test

Deployment Example: Sun Java System Communications Services for Access Anywhere (EdgeMail)

ProcedureTo Configure SMTP

Steps

  1. Make sure SUNWsndmr SUNWsndmu packages are installed

  2. Stop sendmail if it's running


    # /etc/init.d/sendmail stop (for Solaris 9)
# svcadmin disable network/smtp:sendmail (for Solaris 10)

  3. Create or modify /etc/default/sendmail to prevent accidental start of sendmail in daemon mode. Add:


    MODE=""

  4. Edit sjsms-submit.mc and change the line that starts with FEATURE to:


    # cd /usr/lib/mail/cf
# cp submit.mc sjsms-submit.mc
    		 

    FEATURE('msp', `[cookbook-mail1.us.example.com]')dnl
    		 

    # /usr/ccs/bin/make sjsms-submit.cf
# mv /etc/mail/submit.cf /etc/mail/submit.cf.orig
# cp sjsms-submit.cf /etc/mail/submit.cf

  5. Add patch 113575-05 or the most recent patch that replaces it. Note: future sendmail patches may overwrite submit.cf. You should always check submit.cf after applying such patches.

  6. Start sendmail


    # /etc/init.d/sendmail start (for Solaris 9)
# svcadmin enable network/smtp:sendmail (for Solaris 10)

  7. * Repeat the above on the other node(s) if applicable * Test that failover is working properly before proceeding.

  8. Modify the file /opt/SUNWmsgsr/config/imta.cnf and put the IP addresses of all MTAs, including those of other sites, into the tcp_scanner-daemon definition.


    !
! IMTA configuration file 
! 
! part I : rewrite rules 
! 
! Domain Rewrite Rules. 
! Uncomment this line to use domain rewrite rules 
! from the configuration file instead of the domain database. 

! Please refer to the iMS documentation for details. 
!<IMTA_TABLE:domains.rules
! 
! Rules to select local users
$* $A$E$F$U%$H$V$H@bedge1-mail1.us.example.com
bedge1-mail1.us.example.com $U%$D@bedge1-mail1.us.example.com
phys-bedge1-1.us.example.com $U@bedge1-mail1.us.example.com
phys-bedge1-2.us.example.com $U@bedge1-mail1.us.example.com
localhost $U@bedge1-mail1.us.example.com
! 
! ims-ms
.ims-ms-daemon $U%$H.ims-ms-daemon@ims-ms-daemon
!
! lmtp
!.lmtp $U%$H@lmtpcs-daemon
!
! lmtpn
!.lmtpn $U%$H@lmtpcn-daemon
! 
! native
.native-daemon $U%$H.native-daemon@native-daemon
! 
! pipe
.pipe-daemon $U%$H.pipe-daemon@pipe-daemon
! 
! tcp_local 
! Rules for top level internet domains
<IMTA_TABLE:internet.rules
! 
! tcp_intranet 
! Do mapping lookup for internal IP addresses
[] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
bedge2-mail1.us.example.com $U%$D@tcp_intranet-daemon
bedge3-mail1.us.example.com $U%$D@tcp_intranet-daemon
bedge4-mail1.us.example.com $U%$D@tcp_intranet-daemon* $U%$&0.example.com
!
! tcp_example for internal example.com addresses
.example.com $U%$H$D@tcp_example-daemon! 
! messages returning from MTA must not be re-scanned
! US MTA
[10.1.82.175] $E$R$U%[10.1.82.175]@tcp_scanner-daemon
[10.1.82.176] $E$R$U%[10.1.82.176]@tcp_scanner-daemon
[10.1.82.177] $E$R$U%[10.1.82.177]@tcp_scanner-daemon
[10.1.82.178] $E$R$U%[10.1.82.178]@tcp_scanner-daemon
[10.1.82.179] $E$R$U%[10.1.82.179]@tcp_scanner-daemon
[10.1.82.180] $E$R$U%[10.1.82.180]@tcp_scanner-daemon
[10.1.82.183] $E$R$U%[10.1.82.183]@tcp_scanner-daemon
[10.1.82.184] $E$R$U%[10.1.82.184]@tcp_scanner-daemon!
! Repeat for MTAs at other EdgeMail complexes as necessary
!
! reprocess
reprocess $U%reprocess.bedge1-mail1.us.example.com@reprocess-daemon
reprocess.bedge1-mail1.us.example.com $U%reprocess.bedge1-mail1.us.example.com
@reprocess-daemon
! 
! process
process $U%process.bedge1-mail1.us.example.com@process-daemon
process.bedge1-mail1.us.example.com $U%process.bedge1-mail1.us.example.com@pro
cess-daemon
! 
! defragment
defragment $U%defragment.bedge1-mail1.us.example.com@defragment-daemon
defragment.bedge1-mail1.us.example.com $U%defragment.bedge1-mail1.us.example.c
om@defragment-daemon
! 
! conversion
conversion $U%conversion.bedge1-mail1.us.example.com@conversion-daemon
conversion.bedge1-mail1.us.example.com $U%conversion.bedge1-mail1.us.example.c
om@conversion-daemon
! 
! bitbucket
bitbucket $U%bitbucket.bedge1-mail1.us.example.com@bitbucket-daemon
bitbucket.bedge1-mail1.us.example.com $U%bitbucket.bedge1-mail1.us.example.com
@bitbucket-daemon
! 
! deleted
deleted-daemon $U%$H@deleted-daemon
.deleted-daemon $U%$H@deleted-daemon
! 
! inactive
inactive-daemon $U%$H@inactive-daemon
.inactive-daemon $U%$H@inactive-daemon
! 
! hold
hold-daemon $U%$H@hold-daemon
.hold-daemon $U%$H@hold-daemon

