Solved Sendmail 8.15.2 - Map named "virtuser" not open

[FKEinternet]

I'm trying to get sendmail to receive email for any username at my domain. When mail is sent to the email address matching the owning username, e.g., intermark@intermarconcepts.com, the mail is delivered successfully. However, mail sent to any other address bounces, e.g., info@intermarconcepts.com.

sendmail -bv intermark@intermarconcepts.com returns

intermark@intermarconcepts.com... deliverable: mailer local, user intermark

sendmail -bv info@intermarconcepts.com returns

info@intermarconcepts.com... User unknown

sendmail -d0.1 -bt < /dev/null returns

Version 8.15.2
Compiled with: DNSMAP IPV6_FULL LOG MAP_REGEX MATCHGECOS MILTER
  MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB
  PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
  (short domain name) $w = Dreamer
  (canonical domain name) $j = Dreamer.FKEinternet.com.
  (subdomain name) $m = FKEinternet.com.
  (node name) $k = Dreamer.FKEinternet.com.
========================================================

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>

/etc/mail/local-host-names contains

fkeinternet.com
fkeinternet.net
intermarconcepts.com

/etc/mail/virtusertable contains

# Map one or all usernames at a source hostname to a specific (or the same)
# username at another target hostname.  Remember to add the source hostname
# to /etc/mail/local-host-names so that sendmail will accept mail for the
# source hostname.
#
@100.0.193.98  fkeinternet+%1
@100.0.193.99  fkeinternet+%1
@100.0.193.100  fkeinternet+%1
@100.0.193.101  fkeinternet+%1
@100.0.193.102  fkeinternet+%1
@fkeinternet.com  fkeinternet+%1
@fkeinternet.net  fkeinternet+%1
@intermarconcepts.com  intermark

makemap -u hash virtusertable.db returns

@100.0.193.99  fkeinternet+%1
@100.0.193.101  fkeinternet+%1
@fkeinternet.com  fkeinternet+%1
@fkeinternet.net  fkeinternet+%1
@intermarconcepts.com  intermark
@100.0.193.98  fkeinternet+%1
@100.0.193.100  fkeinternet+%1
@100.0.193.102  fkeinternet+%1

uname -a returns

FreeBSD Dreamer.FKEinternet.com. 10.2-RELEASE FreeBSD 10.2-RELEASE #0: Mon Oct  5 23:53:36 EDT 2015  root@Dreamer.FKEinternet.com.:/usr/obj/usr/src/sys/GENERIC  amd64

/etc/mail/Dreamer.mc contains

divert(-1)
#  The best documentation for this .mc file is:
#  /usr/share/sendmail/cf/README or
#  /usr/src/contrib/sendmail/cf/README
divert(0)
VERSIONID(`$ /etc/mail/Dreamer.mc,v 0.0.12 2016/01/11 22:58 wfredk $')
OSTYPE(freebsd6)
DOMAIN(generic)

define(`confLOG_LEVEL', 18)

define(`confEBINDIR', `/usr/local/libexec')dnl
define(`UUCP_MAILER_PATH', `/usr/local/bin/uux')dnl

dnl The group needs to be mail in order to read the sasldb2 file
define(`confRUN_AS_USER',`root:mail')dnl

LOCAL_DOMAIN(`localhost Dreamer mail ftp www secure ns1 ns2')

FEATURE(access_db, `hash -T<TMPF> -o /etc/mail/access.db')
dnl FEATURE(access_db)dnl
FEATURE(blacklist_recipients)
dnl FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable.db')
FEATURE(relay_based_on_MX)
FEATURE(relay_entire_domain)
dnl FEATURE(virtusertable)
FEATURE(virtusertable, `-v hash /etc/mail/virtusertable.db')
FEATURE(local_procmail)

