cyrus + smmapd without patching sendmail?

I'm currently getting mailbombed with bounce messages because of the
interaction between cyrus and sendmail (sendmail accepts spam message
for unknown user, passes message to cyrus, cyrus rejects message,
sendmail bounces back to non-existent address forged by spammer,
remote mail server sends bounce message to the postmaster, me).

I know this is a known issue and the question has come up quite a few
times in the archives (search "smmapd" if you're curious), but a few
years have passed since the last activity that I can find (2005), and
I'd like to know if there is any way to avoid this problem _without_
hacking/patching Sendmail.

This page outlines the steps that need to be taken, involving patching
cf/m4/proto.m4:

http://ftp.nakedape.cc/pub/anfi.homeunix.net/sendmail/rtcyru s2.html

And the official cyrus site only says, "Cyrus also includes a socket
map daemon smmapd ... To use this daemon, add smmapd as a service in
cyrus.conf and configure Sendmail accordingly.":

http://cyrusimap.web.cmu.edu/imapd/install-configure.html

Basically, I'm wondering if in 2008 "configure Sendmail accordingly"
can be down without patching. I'm running sendmail 8.13.8-2.el5 and
cyrus 2.3.7-1.1.el5 (provided by Red Hat with RHEL 5.1). I didn't
actually choose cyrus myself, it was just the "official" imap solution
provided; things were a bit easier with UW-IMAP.

Cheers,
Wincent

Re: cyrus + smmapd without patching sendmail?

Wincent Colaiuta wrote:

> I'm currently getting mailbombed with bounce messages because of the
> interaction between cyrus and sendmail (sendmail accepts spam message
> for unknown user, passes message to cyrus, cyrus rejects message,
> sendmail bounces back to non-existent address forged by spammer,
> remote mail server sends bounce message to the postmaster, me).
>
> I know this is a known issue and the question has come up quite a few
> times in the archives (search "smmapd" if you're curious), but a few
> years have passed since the last activity that I can find (2005), and
> I'd like to know if there is any way to avoid this problem _without_
> hacking/patching Sendmail.
>
> This page outlines the steps that need to be taken, involving patching
> cf/m4/proto.m4:
>
> http://ftp.nakedape.cc/pub/anfi.homeunix.net/sendmail/rtcyru s2.html
>
> And the official cyrus site only says, "Cyrus also includes a socket
> map daemon smmapd ... To use this daemon, add smmapd as a service in
> cyrus.conf and configure Sendmail accordingly.":
>
> http://cyrusimap.web.cmu.edu/imapd/install-configure.html
>
> Basically, I'm wondering if in 2008 "configure Sendmail accordingly"
> can be down without patching. I'm running sendmail 8.13.8-2.el5 and
> cyrus 2.3.7-1.1.el5 (provided by Red Hat with RHEL 5.1). I didn't
> actually choose cyrus myself, it was just the "official" imap solution
> provided; things were a bit easier with UW-IMAP.


0) patching cf/m4/proto.m4 changes files used during generating
sendmail.cf (sendmail configuration file) - no recompilation of
sendmail binaries is required if your sendmail is already compiled
with socketmap support

Use the command below to find out if your sendmail supports sockemap:
/usr/sbin/sendmail -d0.1 -bv root | grep SOCKETMAP

1) There is RTCyrus3 (next version)
http://open-sendmail.sourceforge.net/rtcyrus3/

It has been designed for better support of cyrus virtual domain and
aliases

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail:
Free Speech Is The Right To Shout 'Theater' In A Crowded Fire.
-- A Yippie Proverb

Re: cyrus + smmapd without patching sendmail?

On 29 mar, 22:06, Andrzej Adam Filip wrote:
>
> 1) There is RTCyrus3 (next version)
> =A0 =A0http://open-sendmail.sourceforge.net/rtcyrus3/

Ok, well I will give it a try...

Cheers,
Wincent

Re: cyrus + smmapd without patching sendmail?

On 29 mar, 22:06, Andrzej Adam Filip wrote:
>
> 1) There is RTCyrus3 (next version)
> =A0 =A0http://open-sendmail.sourceforge.net/rtcyrus3/
>

Ok, I've got it up and running. One minor change tweak I made was to
look up the domains in a flat file; ie:

F{VCyrusDomains}/etc/mail/cyrus-virtual-domains

Rather than:

C{VCyrusDomains} example.net example.com

That should be all right, shouldn't it?

Cheers,
Wincent

Re: cyrus + smmapd without patching sendmail?

