In the interest of not destroying anything during the first couple days of the semester, it’s time to document one of the more complicated bits of our infrastructure here at UMBC – email delivery.
In the interest of not destroying anything during the first couple days of the semester, it’s time to document one of the more complicated bits of our infrastructure here at UMBC – email delivery.
Email delivery is currently handled by a collection of 9 small Sun SPARC systems (V100’s, T1’s & X1’s) named mx1in – mx9in. They are behind an IP load balancer that lives as mxin.umbc.edu, and is listed as UMBC’s primary MX. These servers run a configuration of sendmail, which listens on port 25. Currently, they are running Sendmail 8.13.1 (locally modified), with procmail 3.22 (locally modified) as a delivery agent. The source trees for these are:
Procmail: /afs/umbc.edu/src/afsapps/MDA/current
Sendmail: /afs/umbc.edu/src/apps/sendmail/current
All of the configurations for these sendmail instances are located in the file /etc/mail.del. /etc/mail is relegated to the UMBC standard client configuration, which is on these systems for actually sending mail. The one that is being talked about in this document is for actual mail delivery only.
These machines run multiple instances of sendmail – one listening to port 25, and one as a persistant queue runner. These run in one of those token-renewing shellscript things with the tokens of "postman.
Here, take a look at the actual MC file (now with fresh new COMMENTS!) and try to figure some of this out for yourself:
divert(0)dnl
VERSIONID(`$Id: mxdel.sun4x_58.mc,v 1.1.2.9 2002/08/13 15:13:10 banz Exp $')dnl
define(`cfrevision', `$Revision: 1.1.2.9 $')dnl
define(`cftype', `mxdel')dnl
OSTYPE(solaris2)dnl
dnl This enables a special rule to the non-DNS-able from address sent by our HP/MPE system to
dnl be able to send mail through our system. See the umbc-central domain file for details.
define(`BROKEN_HP_ADDRESS', `true')dnl
dnl This enables our LDAP aliases maps. See the umbc-central domain file for details
define(`USE_LDAP_ALIASES', `true')dnl
dnl Include site-wide configurations
DOMAIN(`umbc-central')dnl
dnl Disable the MSA port (587). We don't need/want it for the delivery systems
FEATURE(`no_default_msa', `dnl')dnl
dnl Enable the access_db at it's alternate location
FEATURE(`access_db', `hash -T
dnl Enable queue groups for prioritization
FEATURE(`queuegroup')dnl
dnl Stuff that gets assigned to one of our local mailers should get stored in the local queue
dnl if we can't deliver it right away!
define(`LOCAL_MAILER_QGRP', `local')dnl
define(`LOCAL_PROG_QGRP', `local')dnl
dnl Override some default parameteres for our "local" and "internal" (stuff that's in umbc.edu)
dnl queue groups so they get handled faster than the junk.
QUEUE_GROUP(`local', `P=/var/spool/mqueue.del/local*, Runners=5, Interval=1m,Flags=f')dnl
QUEUE_GROUP(`internal', `P=/var/spool/mqueue.del/internal*, Runners=5, Interval=1m,Flags=f')dnl
dnl Override some default paths
define(`HELP_FILE', `/etc/mail.del/helpfile')dnl
define(`STATUS_FILE', `/etc/mail.del/sendmail.st')dnl
define(`confCW_FILE', `/etc/mail.del/sendmail.cw')dnl
define(`confPID_FILE', `/etc/mail.del/sendmail.pid')dnl
dnl Pick up our "normal" mail queue directories
define(`QUEUE_DIR', `/var/spool/mqueue.del/q*')dnl
dnl Stop the flooding
define(`confCONNECTION_RATE_THROTTLE', `25')dnl
dnl Load management stuff
define(`confMAX_DAEMON_CHILDREN', `200')dnl
define(`confQUEUE_LA',`4')dnl
define(`confREFUSE_LA',`8')dnl
dnl Wait a day to send a delivery delay warning, not 4 hours. This gets us through downtimes
dnl and fileserver outages and such
define(`confTO_QUEUEWARN',`1d')dnl
dnl Groups? We use AFS, we don't care.
define(`confDONT_INIT_GROUPS',`true')dnl
dnl Disable trying to get our "host" information from the IPs we listen to.
define(`confDONT_PROBE_INTERFACES',`true')dnl
dnl Where is our mailer?
