Sendmail MTA replacing a Sun Messaging server MTA
24/05/2008 — Tags: alias, ldap, mail, mailbox, mailDeliveryOption, Messaging and filtering, MTA, sendmail, SMTP, sun messaging server
This little post is about trying to substitute the Sun Messaging server MTA with a sendmail MTA with as little disruption as possible.
Imagine the following situation:
- You have several Sun MTAs
- You have several Sun Messaging Stores
- All the mail routing and delivery information is a replicated LDAP infrastructure
The first question that would arise is why would you like to change, and coming later to the results you will see that in terms of LDAP lookups Sun Messaging Server is more efficient than sendmail.
The reasoning behind this, in our case, was that we were using sendmail as a filtering platform for antivirus and spam. You know, spamassassin, mailscanner, and the like… And what would be your choice:
1) Putting another set of MTAs in front of the existing Sun MTAs. This would be the preferred choice as an external managed service, but could also be done in the customer premises.
2) Replacing the existing Sun Messaging MTAs with sendmail (just to reduce the hardware costs).
In the second case the sendmail MTA has to mimic the behaviour of the Sun Messaging MTA. This particularly means, that we are going to avoid another SMTP hop, and obviously reduce hardware as well.
Let’s get a bit into the technical details, and revise the LDAP main features that we have to mimic (we will not get into the full detail, but rather, get into the two important bits):
- Message store selection for incoming mail. See the mailHost attribute from the inetLocalMailRecipient Class. This can be easily reproduced with the sendmail M4 feature ldap_routing:
FEATURE(`ldap_routing’, `ldap -1 -T
LDAPROUTE_DOMAIN(…)
- Email expansion for each delivery channel. This has to do with the mailDeliveryOption and the two main values that we are going to see here mailbox and forward. The first one delivers mail to the message store and the second one uses the mailForwarding address to duplicate the mail and deliver it to a different recipient.
The mail expansion to different recipients is one of those challenges, the only way we know of expanding an email address to several other is by using email expansion in the sendmail mailer, this can be done either by using the ALIAS feature or by using the USERDB feature. In our case we decided to use the ALIAS expansion (the USERDB does not currently work with LDAP)
define(`ALIAS_FILE’, `ldap: -T
-k”(&(objectClass=inetLocalMailRecipient)(maildeliveryoption=forward)(maildeliveryoption=mailbox)(|(mail=%0)(mailalternateaddress=%0)))”‘, />
`ldap: -T
-k”(&(objectClass=inetLocalMailRecipient)(maildeliveryoption=mailbox)(|(mail=%0)(mailalternateaddress=%0)))”‘,
`ldap: -T
-k”(&(objectClass=inetLocalMailRecipient)(maildeliveryoption=forward)(|(mail=%0)(mailalternateaddress=%0)))”‘,
)dnl
This setting sets up the A flag in the local mailer indicating that the it should expand the addresses set up in the ALIAS_FILE. Also the behaviour of the ALIAS_FILE is that it tries to expand an alias with the first alias definition, that is if maildeliveryoption has both attributes forward and mailbox, if that doesn’t match it searches for entries with maildeliveryoption mailbox, and if that fails it tries to expand aliases with maildeliveryoption forward.
As you can see this is very inefficient in terms of LDAP searches. If you compare that to the Sun MTA, this one would just do one lookup to get all the attributes, but in sendmail we are doing several. That means, be warned, if you the sendmail route you will have more ldap lookups. The good news, is that your answers will be cached…
One last think, the delivery of the email to the message stores will be done with LMTP. The setting that we use is:
Mlmtp, P=[IPC], F=AmDFMuXa0z, S=EnvFromSMTP/HdrFromSMTP, R=EnvToSMTP, E=\r\n, L=990,
m=4, T=DNS/RFC822/SMTP,
A=TCP $h 225
Well this is just a glimpse of the whole settings, but as you know each case is different. If you are bored and read this part let me know and I can post more details about the config.