Wincent Colaiuta wrote:

> On 29 mar, 22:06, Andrzej Adam Filip wrote:
>>
>> 1) There is RTCyrus3 (next version)
>>    http://open-sendmail.sourceforge.net/rtcyrus3/
>>
>
> Ok, I've got it up and running. One minor change tweak I made was to
> look up the domains in a flat file; ie:
>
> F{VCyrusDomains}/etc/mail/cyrus-virtual-domains
>
> Rather than:
>
> C{VCyrusDomains} example.net example.com
>
> That should be all right, shouldn't it?

It is another way of providing the list of cyrus virtual domains to
RTCyrus - use whichever you like more :-)

Feel free to report any problems (bugs) at
http://sourceforge.net/tracker/?group_id=187085&atid=919883
*OR* positive results of the tests
http://sourceforge.net/tracker/?group_id=187085&atid=995741

P.S.
After small changes in cyrus imap it should be possible to make sendmail
"know" that given cyrus mailbox is in "over quota" state before sending
"RCPT TO" reply.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
Men use thought only to justify their wrong doings, and speech only to
conceal their thoughts.
-- Voltaire

Re: cyrus + smmapd without patching sendmail?

Just one more question (I think!), Andrzej.

After a little bit more testing, I realize that it isn't actually
working like I though it was. It's connecting to smmapd and giving the
correct answer, but when mail is accepted for a real user it's just
dropped on the floor rather than being delivered to the mailbox by
lmtp. Is it possible that I've made a mistake in my sendmail.mc?

Here is an excerpt showing the old config:

define(`confLOCAL_MAILER', `cyrusv2')dnl
define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
MAILER(cyrusv2)dnl

And here is what I replaced that with:

define(`SMMAP_SOCKET',`/var/lib/imap/socket/smmapd')dnl
define(`CYRUS_LMTP_SOCKET',`/var/lib/imap/socket/lmtp')dnl
F{VCyrusDomains}/etc/mail/cyrus-virtual-domains
FEATURE(`anfi/vcyrus')dnl
MAILER(`anfi/cyrusv3')dnl

In the past I would see sendmail echo "stat=Sent" and then immediately
after, something like this:

Mar 29 20:20:40 wincent1 lmtpunix[6603]: accepted connection
Mar 29 20:20:40 wincent1 lmtpunix[6603]: lmtp connection preauth'd
as postman
... etc

But now I just see "stat=Sent" and lmtpunix never appears in the log;
the mail gets dropped on the floor and is presumably gone forever. So
I wonder what I'm doing wrong... lmtpd is definitely running, and the
socket is in place at the specified path.

Cheers,
Wincent

Re: cyrus + smmapd without patching sendmail?

Greg Hurrell wrote:

> Just one more question (I think!), Andrzej.
>
> After a little bit more testing, I realize that it isn't actually
> working like I though it was. It's connecting to smmapd and giving the
> correct answer, but when mail is accepted for a real user it's just
> dropped on the floor rather than being delivered to the mailbox by
> lmtp. Is it possible that I've made a mistake in my sendmail.mc?
>
> Here is an excerpt showing the old config:
>
> define(`confLOCAL_MAILER', `cyrusv2')dnl
> define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
> MAILER(cyrusv2)dnl
>
> And here is what I replaced that with:
>
> define(`SMMAP_SOCKET',`/var/lib/imap/socket/smmapd')dnl
> define(`CYRUS_LMTP_SOCKET',`/var/lib/imap/socket/lmtp')dnl
> F{VCyrusDomains}/etc/mail/cyrus-virtual-domains
> FEATURE(`anfi/vcyrus')dnl
> MAILER(`anfi/cyrusv3')dnl
>
> In the past I would see sendmail echo "stat=Sent" and then immediately
> after, something like this:
>
> Mar 29 20:20:40 wincent1 lmtpunix[6603]: accepted connection
> Mar 29 20:20:40 wincent1 lmtpunix[6603]: lmtp connection preauth'd
> as postman
> ... etc
>
> But now I just see "stat=Sent" and lmtpunix never appears in the log;
> the mail gets dropped on the floor and is presumably gone forever. So
> I wonder what I'm doing wrong... lmtpd is definitely running, and the
> socket is in place at the specified path.

Could you post log entries generated by RTCyrus3?

Do two tests:
1) What sendmail selects for delivery?
sendmail -bv valid_cyrus_account@cyrus.virtual.domain
sendmail -bv invalid_cyrus_account@cyrus.virtual.domain

2) Send one message as root in verbose mode

(echo "subject: test"; echo) | sendmail -v valid_cyrus_account@cyrus.virtual.domain


--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
Unless you love someone, nothing else makes any sense.
-- e.e. cummings

Re: cyrus + smmapd without patching sendmail?