! 
! part II : channel blocks 
! 
defaults notices 1 2 4 7 errwarnpost errsendpost postheadonly noswitchchannel im
mnonurgent maxjobs 7 logging defaulthost example.com example.com

! 
! delivery channel to local /var/mail store
l subdirs 20 viaaliasrequired maxjobs 7 pool LOCAL_POOL
bedge1-mail1.us.example.com

! 
! ims-ms
ims-ms defragment threaddepth 20 subdirs 20 notices 1 7 14 21 28 backoff "pt5m" 
"pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 4 pool IMS_POOL fileinto $U+$S@$D
ims-ms-daemon

! 
! native
native defragment subdirs 20 maxjobs 1
native-daemon

! 
! pipe
pipe single defragment subdirs 20
pipe-daemon

! 
! tcp_local
tcp_local smtp nomx single_sys remotehost daemon gis-relay.us.example.com inne
r switchchannel identnonenumeric subdirs 20 maxjobs 7 sourceblocklimit 10000 poo
l SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipie
ntpolicy 0 aliasdetourhost tcp_scanner-daemon
tcp-daemon

!
! tcp_example
tcp_example smtp nomx single_sys remotehost daemon gis-relay.us.example.com inner 
switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver 
maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0
tcp_example-daemon
! 
! tcp_intranet
tcp_intranet smtp nomx single_sys subdirs 20 dequeue_removeroute maxjobs 7 sourceblocklimit 10000 pool SMTP_POOL maytlsserver allowswitchchannel saslswitchchann
el tcp_auth missingrecipientpolicy 4
tcp_intranet-daemon

!
! tcp_scanner
tcp_scanner smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL all
owswitchchannel daemon mail-amer-xfr.example.com enqueue_removeroute
tcp_scanner-daemon
! 
! tcp_submit
tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipien
tpolicy 4
tcp_submit-daemon

! 
! tcp_auth
tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4
tcp_auth-daemon

  9. Modify the /opt/SUNWmsgsr/config/option.dat file:


    # cp -p option.dat option.dat.orig_`date +%Y%m%d`
# vi option.dat
    		 

    #add below MISSING_RECIPIENT_POLICY:
ALLOW_RECIPIENTS_PER_TRANSACTION=256
LOG_CONNECTION=3
LOG_USERNAME=1
LOG_TRANSPORTINFO=1
SEPARATE_CONNECTION_LOG=1
LOG_MESSAGE_ID=1

  10. Modify /opt/SUNWmsgsr/config/mappings. Use a range with the /NN format that will contain all the physical hosts IPs for your edge site. In the case of bedge, 129.147.156.99/26 spans from 129.147.156.65 to 129.147.156.126.


