How sendmail Interacts With a Name Service

Mail domain is a concept used by the standard sendmail.cf file to determine whether mail should be delivered directly or through the mail host. Intradomain mail is delivered through direct SMTP connection, while interdomain mail is forwarded to a mail host.

In a secure network, only a few selected hosts are authorized to generate packets targeted to external destinations. Even if a host has the IP address of the remote host external to the mail domain, this does not guarantee that an SMTP connection can be established. The standard sendmail.cf assumes the following:

• The current host is not authorized to send packets directly to a host outside the mail domain.

• The mail host is capable of forwarding the mail to an authorized host that can transmit packets directly to an external host. (In fact, the mail host may itself be an authorized host.)

Given these assumptions, it is the responsibility of the mail host to deliver or forward inter-domain mail.

Setting Up sendmail Requirements for Name Services

sendmail imposes various requirements on name services. This section explains these requirements and how to satisfy them. For more information, refer to the in.named(1M), nis+(1), nisaddent(1M), and nsswitch.conf(4) man pages.

Establishing the Mail Domain Name with a Name Service

The mail domain name must be a suffix of the name service domain. For example, if the domain name of the name service is A.B.C.D, then the mail domain name could be one of the following:

• A.B.C.D

• B.C.D

• C.D

• D

When first established, the mail domain name is often identical to the name service domain. As the network grows larger, the name service domain can be divided into smaller pieces to make the name service more manageable. However, the mail domain often remains undivided to provide consistent aliasing.

The Host Name Space Data

The host table or map in the name service must be set up to support three types of gethostbyname() queries:

• mailhost - Some name service configurations satisfy this requirement automatically.

• Full host name (for example, smith.admin.acme.com) - Many name service configurations satisfy this requirement.

• Short host name (for example, smith) - sendmail must connect to the mail host to forward external mail. To determine if a mail address is within the current mail domain, gethostbyname() is invoked with the full host name. If the entry is found, the address is considered internal.

  NIS, NIS+, and DNS all support gethostbyname() with a short host name as an argument, so this requirement is automatically satisfied.

Two additional rules about the host name space need to be followed to properly establish the sendmail services within a name space.

1. gethostbyname() with full and short host name should yield consistent results. For example, gethostbyname(smith.admin.acme.com) should return the same result as gethostbyname(smith) as long as both functions are called from the mail domain admin.acme.com.

2. For all name service domains under a common mail domain, gethostbyname() with a short host name should yield the same result. For example, given the mail domain smith.admin.acme.com, gethostbyname(smith) should return the same result calling from either domain ebb.admin.acme.com or esg.admin.acme.com. The mail domain name is usually shorter than the name service domain, giving this requirement special implications for various name services.

How to Configure NIS for sendmail

This list includes all the configuration issues that you must resolve before using sendmail when using NIS as your only name service.

mail domain name

If you are setting up NIS as the primary name service, sendmail automatically strips off the first component of the NIS domain name and uses the result as mail domain name. For example, ebs.admin.acme.com becomes admin.acme.com.

mailhost host name

You must have a mailhost entry in the NIS host map.

full host names

The normal NIS setup does not "understand" the full host name. Rather than trying to make NIS understand the full host name, turn off this requirement from the sendmail side by editing the sendmail.cf file and replacing all occurrences of %l with %y. This turns off sendmail's inter-domain mail detection. As long as the target host can be resolved to an IP address, a direct SMTP delivery will be attempted. Make sure that your NIS host map does not contain any host entry that is external to the current mail domain. Otherwise, you will need to further customize the sendmail.cf file.

matching full and short host names

Follow the previous instructions on how to turn off gethostbyname() for a full host name.

multiple NIS domains in one mail domain

All NIS host maps under a common mail domain should have the same set of host entries. For example, the host map in the ebs.admin.acme.com domain should be the same as the host map in the esg.admin.acme.com. Otherwise, one address might work in one NIS domain but fail in the other NIS domain.

