How to redirect mail sent to root to external mailbox?

Hans Nieser hans at nieser.net
Mon Nov 14 13:55:17 GMT 2005


Hi list,

I operate several servers, one of which is at home, behind NAT. The local 
network is configured to use the domainname "nieser.local.", which 
obviously only exists on the local (forwarding) nameserver.

To be able to send e-mail from this machine (which would normally be 
rejected by any MTA because of the non-existent 'from' domainname ) I have 
configured sendmail to masquerade e-mail sent from the 
"royen.nieser.local" machine as "royen.nieser.net" which resolves to the 
external IP adress of the DSL gateway device (which has smtp forwarded to 
the royen.nieser.local machine).

The above setup *mostly* (see below) works, e-mail that I send from the 
server has it's "royen.nieser.local" hostname properly substituted with 
"royen.nieser.net").

Now, to make monitoring all the servers I operate easier, I wanted to 
forward all mail sent to root (including the periodic output), by putting 
"root: h.nieser at xs4all.nl" in the /etc/mail/aliases file, as the comments 
in this file suggested:

# Pretty much everything else in this file points to "root", so
# you would do well in either reading root's mailbox or forwarding
# root's email from here.

But here's the weird thing, the periodic mail doesn't get masqueraded and 
   therefore gets rejected by the remote MTA. The "rejected" message which 
  gets sent back to the root account, however, *does* get masqueraded 
properly and subsequently forwarded to the e-mail I specified in the 
/etc/mail/aliases file!

Also, when I ssh to the royen machine and type "periodic daily" on the 
commandline, the mail it generates DOES get masqueraded correctly... 
What's going on here? I'm having a real hard time getting my head around 
this because of all the redirecting and forwarding and perhaps lack of 
in-depth knowledge of smtp/sendmail... I have my sendmail configuration 
attached (also mirrored at http://nieser.net/files/sendmail/1/ ).

I'd rather keep the nieser.local/nieser.net domainnames seperate and use 
masquerading because the whole NAT setup is confusing enough for me as it 
is, having the same domainname resolve to different adresses for the LAN 
and the Internet would probably drive me mad.

Can anyone assist?

PS: The domainnames used in my problem description above may not actually 
resolve as I've tried to simplify my problem by using more logical names.
-------------- next part --------------
root at royen:/etc/mail# cat aliases
# $FreeBSD: src/etc/mail/aliases,v 1.20 2004/06/30 16:47:08 maxim Exp $
#       @(#)aliases     5.3 (Berkeley) 5/24/90
#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks.
#
#       >>>>>>>>>>      The program "newaliases" must be run after
#       >> NOTE >>      this file is updated for any changes to
#       >>>>>>>>>>      show through to sendmail.
#
#
# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES
# AND FUNCTIONS', May 1997

# Pretty much everything else in this file points to "root", so
# you would do well in either reading root's mailbox or forwarding
# root's email from here.

root:   h.nieser at xs4all.nl

# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root

# General redirections for pseudo accounts
_pflogd: root
bin:    root
bind:   root
daemon: root
games:  root
kmem:   root
mailnull: postmaster
man:    root
news:   root
nobody: root
operator: root
pop:    root
proxy:  root
smmsp:  postmaster
sshd:   root
system: root
toor:   root
tty:    root
usenet: news
uucp:   root

# Well-known aliases -- these should be filled in!
# manager:
# dumper:

# BUSINESS-RELATED MAILBOX NAMES
# info:
# marketing:
# sales:
# support:

# NETWORK OPERATIONS MAILBOX NAMES
abuse:  root
# noc:          root
security:       root

# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
ftp:            root
ftp-bugs:       ftp
hostmaster:     root
webmaster:      root
www:            webmaster

# NOTE: /var/msgs and /var/msgs/bounds must be owned by sendmail's
#       DefaultUser (defaults to mailnull) for the msgs alias to work.
#
# msgs: "| /usr/bin/msgs -s"

# bit-bucket: /dev/null
# dev-null: bit-bucket

aphax:          hans
-------------- next part --------------
root at royen:/etc/mail# cat royen.nieser.local.mc
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
#       The Regents of the University of California.  All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. All advertising materials mentioning features or use of this software
#    must display the following acknowledgement:
#       This product includes software developed by the University of
#       California, Berkeley and its contributors.
# 4. Neither the name of the University nor the names of its contributors
#    may be used to endorse or promote products derived from this software
#    without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#

#
#  This is a generic configuration file for FreeBSD 5.X and later systems.
#  If you want to customize it, copy it to a name appropriate for your
#  environment and do the modifications there.
#
#  The best documentation for this .mc file is:
#  /usr/share/sendmail/cf/README or
#  /usr/src/contrib/sendmail/cf/README
#

divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $')OSTYPE(freebsd5)
DOMAIN(generic)

MASQUERADE_AS(`royen.nieser.net')
FEATURE(`masquerade_envelope')
MASQUERADE_EXCEPTION_FILE(`/etc/mail/masq-except-domains')

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl       your permission.
dnl FEATURE(relay_based_on_MX)

dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/

dnl Uncomment to activate Realtime Blackhole List
dnl information available at http://www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}')

dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
-------------- next part --------------
root at royen:/etc/mail# cat royen.nieser.local.submit.mc
divert(-1)
#
# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
#       All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
#

#
#  This is the FreeBSD configuration for a set-group-ID sm-msp sendmail
#  that acts as a initial mail submission program.
#
#

divert(0)dnl
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.submit.mc,v 1.1 2003/10/19 00:03:13 gshapiro Exp $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[127.0.0.1]')dnl


More information about the freebsd-questions mailing list