masqmail
annotate docs/simple-relay-setup @ 331:e507c854a63e
Security fix! Correct handling of seteuid() return value
See Debian bug #638002, reported by John Lightsey.
When possible the (already available) set_euidgid() function is used.
Additionally, it is unnecessary to change the identity when writing
into an already open file descriptor.
This should fix the problem.
| author | markus schnalke <meillo@marmaro.de> |
|---|---|
| date | Sat, 27 Aug 2011 16:19:07 +0200 |
| parents | f10a56dc7481 |
| children | 08932c629849 |
| rev | line source |
|---|---|
| meillo@186 | 1 Simple Setup |
| meillo@186 | 2 ============ |
| meillo@186 | 3 |
| meillo@186 | 4 You want |
| meillo@186 | 5 -------- |
| meillo@186 | 6 |
| meillo@186 | 7 - submit mail on stdin by calling masqmail on the commandline |
| meillo@186 | 8 - submit mail with SMTP from the local machine |
| meillo@186 | 9 - let masqmail deliver mail locally to the system mailboxes /var/mail/* |
| meillo@186 | 10 - let masqmail forward non-local mail through a smart host |
| meillo@186 | 11 |
| meillo@186 | 12 This is like the simple-local-setup plus the forwarding. |
| meillo@186 | 13 |
| meillo@186 | 14 |
| meillo@186 | 15 Set up |
| meillo@186 | 16 ------ |
| meillo@186 | 17 |
| meillo@186 | 18 Follow the description in INSTALL. |
| meillo@186 | 19 |
| meillo@186 | 20 A common configure call would be: |
| meillo@186 | 21 |
| meillo@186 | 22 ./configure --enable-auth --enable-ident |
| meillo@186 | 23 |
| meillo@186 | 24 |
| meillo@186 | 25 Configuration |
| meillo@186 | 26 ------------- |
| meillo@186 | 27 |
| meillo@186 | 28 You need a config file like this one: |
| meillo@186 | 29 |
| meillo@186 | 30 host_name = "foo.example.org" |
| meillo@186 | 31 online_routes.default = /etc/masqmail/default.route |
| meillo@186 | 32 |
| meillo@186 | 33 (Substitute a real hostname, of course.) |
| meillo@186 | 34 |
| meillo@186 | 35 Addionally you need to create the route config file like: |
| meillo@186 | 36 |
| meillo@186 | 37 # where to relay to; the address and port of the smart host |
| meillo@186 | 38 mail_host = "mail.gmx.net:25" |
| meillo@223 | 39 # use a wrapper to enable encryption |
| meillo@223 | 40 # for STARTTLS on port 25: |
| meillo@223 | 41 #instant_helo=true |
| meillo@223 | 42 #wrapper="/usr/bin/openssl s_client -quiet -starttls smtp -connect mail.gmx.net:25 2>/dev/null" |
| meillo@223 | 43 # for SMTP over SSL on port 465: |
| meillo@223 | 44 #wrapper = "/usr/bin/openssl s_client -quiet -connect mail.gmx.net:465 2>/dev/null" |
| meillo@186 | 45 |
| meillo@186 | 46 do_correct_helo = true |
| meillo@186 | 47 |
| meillo@186 | 48 # rewrite the From addresses to ones visible from the outside |
| meillo@186 | 49 map_return_path_addresses = "meillo: schnalke4@gmx.de" |
| meillo@186 | 50 map_h_from_addresses = "meillo: markus schnalke <schnalke4@gmx.de>" |
| meillo@186 | 51 |
| meillo@186 | 52 # it's good to use "login" only if the connection is encrypted |
| meillo@186 | 53 auth_name = "login" |
| meillo@186 | 54 #auth_name = "cram-md5" |
| meillo@186 | 55 auth_login = "UID_OR_EMAIL_ADDRESS" |
| meillo@186 | 56 auth_secret = "PASSWORD" |
| meillo@186 | 57 |
| meillo@186 | 58 |
| meillo@186 | 59 |
| meillo@186 | 60 Starting the daemon |
| meillo@186 | 61 ------------------- |
| meillo@186 | 62 |
| meillo@186 | 63 Listening for SMTP connections on a port requires masqmail to run as |
| meillo@186 | 64 daemon. You probably want to start masqmail as daemon each time the |
| meillo@186 | 65 system comes up. How you have to do that is system dependent. |
| meillo@186 | 66 /etc/rc.local is a good try to add the daemon call, because this file |
| meillo@186 | 67 seems to be frequently available. |
| meillo@186 | 68 |
| meillo@186 | 69 /usr/local/sbin/masqmail -bd -q10m |
| meillo@186 | 70 |
| meillo@186 | 71 This starts masqmail in daemon mode and does a queue run every ten |
| meillo@186 | 72 minutes. |
| meillo@186 | 73 |
| meillo@186 | 74 |
| meillo@186 | 75 Check the setup |
| meillo@186 | 76 --------------- |
| meillo@186 | 77 |
| meillo@186 | 78 Like in simple-local-setup plus ... |
| meillo@186 | 79 |
| meillo@186 | 80 Send a mail to a remote location: |
| meillo@186 | 81 |
| meillo@186 | 82 $ echo "some text" | mail foo@somewhereelse.example.org |
| meillo@186 | 83 |
| meillo@186 | 84 Check if it is queued: |
| meillo@186 | 85 |
| meillo@186 | 86 $ masqmail -bp |
| meillo@186 | 87 |
| meillo@186 | 88 Deliver it with: |
| meillo@186 | 89 |
| meillo@186 | 90 $ masqmail -qo default |
| meillo@186 | 91 |
| meillo@186 | 92 Check the queue contents again. |
| meillo@186 | 93 |
| meillo@186 | 94 You need to do such queue runs for online routes explicitely. For |
| meillo@186 | 95 instance by cron. |
| meillo@186 | 96 |
| meillo@186 | 97 |
| meillo@186 | 98 Automatic queue runs |
| meillo@186 | 99 -------------------- |
| meillo@186 | 100 |
| meillo@186 | 101 You can also tell masqmail to send queued mails through a route each |
| meillo@186 | 102 time the daemon does a queue run. Therefor you need to tell masqmail |
| meillo@186 | 103 that it is online and can use the default route to deliver mail. |
| meillo@186 | 104 |
| meillo@186 | 105 Add this to masqmail.conf: |
| meillo@186 | 106 |
| meillo@310 | 107 online_query = "/bin/echo default" |
| meillo@186 | 108 |
| meillo@186 | 109 Now masqmail will send online mail automatically through the default |
| meillo@186 | 110 route, each time it does a queue run (every ten minutes). |
| meillo@186 | 111 |
| meillo@186 | 112 |
| meillo@186 | 113 In case of problems |
| meillo@186 | 114 ------------------- |
| meillo@186 | 115 |
| meillo@186 | 116 Have a look at the log file: /var/log/masqmail/masqmail.log |
| meillo@186 | 117 |
| meillo@186 | 118 Set the debug level in masqmail.conf, restart the daemon, redo the |
| meillo@186 | 119 test, and look at the debug file: /var/log/masqmail/debug.log |
| meillo@186 | 120 |
| meillo@186 | 121 If you use a wrapper, test it manually and interactively on the |
| meillo@186 | 122 command line. |
| meillo@186 | 123 |
| meillo@186 | 124 Ask on the mailing list: <masqmail@marmaro.de> |
| meillo@186 | 125 |
| meillo@186 | 126 |
| meillo@186 | 127 |
| meillo@186 | 128 meillo |