FEATURE(delay_checks)

dnl Settings for SMTP AUTH as client and server
define(`confAUTH_MECHANISMS',`LOGIN PLAIN')
dnl Allow authenticated users relay access
dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl
dnl Offer SMTP AUTH only after encryption (STARTTLS) has been negotiated
define(`confAUTH_OPTIONS',`p,y')dnl
dnl Don't ask for client cert(s)
define(`confTLS_SRV_OPTIONS', `V')
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/FKE-ca.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/mail-cert.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/mail-key.pem')dnl
define(`confCRL', `CERT_DIR/revoke.crl')dnl
define(`confCLIENT_CERT', `CERT_DIR/mail-cert.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/mail-key.pem')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
dnl Offer STARTTLS at session beginning for smtps (M=s)
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

dnl set SASL options
dnl TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5')dnl
dnl define(`confAUTH_MECHANISMS',`DIGEST-MD5 CRAM-MD5')dnl
define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl

define(`confDONT_BLAME_SENDMAIL',`GroupReadableSASLDBFile')dnl

dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6')

define(`confMAX_MIME_HEADER_LENGTH', `256/128')
dnl define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `goaway')

FEATURE(`nouucp', `reject')

# List of IP addresses we allow relaying from.
Klocalip hash -a<MATCH> /etc/mail/localip
Kpopip hash -a<MATCH> /etc/mail/popip.db
dnl Kpopip btree -a<MATCH> /etc/mail/dracd
dnl Kpopip btree -a<MATCH> /etc/mail/popip

# dynamic relay authorization control map
Kdrac btree -o /usr/local/etc/dracd

LOCAL_RULESETS

SLocal_check_rcpt

# allow recent POP/IMAP mail clients to relay
R$*  $: $&{client_addr}
R$+  $: $(drac $1 $: ? $)
R?  $@ ?
R$+  $@ $#OK

# Put the address into cannonical form (even if it doesn't resolve to an MX).
R$*  $: $>Parse0 $>3 $1
R$* < $* > $*  $: $1 < $2 . > $3  Pretend it's canonical.
R$* < $* . . > $*  $1 < $2 . > $3  Remove extra dots.

# Allow relaying if the connected host is a local IP address.
R$*  $: < $&{client_addr} >  Get client IP address.
R<>  $#OK  Local is ok.
R< $* . $- > $*  $(localip $1.$2 $: < $1 > . $2 $)  Check last three octets.
R$* < MATCH >  $#OK
R< $- > $*  $: $(localip $1 $: < > $1 $2 $)  Check first octet.
R$* < MATCH >  $#OK

# Allow relaying if the connected host has recently POP3 authenticated.
R$*  $: < $&{client_addr} >  Get client IP address.
R< $* >  $(popip $1 $)  Check full address.
R$* < MATCH >  $#OK

# IP address didn't match.

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
dnl define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)

Over the past two weeks, I've built and rebuilt Sendmail countless times. I got poprelayd working to support POP-before-SMTP, and rewrote its rc.d script so it works correctly to start, stop and report the status of the service. I got drac installed and working (which probably means I don't need poprelayd, but I don't think it's hurting). I adapted the Secure SMTP and POP access on FreeBSD instructions at http://www.hydrus.org.uk/journal/secure-mail.html and got Qpopper configured for TLS. I read chapter 27.9. SMTP Authentication of the Handbook at https://www.freebsd.org/doc/handbook/SMTP-Auth.html to try to get STARTTLS working but had to follow a bunch of other pages to actually make it work because that page is quite outdated now. I also found that sendmail.org has been taken over by Proofpoint, Inc., and there's no documentation newer than 8.13 (at best) - and there likely isn't going to be any newer documentation from sendmail, ever. (100% of the links that I tried on their "Useful Links" page at http://www.sendmail.com/sm/open_source/docs/links/ failed, and it wasn't hard to find pages that haven't been updated since 1997.) Now I've got a system where I can telnet in to the mail server and manually send mail, and Thunderbird can retrieve mail from the intermark@intermarconcepts.com mailbox, but it can't send mail, and mail sent to any of the user accounts in the domain bounces.

I'm at a loss here: Why isn't sendmail reading the virtusertable database?



Someone asked me "Why is this taking so long?" All I could say is "Because of incomplete, conflicting, obsolete and erroneous documentation that's spread out all over the Web instead of being collected in a localized resource center." I was trying to keep notes so I'd be able to do this again with less pain the next time around, but there have been too many setbacks, diversions and restarts, and I lost track along the way ....

 

[usdmatt]

Have you tried with the default configuration files? I've never had any problem with "catch-all" addresses, although to be honest I would heavily advise against them. There is very little point to accepting mail to any address, when you can just accept the addresses you want to use and bounce everything else.