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
dnl Some queue parameters (for defaults, and that poor default queue)
define(`confMAX_RUNNERS_PER_QUEUE', `10')dnl
define(`confQUEUE_SORT_ORDER', `Host')dnl
define(`confMIN_QUEUE_AGE', `5m')dnl
dnl Good stuff.
define(`confSHARED_MEMORY_KEY', `667')dnl
dnl Use the host status stuff, so we don't spend time trying to send to hosts that have
dnl already given us a problem
define(`confHOST_STATUS_DIRECTORY', `/var/spool/hoststat.del')dnl
dnl Unlimited.
define(`confMAX_QUEUE_CHILDREN', `0')dnl
dnl Slow address-troller's down
define(`confBAD_RCPT_THROTTLE', `5')dnl
dnl Make some timeouts a bit more reasonable
define(`confTO_CONNECT', `30s')dnl
define(`confTO_ICONNECT', `10s')dnl
define(`confTO_ACONNECT', `3m')dnl
define(`confTO_HELO', `30s')dnl
define(`confTO_INITIAL', `1m')dnl
define(`confTO_DATABLOCK', `10m')dnl
define(`confTO_DATAFINAL', `10m')dnl
dnl Cut down on really lame postmaster mail
define(`confDOUBLE_BOUNCE_ADDRESS', `')dnl
dnl Make delivery fast
define(`confDELIVERY_MODE', `b')dnl
dnl Do NOT support .forwards. Aliases and forwarding are pulled from LDAP
define(`confFORWARD_PATH', `')dnl
dnl Take care before splitting a message amongst queues by looking it up first
define(`confFAST_SPLIT', `0')dnl
dnl Don't pummel an external host. One at a time, mang. Remember, there's 9 of us.
define(`confSINGLE_THREAD_DELIVERY', `True')dnl
dnl Send stuff off to the milter. Fail to process the message if there's a problem.
INPUT_MAIL_FILTER(`incoming-milter', `S=inet:6601@milter.umbc.edu, F=T, T=C:1m;S:5m;R:5m;E:10m')dnl
dnl Standard features. Normal stuff, really.
dnl delay_checks speeds things up in case of DNS slowness
dnl conncontrol & ratecontrol should be fun, but we haven't played with them yet
dnl mailertable & virtusertable should really be moved to the directory so we can
dnl manage them more efficiently
FEATURE(`use_cw_file')dnl
FEATURE(`local_procmail')dnl
FEATURE(`smrsh')dnl
FEATURE(`relay_based_on_MX')dnl
FEATURE(`delay_checks')dnl
FEATURE(`ratecontrol')dnl
FEATURE(`conncontrol')dnl
FEATURE(`compat_check')dnl
FEATURE(`mailertable', `hash /etc/mail.del/mailertable')dnl
FEATURE(`virtusertable', `hash /etc/mail.del/virtusertable')dnl
EXPOSED_USER(`root')dnl
MAILER(local)dnl
MAILER(smtp)dnl
dnl This blocks trying to deliver mail to folks that can't read it ;)
LOCAL_RULESETS
Kuserstate nis passwd.byname
SLocal_localaddr
R$- $: $( userstate $1 $)
R$-:*INACTIVE*:$+ $#error $@ 5.2.1 $: "550 User Account Inactive"
R$-:*DEACTIVATED*:$+ $#error $@ 5.2.1 $: "550 User Account Deactivated"
R$-:*DELETED*:$+ $#error $@ 5.2.1 $: "550 User Account Deleted"
R$-:$+ $: $1