Config files of purest bottled evil

Just because I threatened to post this as an example, heres part of a sendmail.cf that I think was responsible for causing issues this morning (somewhere else, we prefer to use servers with legible configs)

SBasic_check_mail
# check for deferred delivery mode
R$* $: < $&{deliveryMode} > $1
R< d > $* $@ deferred
R< $* > $* $: $2

# authenticated?
R$* $: $1 $| $>"tls_client" $&{verify} $| MAIL
R$* $| $#$+ $#$2
R$* $| $* $: $1

R<> $@ <OK> we MUST accept <> (RFC 1123)
R$+ $: <?> $1
R<?><$+> $: <@> <$1>
R<?>$+ $: <@> <$1>
R$* $: $&{daemon_flags} $| $1
R$* f $* $| <@> < $* @ $- > $: < ? $&{client_name} > < $3 @ $4 >
R$* u $* $| <@> < $* > $: <?> < $3 >
R$* $| $* $: $2
# handle case of @localhost on address
R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost >
R<@> < $* @ [127.0.0.1] >
$: < ? $&{client_name} > < $1 @ [127.0.0.1] >
R<@> < $* @ localhost.$m >
$: < ? $&{client_name} > < $1 @ localhost.$m >
R<@> $* $: $1 no localhost as domain
R<? $=w> $* $: $2 local client: ok
R<? $+> <$+> $#error $@ 5.5.4 $: "553 Real domain name required for s
ender address"
R<?> $* $: $1
R$* $: <?> $>CanonAddr $1 canonify sender address
and mark it
R<?> $* < @ $+ . > <?> $1 < @ $2 > strip trailing dots
# handle non-DNS hostnames (*.bitnet, *.decnet, *.uucp, etc)
R<?> $* < @ $* $=P > $: <OKR> $1 < @ $2 $3 >
R<?> $* < @ $j > $: <OKR> $1 < @ $j >
R<?> $* < @ $+ > $: <? $(resolve $2 $: $2 <PERM> $) > $1 < @ $2 >
R<? $* <$->> $* < @ $+ >
$: <$2> $3 < @ $4 >

# check sender address: user@address, user@, address
R<$+> $+ < @ $* > $: @<$1> <$2 < @ $3 >> $| <F:$2@$3> <U:$2@> <D:$3>
R<$+> $+ $: @<$1> <$2> $| <U:$2@>
R@ <$+> <$*> $| <$+> $: <@> <$1> <$2> $| $>SearchList <+ From> $| <$3> <>
R<@> <$+> <$*> $| <$*> $: <$3> <$1> <$2> reverse result
# retransform for further use
R<?> <$+> <$*> $: <$1> $2 no match
R<$+> <$+> <$*> $: <$1> $3 relevant result, keep it

# handle case of no @domain on address
R<?> $* $: $&{daemon_flags} $| <?> $1
R$* u $* $| <?> $* $: <OKR> $3
R$* $| $* $: $2
R<?> $* $: < ? $&{client_addr} > $1
R<?> $* $@ <OKR> …local unqualed ok
R<? $+> $* $#error $@ 5.5.4 $: "553 Domain name required for sender address " $&f …remote is not
# check results
R<?> $* $: @ $1 mark address: nothing known about it
R<$={ResOk}> $* $@ <OKR> domain ok: stop
R<TEMP> $* $#error $@ 4.1.8 $: "451 Domain of sender address " $&f
" does not resolve"
R<PERM> $* $#error $@ 5.1.8 $: "553 Domain of sender address " $&f
" does not exist"
R<$={Accept}> $* $# $1 accept from access map
R<DISCARD> $* $#discard $: discard
R<QUARANTINE:$+> $* $#error $@ quarantine $: $1
R<REJECT> $* $#error $@ 5.7.1 $: "550 Access denied"
R<ERROR:$-.$-.$-:$+> $* $#error $@ $1.$2.$3 $: $4
R<ERROR:$+> $* $#error $: $1
R<<TMPF>> $* $#error $@ 4.3.0 $: "451 Temporary system failure. Pleas
e try again later."
R<$+> $* $#error $: $1 error from access db

18 thoughts on “Config files of purest bottled evil

    1. mostlyfoo

      I’m not shitting you, thats a real snippet from a real config file.

      sendmail.cf for when you really want to drive yourself to drink.

      Thankfully almost every other mail server on the market is easier to configure, but Sendmail still represents 24% of the mail servers in the world

      Reply
      1. mostlyfoo

        And before you ask I don’t know how it works either, I just know that somewhere in there the 5.1.8 “Domain of sender address ” $&f ” does not exist” error was being generated.

        Reply
        1. mostlyfoo

          It was because when sendmail was designed the machines had limited disk and memory I think, so the config parser had to be relatively small.

          It is (quick check) 26 years old.

          But yeah, times move on, these days most people running sendmail write the config files on the new Shiny! format, which is then translated by m4 into that kind above.

          Sadly this was not the case this morning I think.

          Reply
          1. mostlyfoo

            Hopefully we can get it binned and this will be the last time I have to deal with it.

            But thats unlikely, theres always another install of it, and its always going to go wrong when theres no one around who groks it. Mostly because most of the people who actually installed and configured sendmail have retired.

    1. mostlyfoo

      Nah, we HUP’d it a bit and it got its act together, but that was only because we couldn’t find Norm and TBO said he wouldn’t touch sendmail.

      I’ll be asking for this whole system to be binned however.

      Reply
        1. mostlyfoo

          I could neither confirm nor deny.

          Well thats lies.

          yes it was, we were fixing it as good will because we’d just moved their mail server to the new IP ranges and it fell ill in the process.

          Reply
          1. erikofviking

            Give them a nickel and tell them to get a real MTA. One they can actually understand when it goes wrong. One that we might actually be able to help with.

          2. mostlyfoo

            Its true, the amount of support we can offer for sendmail is little to none these days.

            The library does have the the bat book so we could have just sent them there.

          3. mostlyfoo

            Thats not support, but it might encourage people to drop it like a bucket of manure.

            I think even Eric Allman is telling people to use something else these days.

  1. captain_carrot

    Line noise, definately. I’m not a mail admin, but I have configured mail servers for home use before. Where are my useful comments, sensibly named and understandable variables, clear paths through the logic?

    Reply
  2. darius_of_lancs

    *snerk*

    Now’t wrong with Sendmail… I used to grok it as part of a living. Someone’s stuffed up on local ip address look ups though, so the thing don’t know it’s new home.

    (I did replace every sendmail with exim at a later date though)

    Reply

Leave a Reply