The one thing that stands out is the following

FEATURE(virtusertable, `-v hash /etc/mail/virtusertable.db')

On mine it matches the format of the mailertable entry:

FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

I'm also not a big fan of relay_based_on_MX. The IP relay stuff looks overly complicated too. I would just put local ranges into relay-domains and require anyone else to auth over SMTP rather than all that dynamic stuff.

 

[FKEinternet]

... "catch-all" addresses, although to be honest I would heavily advise against them. There is very little point to accepting mail to any address, when you can just accept the addresses you want to use and bounce everything else.

Two problems come immediately to mind with not using catch-all addresses:

1. When I go to site example.com and they want an email address, I want to know where they've sold my email address, so I use example.com@intermarconcepts.com to create a unique email address to use on their form. I'd have to rebuild the sendmail configuration every time I went to a new Web site if I did that.
2. I don't want to have to rebuild the sendmail configuration every time a hosted domain adds or removes a user.

The one thing that stands out is the following

FEATURE(virtusertable, `-v hash /etc/mail/virtusertable.db')

On mine it matches the format of the mailertable entry:

FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

According to the makemap() documentation, the -o switch is for adding to an existing file. I'm pretty sure I don't want to do that when I'm creating a new virtusertable.db, although I wouldn't be surprised if the FEATURE parameter is not passed to makemap() as command line parameters. Either way, I had been using

FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

and only recently changed it after reading the man page. When I put it back, do rm virtusertable.db and make all install restart, I still get the same results in sendmail -bt:

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map virtuser @intermarconcepts.com
Map named "virtuser" not open

I'm also not a big fan of relay_based_on_MX. The IP relay stuff looks overly complicated too. I would just put local ranges into relay-domains and require anyone else to auth over SMTP rather than all that dynamic stuff.

I did have a configuration working a number of years ago before STARTTLS entered the picture, although I had to use log2db instead of poprelayd because the latter didn't work. Now I can't find log2db, and in the process of beating poprelayd into submission I had to go through a few Berkeley DB iterations with the log reader and sendmail to get them to communicate. I suspect the problem is ordering in the Dreamer.mc, but finding cohesive documentation about what has to be in which order has proven impossible.

I had a deadline where I had to switch this domain over to my own server, and now it can't get any email. It would be dangerous to switch back to a more permissive configuration and try adding things until it breaks, but I guess that's what I've got to do. I suppose I can turn off access to ports 25 and 465 at the firewall so I don't have an open relay while I'm testing. That means noone on the outside will be able to send mail here until I get a working configuration in place - but that's really no different than what I've got now...

 

[FKEinternet]

Thanks to whoever moved this thread to the correct forum!

 

[FKEinternet]

In access

To:intermarconcepts.com     OK

I tried this. After editing access and saving it, I did this:

# make all
/usr/sbin/makemap hash access.db < access
chmod 0640 access.db
# sendmail -bv info@intermarconcepts.com
info@intermarconcepts.com... User unknown

To ensure something wasn't left out by the make all, I tried this:

# make install restart
install -m 444 /etc/mail/Dreamer.cf /etc/mail/sendmail.cf
install -m 444 /etc/mail/Dreamer.submit.cf /etc/mail/submit.cf
Restarting: sendmail sendmail-clientmqueue.
# sendmail -bv info@intermarconcepts.com
info@intermarconcepts.com... User unknown

I did a sendmail -bt test with the To:intermarconcepts.com entry, then restored the previous access file without it and repeated the sendmail -bt test:

# sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 3,0 info@intermarconcepts.com
canonify  input: info @ intermarconcepts . com
Canonify2  input: info < @ intermarconcepts . com >
Canonify2  returns: info < @ intermarconcepts . com . >
canonify  returns: info < @ intermarconcepts . com . >
parse  input: info < @ intermarconcepts . com . >
Parse0  input: info < @ intermarconcepts . com . >
Parse0  returns: info < @ intermarconcepts . com . >
ParseLocal  input: info < @ intermarconcepts . com . >
ParseLocal  returns: info < @ intermarconcepts . com . >
Parse1  input: info < @ intermarconcepts . com . >
Parse1  returns: $# local $: info
parse  returns: $# local $: info
> /quit
# mv access access-test
# mv access~ access
# rm access.db
# make all
/usr/sbin/makemap hash access.db < access
chmod 0640 access.db
# sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> 3,0 info@intermarconcepts.com
canonify  input: info @ intermarconcepts . com
Canonify2  input: info < @ intermarconcepts . com >
Canonify2  returns: info < @ intermarconcepts . com . >
canonify  returns: info < @ intermarconcepts . com . >
parse  input: info < @ intermarconcepts . com . >
Parse0  input: info < @ intermarconcepts . com . >
Parse0  returns: info < @ intermarconcepts . com . >
ParseLocal  input: info < @ intermarconcepts . com . >
ParseLocal  returns: info < @ intermarconcepts . com . >
Parse1  input: info < @ intermarconcepts . com . >
Parse1  returns: $# local $: info
parse  returns: $# local $: info
> /map virtuser @intermarconcepts.com
Map named "virtuser" not open
> /quit

