Make sure SUNWsndmr SUNWsndmu packages are installed
Stop sendmail if it's running
# /etc/init.d/sendmail stop (for Solaris 9) # svcadmin disable network/smtp:sendmail (for Solaris 10) |
Create or modify /etc/default/sendmail to prevent accidental start of sendmail in daemon mode. Add:
MODE="" |
Edit sjsms-submit.mc and change the line that starts with FEATURE to:
# cd /usr/lib/mail/cf # cp submit.mc sjsms-submit.mc |
FEATURE('msp', `[cookbook-mail1.us.example.com]')dnl |
# /usr/ccs/bin/make sjsms-submit.cf # mv /etc/mail/submit.cf /etc/mail/submit.cf.orig # cp sjsms-submit.cf /etc/mail/submit.cf |
Add patch 113575-05 or the most recent patch that replaces it. Note: future sendmail patches may overwrite submit.cf. You should always check submit.cf after applying such patches.
Start sendmail
# /etc/init.d/sendmail start (for Solaris 9) # svcadmin enable network/smtp:sendmail (for Solaris 10) |
* Repeat the above on the other node(s) if applicable * Test that failover is working properly before proceeding.
Modify the file /opt/SUNWmsgsr/config/imta.cnf and put the IP addresses of all MTAs, including those of other sites, into the tcp_scanner-daemon definition.
! ! IMTA configuration file ! ! part I : rewrite rules ! ! Domain Rewrite Rules. ! Uncomment this line to use domain rewrite rules ! from the configuration file instead of the domain database. ! Please refer to the iMS documentation for details. !<IMTA_TABLE:domains.rules ! ! Rules to select local users $* $A$E$F$U%$H$V$H@bedge1-mail1.us.example.com bedge1-mail1.us.example.com $U%$D@bedge1-mail1.us.example.com phys-bedge1-1.us.example.com $U@bedge1-mail1.us.example.com phys-bedge1-2.us.example.com $U@bedge1-mail1.us.example.com localhost $U@bedge1-mail1.us.example.com ! ! ims-ms .ims-ms-daemon $U%$H.ims-ms-daemon@ims-ms-daemon ! ! lmtp !.lmtp $U%$H@lmtpcs-daemon ! ! lmtpn !.lmtpn $U%$H@lmtpcn-daemon ! ! native .native-daemon $U%$H.native-daemon@native-daemon ! ! pipe .pipe-daemon $U%$H.pipe-daemon@pipe-daemon ! ! tcp_local ! Rules for top level internet domains <IMTA_TABLE:internet.rules ! ! tcp_intranet ! Do mapping lookup for internal IP addresses [] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon bedge2-mail1.us.example.com $U%$D@tcp_intranet-daemon bedge3-mail1.us.example.com $U%$D@tcp_intranet-daemon bedge4-mail1.us.example.com $U%$D@tcp_intranet-daemon* $U%$&0.example.com ! ! tcp_example for internal example.com addresses .example.com $U%$H$D@tcp_example-daemon! ! messages returning from MTA must not be re-scanned ! US MTA [10.1.82.175] $E$R$U%[10.1.82.175]@tcp_scanner-daemon [10.1.82.176] $E$R$U%[10.1.82.176]@tcp_scanner-daemon [10.1.82.177] $E$R$U%[10.1.82.177]@tcp_scanner-daemon [10.1.82.178] $E$R$U%[10.1.82.178]@tcp_scanner-daemon [10.1.82.179] $E$R$U%[10.1.82.179]@tcp_scanner-daemon [10.1.82.180] $E$R$U%[10.1.82.180]@tcp_scanner-daemon [10.1.82.183] $E$R$U%[10.1.82.183]@tcp_scanner-daemon [10.1.82.184] $E$R$U%[10.1.82.184]@tcp_scanner-daemon! ! Repeat for MTAs at other EdgeMail complexes as necessary ! ! reprocess reprocess $U%reprocess.bedge1-mail1.us.example.com@reprocess-daemon reprocess.bedge1-mail1.us.example.com $U%reprocess.bedge1-mail1.us.example.com @reprocess-daemon ! ! process process $U%process.bedge1-mail1.us.example.com@process-daemon process.bedge1-mail1.us.example.com $U%process.bedge1-mail1.us.example.com@pro cess-daemon ! ! defragment defragment $U%defragment.bedge1-mail1.us.example.com@defragment-daemon defragment.bedge1-mail1.us.example.com $U%defragment.bedge1-mail1.us.example.c om@defragment-daemon ! ! conversion conversion $U%conversion.bedge1-mail1.us.example.com@conversion-daemon conversion.bedge1-mail1.us.example.com $U%conversion.bedge1-mail1.us.example.c om@conversion-daemon ! ! bitbucket bitbucket $U%bitbucket.bedge1-mail1.us.example.com@bitbucket-daemon bitbucket.bedge1-mail1.us.example.com $U%bitbucket.bedge1-mail1.us.example.com @bitbucket-daemon ! ! deleted deleted-daemon $U%$H@deleted-daemon .deleted-daemon $U%$H@deleted-daemon ! ! inactive inactive-daemon $U%$H@inactive-daemon .inactive-daemon $U%$H@inactive-daemon ! ! hold hold-daemon $U%$H@hold-daemon .hold-daemon $U%$H@hold-daemon ! ! part II : channel blocks ! defaults notices 1 2 4 7 errwarnpost errsendpost postheadonly noswitchchannel im mnonurgent maxjobs 7 logging defaulthost example.com example.com ! ! delivery channel to local /var/mail store l subdirs 20 viaaliasrequired maxjobs 7 pool LOCAL_POOL bedge1-mail1.us.example.com ! ! ims-ms ims-ms defragment threaddepth 20 subdirs 20 notices 1 7 14 21 28 