On 30 mar, 03:02, Andrzej Adam Filip wrote:
>
> Do two tests:
> 1) What sendmail selects for delivery?
> sendmail -bv valid_cyrus_acco...@cyrus.virtual.domain
> sendmail -bv invalid_cyrus_acco...@cyrus.virtual.domain

It does the right thing here:

$ sendmail -bv foo@wincent.com
foo@wincent.com... User unknown
$ sendmail -bv win@wincent.com
win@wincent.com... deliverable: mailer local, user win_example_com

> 2) Send one message as root in verbose mode
>
> (echo "subject: test"; echo) | sendmail -v valid_cyrus_acco...@cyrus.virtual.domain
>

This works, as you can see, but it uses the "local" mailer instead of
the "anfi/cyrusv3" one (will paste the log excerpt below):

# (echo "subject: test"; echo) | sendmail -v win@wincent.com
win@wincent.com... Connecting to [127.0.0.1] via relay...
220 wincent1.inetu.net ESMTP Sendmail 8.13.8/8.13.8; Sat, 29 Mar 2008
21:17:27 -0400
>>> EHLO wincent1.inetu.net
250-wincent1.inetu.net Hello localhost.localdomain [127.0.0.1],
pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO wincent1.inetu.net
250-wincent1.inetu.net Hello localhost.localdomain [127.0.0.1],
pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=15 AUTH=root@wincent1.inetu.net
250 2.1.0 ... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5 ... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 m2U1HRS8008108 Message accepted for delivery
win@wincent.com... Sent (m2U1HRS8008108 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 wincent1.inetu.net closing connection

And here is the correspnding log excerpt:

Mar 29 21:17:27 wincent1 sendmail[8108]: STARTTLS=server,
relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3,
verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Mar 29 21:17:27 wincent1 sendmail[8108]: m2U1HRS8008108:
from=, size=301, class=0, nrcpts=1,
msgid=<200803300117.m2U1HR7N008107@wincent1.inetu.net>, proto=ESMTP,
daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Mar 29 21:17:27 wincent1 sendmail[8109]: m2U1HRS8008108:
to=, ctladdr= (0/0),
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30590, dsn=2.0.0,
stat=Sent

Note the "mailer=local" there in the last entry. That's all there is;
no lmtpunix entries follow. Compare that with how things are without
RTCyrus3:

Mar 29 21:20:00 wincent1 sendmail[8220]: m2U1Jxh3008220:
to=win@wincent.com, delay=00:00:01, xdelay=00:00:01, mailer=cyrusv2,
pri=34431, relay=localhost [[UNIX: /var/lib/imap/socket/lmtp]],
dsn=2.0.0, stat=Sent

Which is then followed by a bunch of lmtpunix entries...

W

Re: cyrus + smmapd without patching sendmail?

Wincent Colaiuta wrote:

> On 30 mar, 03:02, Andrzej Adam Filip wrote:
>>
>> Do two tests:
>> 1) What sendmail selects for delivery?
>> sendmail -bv valid_cyrus_acco...@cyrus.virtual.domain
>> sendmail -bv invalid_cyrus_acco...@cyrus.virtual.domain
>
> It does the right thing here:
>
> $ sendmail -bv foo@wincent.com
> foo@wincent.com... User unknown

It is right.

> $ sendmail -bv win@wincent.com
> win@wincent.com... deliverable: mailer local, user win_example_com

It is not right answer for RTCyrus3.
It does not use local mailer, it does not strip domain part of recipient.

Do you use RTCyrus3 of one of RTCyru2 variants? [Which one?]


>> 2) Send one message as root in verbose mode
>>
>> (echo "subject: test"; echo) | sendmail -v valid_cyrus_acco...@cyrus.virtual.domain
>>
>
> This works, as you can see, but it uses the "local" mailer instead of
> the "anfi/cyrusv3" one (will paste the log excerpt below):
> [...]