Clearly the problem is not that something is missing from access, but that sendmail is failing to load the virtusertable database.

in virtusertable on the right hand side

%1@intermarconcepts.com

Actually, no: The %1 is replaced with the username portion of the original email address, info in the case of info@intermarconcepts.com. Your proposed change would route mail for info@intermarconcepts.com to info@intermarconcepts.com which would then be routed to info@intermarconcepts.com which would then ... a mail loop.

I want to route mail to mailboxes within the intermark local user account, so the line I want in virtusertable is actually

@intermarconcepts.com  intermark+%1

so procmail() will put the mail in the correct mailbox. However, since virtusertable isn't being loaded by sendmail, nothing is being sent to procmail() and I simplified the entry so everything would go to the default intermark mailbox to eliminate possible downstream problems. The failure is further illustrated by another sendmail -bt session:

> /parse info@intermarconcepts.com
Cracked address = $g
Parsing envelope recipient address
canonify  input: info @ intermarconcepts . com
Canonify2  input: info < @ intermarconcepts . com >
Canonify2  returns: info < @ intermarconcepts . com . >
canonify  returns: info < @ intermarconcepts . com . >
parse  input: info < @ intermarconcepts . com . >
Parse0  input: info < @ intermarconcepts . com . >
Parse0  returns: info < @ intermarconcepts . com . >
ParseLocal  input: info < @ intermarconcepts . com . >
ParseLocal  returns: info < @ intermarconcepts . com . >
Parse1  input: info < @ intermarconcepts . com . >
Parse1  returns: $# local $: info
parse  returns: $# local $: info
2  input: info
2  returns: info
EnvToL  input: info
EnvToL  returns: info
final  input: info
final  returns: info
mailer local, user info

 

[FKEinternet]

Something else is going on here: I've now got the configuration stripped down to a minimal adaptation of the stock FreeBSD files:

Dreamer.mc contains

divert(-1)
#  The best documentation for this .mc file is:
#  /usr/share/sendmail/cf/README or
#  /usr/src/contrib/sendmail/cf/README
divert(0)
VERSIONID(`$FreeBSD 10.2 2016/01/13 00:27 wfredk $')
OSTYPE(freebsd6)
DOMAIN(generic)

define(`confLOG_LEVEL', 18)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Enable for both IPv4 and IPv6 (optional)
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)

virtusertable only contains

@intermarconcepts.com  intermark

After saving the files, I did this:

#> rm virtusertable.db
#> make all install
/usr/bin/m4 -D_CF_DIR_=/usr/local/share/sendmail/cf/  /usr/local/share/sendmail/cf/m4/cf.m4 /etc/mail/Dreamer.mc > /etc/mail/Dreamer.cf
/usr/sbin/makemap hash virtusertable.db < virtusertable
chmod 0640 virtusertable.db
install -m 444 /etc/mail/Dreamer.cf /etc/mail/sendmail.cf
install -m 444 /etc/mail/Dreamer.submit.cf /etc/mail/submit.cf
#> sendmail -bv info@intermarconcepts.com
info@intermarconcepts.com... User unknown
#> sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map virtuser @intermarconcepts.com
Map named "virtuser" not open
> /quit
#> cat mailertable
100.0.193.98  local:fkeinternet
100.0.193.99  local:fkeinternet
100.0.193.100  local:fkeinternet
100.0.193.101  local:fkeinternet
100.0.193.102  local:fkeinternet
.fkeinternet.com  local:intermark
.fkeinternet.net  local:intermark
.intermarconcepts.com  local:intermark
#> cat access
# Mail relay access control list.  Default is to reject mail unless the
# destination is local, or listed in /etc/mail/local-host-names
#
Connect:127  RELAY
Connect:192.168.14  RELAY
Connect:100.0.193.98  OK
Connect:100.0.193.99  OK
Connect:100.0.193.100  OK
Connect:100.0.193.101  OK
Connect:100.0.193.102  OK

