> the source IP number of _outbound_ messages -especially to the
> hotmail.com domain- based on the _sender's_ email address.
> Setting MX entries won't help you in this case, but you might be
> able to configure your user's mail clients to send outbound messages
> to the proper IP number.

However, it will work for RELAYED messages - as they will be sent out
using the same IP as they were received on. I've never tried setting
the "b" modifier in an MSA definition.