How to Configure NIS and DNS for sendmail

This list includes all the configuration issues that you must resolve before using sendmail when using NIS with DNS as your name service.

mail domain name

If you are setting up NIS as the primary name service, sendmail automatically strips the first component of the NIS domain name and uses the result as mail domain name, for example, ebs.admin.acme.com becomes admin.acme.com.

mailhost host name

When the DNS forwarding feature is turned on, queries that NIS cannot resolve are forwarded to DNS, so there is no need for a mailhost entry in the NIS host map.

full host names

Although NIS does not "understand" full host names, DNS does. This requirement is satisfied when you follow the regular procedure for setting up NIS and DNS.

matching full and short host names

For every host entry in the NIS host table, you must have a corresponding host entry in DNS.

multiple NIS domains in one mail domain

All NIS host maps under a common mail domain should have the same set of host entries. For example, the host map in the ebs.admin.acme.com domain should be the same as the host map in the esg.admin.acme.com. Otherwise, one address might work in one NIS domain but fail in the other NIS domain.

How to Configure NIS+ for sendmail

This list includes all the configuration issues that you must resolve before using sendmail when using NIS+ as your only name service.

mail domain name

If you are setting up NIS+ as your primary name service, sendmail can look up the mail domain from the NIS+ sendmailvars table, a two-column NIS+ table with one key column and one value column. To set up your mail domain, you must add one entry to this table. This entry should have the key column set to the literal string maildomain and the value column set to the your mail domain name (for example, admin.acme.com). Although NIS+ allows any string in the sendmailvars table, the suffix rule still applies for the mail system to work correctly. You can use nistbladm to add the maildomail entry to the sendmailvars table. For example:

nistbladm -A key="maildomain" value=<mail domain> sendmailvars.org_dir.<NIS+ domain>

Note that this mail domain is a suffix of the NIS+ domain.

mailhost host name

You must have a mailhost entry in the NIS+ hosts table.

full host names

NIS+ "understands" the full host name. Following the regular NIS+ setup procedure satisfies this requirement.

matching full and short host names

To satisfy this requirement, you can duplicate the entries in the host table, or you can enter all host entries in the user name service domains into a master host table at mail domain level.

multiple NIS domains in one mail domain

To satisfy this requirement, you can duplicate the entries in all the host tables, or you can type all host entries in the user name service domains into a master host table at mail domain level. Because you are merging (logical or physical) multiple host tables into one host table, the same host name cannot be reused in the multiple name service domain sharing a common mail domain.

How to Configure NIS+ and DNS for sendmail

This list includes all the configuration issues that you must resolve before using sendmail when using NIS+ with DNS as your name service.

mail domain name

If you are setting up NIS+ as your primary name service, sendmail can look up the mail domain from the NIS+ sendmailvars table, a two-column NIS+ table with one key column and one value column. To set up your mail domain, you must add one entry to this table. This entry should have the key column set to the literal string maildomain and the value column set to the your mail domain name (for example, admin.acme.com). Although NIS+ allows any string in the sendmailvars table, the suffix rule still applies for the mail system to work correctly. You can use nistbladm to add the maildomail entry to the sendmailvars table. For example:

nistbladm -A key="maildomain" value=<mail domain> sendmailvars.org_dir.<NIS+ domain>

Note that this mail domain is a suffix of the NIS+ domain.

mailhost host name

If your network uses both NIS+ and DNS as the source for the host database, you can put the mailhost entry in either the NIS+ or DNS host table. Make sure that your users list NIS+ and DNS as the source for the host database in the /etc/nsswitch.conf file.

full host names

Both NIS+ and DNS "understand" full host names. Following the regular NIS+ and DNS setup procedures satisfies this requirement.

matching full and short host names

For every host entry in the NIS+ host table, you must have a corresponding host entry in DNS.

multiple NIS domains in one mail domain

To satisfy this requirement, you can duplicate the entries in all the host tables, or you can type all host entries in the user name service domains into a master host table at mail domain level.