## Examples (commented out for safety)
#From:cyberspammer.com  ERROR:"550 We don't accept mail from spammers"
#From:okay.cyberspammer.com  OK
#Connect:sendmail.org  RELAY
#To:sendmail.org  RELAY
#Connect:128.32  RELAY
#Connect:128.32.2  SKIP
#Connect:IPv6:1:2:3:4:5:6:7  RELAY
#Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
#Connect:[127.0.0.3]  OK
#Connect:[IPv6:1:2:3:4:5:6:7:8] OK
#> cat localip
100.0.193.98  local:fkeinternet
100.0.193.99  local:fkeinternet
100.0.193.100  local:fkeinternet
100.0.193.101  local:fkeinternet
100.0.193.102  local:fkeinternet
192.168.14.69  OK
192.168.14.73  OK
192.168.14.253  OK
127.0.0.1  OK
#> sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map mailer .intermarconcepts.com
Map named "mailer" not found
> /map mailertable .intermarconcepts.com
Map named "mailertable" not open
> /map access Connect:127
Map named "access" not open
> /map localip 127.0.0.1
Map named "localip" not found
> 3,0 info@intermarconcepts.com
canonify  input: info @ intermarconcepts . com
Canonify2  input: info < @ intermarconcepts . com >
Canonify2  returns: info < @ intermarconcepts . com . >
canonify  returns: info < @ intermarconcepts . com . >
parse  input: info < @ intermarconcepts . com . >
Parse0  input: info < @ intermarconcepts . com . >
Parse0  returns: info < @ intermarconcepts . com . >
ParseLocal  input: info < @ intermarconcepts . com . >
ParseLocal  returns: info < @ intermarconcepts . com . >
Parse1  input: info < @ intermarconcepts . com . >
Parse1  returns: $# local $: info
parse  returns: $# local $: info
> /map virtuser @intermarconcepts.com
Map named "virtuser" not open
> /map virtusertable @intermarconcepts.com
Map named "virtusertable" not found
> /map popip 192.168.14.73
Map named "popip" not found
> /quit

I have to wonder if there's a permissions problem because it seems sendmail isn't opening any of the database tables. The directory listing (minus a bunch of junk files) looks like this:

drwxr-xr-x  5 root  wheel  51B Jan 13 00:38 .
drwxr-xr-x  23 root  wheel  168B Jan 12 02:02 ..
-rw-r--r--  1 root  mail  57K Jan 13 00:38 Dreamer.cf
-rw-r--r--  1 root  wheel  1.0K Jan 13 00:32 Dreamer.mc
-rw-r--r--  1 root  mail  40K Jan 10 20:54 Dreamer.submit.cf
-rw-r--r--  1 root  mail  942B Jan 10 17:07 Dreamer.submit.mc
-rw-r--r--  1 root  mail  6.7K Aug 12 11:27 Makefile
-rw-r--r--  1 root  mail  2.8K Aug 12 11:27 README
-rw-r--r--  1 root  wheel  718B Jan  3 16:07 access
-rw-r-----  1 root  wheel  128K Jan 12 18:37 access.db
-rw-r--r--  1 root  mail  1.5K Jan  3 16:23 aliases
-rw-r-----  1 root  mail  48K Jan 10 14:35 aliases.db
drwxr-xr-x  2 root  mail  10B Jan 10 22:00 certs
-r--r--r--  1 root  mail  5.5K Aug 12 11:27 helpfile
-rw-r--r--  1 root  mail  53B Jan 11 22:44 local-host-names
-rw-r--r--  1 root  mail  223B Jan 11 22:56 localip
-rw-r-----  1 root  mail  128K Jan 11 22:59 localip.db
-rw-r--r--  1 root  mail  272B Jan  3 23:30 mailer.conf
-rw-r--r--  1 root  mail  275B Jan 11 22:21 mailertable
-rw-r-----  1 root  mail  128K Jan 11 22:58 mailertable.db
-rw-r--r--  1 root  mail  128K Jan 13 00:57 popip.db
-rw-r--r--  1 root  mail  3.9K Jan  4 01:28 poprelay.conf
-rw-r--r--  1 root  mail  784B Jan  3 14:18 relay-domains
-r--r--r--  1 root  wheel  57K Jan 13 00:38 sendmail.cf
-rw-------  1 root  mail  0B Jul 17  2006 statistics
-r--r--r--  1 root  wheel  40K Jan 13 00:38 submit.cf
-rw-r--r--  1 root  mail  34B Jan 12 19:24 virtusertable
-rw-r-----  1 root  wheel  128K Jan 13 00:38 virtusertable.db