    INTERNAL_IP

  $(129.147.156.99/##) $Y
  127.0.0.1 $Y
  * $N


ORIG_SEND_ACCESS

  tcp_local|*|tcp_local|*  $N$D30|Relaying$ not$ allowed
  tcp_*|*|native|*  $N
  tcp_*|*|hold|*  $N
  tcp_*|*|pipe|*  $N
  tcp_*|*|ims-ms|*  $N
!
! Block "external" submissions of explicitly source-routed "internal" addresses
! 
  tcp_local|*|tcp_intranet|@*:*.*   $N$D30|Explicit$ routing$ not$ allowed
  tcp_local|*|tcp_intranet|*$%*@*   $N$D30|Explicit$ routing$ not$ allowed
  tcp_local|*|tcp_intranet|*.*!*@*  $N$D30|Explicit$ routing$ not$ allowed
  tcp_local|*|tcp_intranet|"*@*"@*  $N$D30|Explicit$ routing$ not$ allowed


SEND_ACCESS

  tcp_local|*|tcp_example|*  $N$D30|Relaying$ not$ allowed
  tcp_*|*|*|*@[127.*]  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@localhost.*  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@example.com  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@example.net  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@example.org  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@*.test  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@*.example  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@*.invalid  $X5.1.2|$NBad$ destination$ system
  tcp_*|*|*|*@*.localhost  $X5.1.2|$NBad$ destination$ system


<IMTA_TABLE:mappings.locale

  11. Modify the /opt/SUNWmsgsr/config/aliases file:


    ! MTA aliases file
!
!root@example.com: postmaster
adm@bedge1-mail1.us.example.com: postmast
root@bedge1-mail1.us.example.com: postmast
postmaster@bedge1-mail1.us.example.com: postmast
sunmc-alert:    root@bedge1-mail1.us.example.com
sunmc-critical: root@bedge1-mail1.us.example.com

  12. Setup logadm


    # mkdir /opt/SUNWmsgsr/log/imta/archive (owner mailsrv:mailsrv)
# logadm -f /opt/SUNWmsgsr/config/logadm.conf -w mail -C 28 -p 1d \
    -t '/opt/SUNWmsgsr/log/imta/archive/mail.log.$n' -z 6 \
    /opt/SUNWmsgsr/log/imta/mail.log
# configutil -o local.schedule.logadm -v "10 4 * * * /usr/sbin/logadm \
    -f /opt/SUNWmsgsr/config/logadm.conf

  13. Create the alias smarthost.example.com to the GIS relay VIP in /etc/hosts to ensure a fallback mechanism through the local smarthost:


    10.1.97.30 gis-relay.us.example.com smarthost.example.com

  14. Configure the IMAP parameters


    # configutil -o local.ldapconnecttimeout -v 30
# configutil -o service.imap.maxsessions -v 600
# configutil -o service.imap.maxthreads -v 250
# configutil -o service.imap.numprocesses -v 8
# configutil -o store.dbtmpdir -v /tmp/msg-bedge1-mail1

  15. Setting to enable MailFilter


    # configutil -o local.webmail.sieve.port -v 444

  16. Set smtphost to the dedicated MTA host:


    # configutil -o service.http.smtphost -v mail-amer-xfr.example.com

  17. If UWC is not enabled, set local.service.http.cookiename to something, for example webmailsid to prevent sessionid from being visible in the URL. When UWC is enabled, this is set by default.