To get meaningful result you should also use (as root) additional -Am
command line switch I have forgotten to mention :-)

> And here is the correspnding log excerpt:
> [...]
> Mar 29 21:17:27 wincent1 sendmail[8109]: m2U1HRS8008108:
> to=, ctladdr= (0/0),
> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30590, dsn=2.0.0,
> stat=Sent
>
> Note the "mailer=local" there in the last entry. That's all there is;
> no lmtpunix entries follow. Compare that with how things are without
> RTCyrus3:
>
> Mar 29 21:20:00 wincent1 sendmail[8220]: m2U1Jxh3008220:
> to=win@wincent.com, delay=00:00:01, xdelay=00:00:01, mailer=cyrusv2,
> pri=34431, relay=localhost [[UNIX: /var/lib/imap/socket/lmtp]],
> dsn=2.0.0, stat=Sent
>
> Which is then followed by a bunch of lmtpunix entries...

Send me (via email) results of the test given below:
1)
echo '3,0 valid_a@cyrus.virtual.domain' | sendmail -d21.12 -d60.5 -bt
2)
echo '5 valid_a@cyrus.virtual.domain' | sendmail -d21.12 -d60.5 -bt
3) echp '=M' | sendmail -bt | grep local


--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
"Irrigation of the land with seawater desalinated by fusion power is ancient.
It's called 'rain'."
-- Michael McClary, in alt.fusion

Re: cyrus + smmapd without patching sendmail?

On 30 mar, 11:35, Andrzej Adam Filip wrote:
> Wincent Colaiuta wrote:
> > On 30 mar, 03:02, Andrzej Adam Filip wrote:
>
> > =A0 $ sendmail -bv w...@wincent.com
> > =A0 w...@wincent.com... deliverable: mailer local, user win_example_com
>
> It is not right answer for RTCyrus3.
> It does not use local mailer, it does not strip domain part of recipient.
>
> Do you use RTCyrus3 of one of RTCyru2 variants? [Which one?]

This is with RTCyrus3 1.0 downloaded from the SourceForge page. I
never actually installed or tried any other variant.

> >> 2) Send one message as root in verbose mode
>
> >> (echo "subject: test"; echo) | sendmail -v valid_cyrus_acco...@cyrus.vi=
rtual.domain
>
> To get meaningful result you should also use (as root) additional -Am
> command line switch I have forgotten to mention :-)

For bad user:

bad@wincent.com... User unknown
root... aliased to win@wincent.com
/root/dead.letter... Saved message in /root/dead.letter

For good user:

win@wincent.com... Connecting to local...
win@wincent.com... Sent

> Send me (via email) results of the test given below:
> 1)
> echo '3,0 vali...@cyrus.virtual.domain' | sendmail -d21.12 -d60.5 -bt
> 2)
> echo '5 vali...@cyrus.virtual.domain' | sendmail -d21.12 -d60.5 -bt
> 3) echp '=3DM' | sendmail -bt | grep local

Ok, I'll see what I can come up with and forward it to you.

Cheers,
Wincent

Re: cyrus + smmapd without patching sendmail?

Wincent Colaiuta wrote:

> On 30 mar, 11:35, Andrzej Adam Filip wrote:
>> Wincent Colaiuta wrote:
>> > On 30 mar, 03:02, Andrzej Adam Filip wrote:
>>
>> >   $ sendmail -bv w...@wincent.com
>> >   w...@wincent.com... deliverable: mailer local, user win_example_com
>>
>> It is not right answer for RTCyrus3.
>> It does not use local mailer, it does not strip domain part of recipient.
>>
>> Do you use RTCyrus3 of one of RTCyru2 variants? [Which one?]
>
> This is with RTCyrus3 1.0 downloaded from the SourceForge page. I
> never actually installed or tried any other variant.
>
>> >> 2) Send one message as root in verbose mode
>>
>> >> (echo "subject: test"; echo) | sendmail -v valid_cyrus_acco...@cyrus.virtual.domain
>>
>> To get meaningful result you should also use (as root) additional -Am
>> command line switch I have forgotten to mention :-)
>
> For bad user:
>
> bad@wincent.com... User unknown
> root... aliased to win@wincent.com
> /root/dead.letter... Saved message in /root/dead.letter
>
> For good user:
>
> win@wincent.com... Connecting to local...
> win@wincent.com... Sent
>
>> Send me (via email) results of the test given below:
>> 1)
>> echo '3,0 vali...@cyrus.virtual.domain' | sendmail -d21.12 -d60.5 -bt
>> 2)
>> echo '5 vali...@cyrus.virtual.domain' | sendmail -d21.12 -d60.5 -bt
>> 3) echp '=M' | sendmail -bt | grep local
>
> Ok, I'll see what I can come up with and forward it to you.

Based on "via email" information I *quess* that most likely
cf/m4/proto.m4 has been left unpatched.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
The only way to keep your health is to eat what you don't want, drink what
you don't like, and do what you'd rather not.
-- Mark Twain