 

[FKEinternet]

I found a 2001 "Map virtuser doesnt work" thread in comp.mail.sendmail.

Remove the "-o". That says that the map is optional. In case of error, you won't get any error message for an optional map

in discussing the virtusertable feature. (This was the first place where I found an explanation of a "command line switch" in a sendmail FEATURE statement, and it conflicts with the makemap() man page that says the '-o' command line switch causes makemap to "Append to an old file.") I removed the "-o" switch from all of the database creation statements in the stripped-down Dreamer.mc file I was working with (If there are errors, I want to know about them!!) and rebuilt all of the databases. Sure enough, this changed the behavior when sendmail -bv info@intermarconcepts.com ran:

Cannot open hash database /etc/mail/virtusertable.db: Invalid argument
info@intermarconcepts.com... deliverable: mailer local, user info

and when I ran sendmail -bt:

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map virtuser @intermarconcepts.com
Cannot open hash database /etc/mail/virtusertable.db: Invalid argument
map_lookup: virtuser (@intermarconcepts.com) no match (75)

I went through a number of iterations and tangents trying to fix the syntax of the virtusertable file, or its permissions, but I kept getting the same Invalid argument result.

In the process of getting poprelayd to work, I had gone through a bit of a hassle to get sendmail and poprelayd both using the same version of the Berkeley DB library, I've now got version 6 installed. Something made me wonder what version of BDB makemap was using. That bit of information proved to be rather elusive, but this series of commands turned up the smoking gun:

#> which makemap
/usr/sbin/makemap
#> which sendmail
/usr/local/sbin/sendmail
#> ls /usr/sbin/makemap
-r-xr-xr-x  1 root  wheel  82K Oct  6 00:31 /usr/sbin/makemap
#> ls /usr/local/sbin/sendmail
-r-xr-sr-x  1 root  smmsp  698K Jan 10 20:51 /usr/local/sbin/sendmail

It turns out the correct version of makemap is at/usr/local/sbin/makemap, so I expected this series of commands to fix the problem:

#> mv /usr/sbin/makemap /usr/sbin/makemap-old
#> which makemap
/usr/local/sbin/makemap
#> rm virtusertable.db
#> make all
/usr/sbin/makemap hash virtusertable.db < virtusertable
/usr/sbin/makemap: not found
*** Error code 127

Stop.
make: stopped in /etc/mail

Obviously that didn't work right, and grep makemap Makefile turned up the problem:

MAKEMAP?=  /usr/sbin/makemap
# type to use when calling makemap.
# The makemap command is used to generate a hashed map from the textfile.
# and can be rebuild without the help of makemap.

Both makemap and sendmail were hard-coded in Makefile to be in the /usr/sbin directory, and since neither one of those files is the right one, it's a wonder anything worked at all. I changed Makefile to point to the correct executables in /usr/local/sbin, deleted all of the .db files, and started again:

#> newaliases
/etc/mail/aliases: 32 aliases, longest 27 bytes, 365 bytes total
#> make all install
/usr/local/sbin/makemap hash mailertable.db < mailertable
chmod 0640 mailertable.db
/usr/local/sbin/makemap hash virtusertable.db < virtusertable
chmod 0640 virtusertable.db
/usr/local/sbin/makemap hash access.db < access
chmod 0640 access.db
install -m 444 /etc/mail/Dreamer.cf /etc/mail/sendmail.cf
install -m 444 /etc/mail/Dreamer.submit.cf /etc/mail/submit.cf
#> sendmail -bv info@intermarconcepts.com
info@intermarconcepts.com... deliverable: mailer local, user intermark

SUCCESS!! After nearly two weeks of battling with this, I've finally gotten to where sendmail() is going to deliver mail to local accounts properly!