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 4 pool IMS_POOL fileinto $U+$S@$D ims-ms-daemon ! ! native native defragment subdirs 20 maxjobs 1 native-daemon ! ! pipe pipe single defragment subdirs 20 pipe-daemon ! ! tcp_local tcp_local smtp nomx single_sys remotehost daemon gis-relay.us.example.com inne r switchchannel identnonenumeric subdirs 20 maxjobs 7 sourceblocklimit 10000 poo l SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipie ntpolicy 0 aliasdetourhost tcp_scanner-daemon tcp-daemon ! ! tcp_example tcp_example smtp nomx single_sys remotehost daemon gis-relay.us.example.com inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 tcp_example-daemon ! ! tcp_intranet tcp_intranet smtp nomx single_sys subdirs 20 dequeue_removeroute maxjobs 7 sourceblocklimit 10000 pool SMTP_POOL maytlsserver allowswitchchannel saslswitchchann el tcp_auth missingrecipientpolicy 4 tcp_intranet-daemon ! ! tcp_scanner tcp_scanner smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL all owswitchchannel daemon mail-amer-xfr.example.com enqueue_removeroute tcp_scanner-daemon ! ! tcp_submit tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipien tpolicy 4 tcp_submit-daemon ! ! tcp_auth tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4 tcp_auth-daemon |
Modify the /opt/SUNWmsgsr/config/option.dat file:
# cp -p option.dat option.dat.orig_`date +%Y%m%d` # vi option.dat |
#add below MISSING_RECIPIENT_POLICY: ALLOW_RECIPIENTS_PER_TRANSACTION=256 LOG_CONNECTION=3 LOG_USERNAME=1 LOG_TRANSPORTINFO=1 SEPARATE_CONNECTION_LOG=1 LOG_MESSAGE_ID=1 |
Modify /opt/SUNWmsgsr/config/mappings. Use a range with the /NN format that will contain all the physical hosts IPs for your edge site. In the case of bedge, 129.147.156.99/26 spans from 129.147.156.65 to 129.147.156.126.
INTERNAL_IP $(129.147.156.99/##) $Y 127.0.0.1 $Y * $N ORIG_SEND_ACCESS tcp_local|*|tcp_local|* $N$D30|Relaying$ not$ allowed tcp_*|*|native|* $N tcp_*|*|hold|* $N tcp_*|*|pipe|* $N tcp_*|*|ims-ms|* $N ! ! Block "external" submissions of explicitly source-routed "internal" addresses ! tcp_local|*|tcp_intranet|@*:*.* $N$D30|Explicit$ routing$ not$ allowed tcp_local|*|tcp_intranet|*$%*@* $N$D30|Explicit$ routing$ not$ allowed tcp_local|*|tcp_intranet|*.*!*@* $N$D30|Explicit$ routing$ not$ allowed tcp_local|*|tcp_intranet|"*@*"@* $N$D30|Explicit$ routing$ not$ allowed SEND_ACCESS tcp_local|*|tcp_example|* $N$D30|Relaying$ not$ allowed tcp_*|*|*|*@[127.*] $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@localhost.* $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@example.com $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@example.net $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@example.org $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.test $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.example $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.invalid $X5.1.2|$NBad$ destination$ system tcp_*|*|*|*@*.localhost $X5.1.2|$NBad$ destination$ system <IMTA_TABLE:mappings.locale |
Modify the /opt/SUNWmsgsr/config/aliases file:
! MTA aliases file ! !root@example.com: postmaster adm@bedge1-mail1.us.example.com: postmast root@bedge1-mail1.us.example.com: postmast postmaster@bedge1-mail1.us.example.com: postmast sunmc-alert: root@bedge1-mail1.us.example.com sunmc-critical: root@bedge1-mail1.us.example.com |
Setup logadm
# mkdir /opt/SUNWmsgsr/log/imta/archive (owner mailsrv:mailsrv) # logadm -f /opt/SUNWmsgsr/config/logadm.conf -w mail -C 28 -p 1d \ -t '/opt/SUNWmsgsr/log/imta/archive/mail.log.$n' -z 6 \ /opt/SUNWmsgsr/log/imta/mail.log # configutil -o local.schedule.logadm -v "10 4 * * * /usr/sbin/logadm \ -f /opt/SUNWmsgsr/config/logadm.conf |
Create the alias smarthost.example.com to the GIS relay VIP in /etc/hosts to ensure a fallback mechanism through the local smarthost:
10.1.97.30 gis-relay.us.example.com smarthost.example.com |
Configure the IMAP parameters
# configutil -o local.ldapconnecttimeout -v 30 # configutil -o service.imap.maxsessions -v 600 # configutil -o service.imap.maxthreads -v 250 # configutil -o service.imap.numprocesses -v 8 # configutil -o store.dbtmpdir -v /tmp/msg-bedge1-mail1 |
Setting to enable MailFilter
# configutil -o local.webmail.sieve.port -v 444 |
Set smtphost to the dedicated MTA host:
# configutil -o service.http.smtphost -v mail-amer-xfr.example.com |
If UWC is not enabled, set local.service.http.cookiename to something, for example webmailsid to prevent sessionid from being visible in the URL. When UWC is enabled, this is set by default.