ArticlesArticles Most Popular ArticlesMost Popular Articles
RSS Feeds
DrillDown Icon Table of Contents
DrillDown Icon 2020 Official Holidays & Support Schedule
DrillDown Icon IMPORTANT: End of Life of SHA1 on Windows Server 2003
DrillDown Icon IMPORTANT: Supported Operating Systems
DrillDown Icon PLEASE READ: Our Update Server IPs Have Changed
DrillDown Icon Support
DrillDown Icon modusGate for Microsoft Azure
DrillDown Icon modusCloud
DrillDown Icon Alleviating Spam – Best Practices
DrillDown Icon directQuarantine Technical Information
DrillDown Icon modusMail & modusGate Technical Information
DrillDown Icon Documentation & Release Information
DrillDown Icon Known Issues (non-release related)
DrillDown Icon Configuration Information
DrillDown Icon modusGate & modusMail
DrillDown Icon modusGate Only
DrillDown Icon How-to: Perform a Backup/Restore on a modusGate Appliance
DrillDown Icon How-to: Integrate modusGate with a PGP Gateway
DrillDown Icon How-to: Reset a ModusGate Appliance to its Original State
DrillDown Icon How-to: Encrypt ModusGate User List Population and Authentication Requests
DrillDown Icon How-to: Install ModusGate v4.4 on Small Business Server 2003
DrillDown Icon Info: Appliance Cannot Access the ModusGate Console or System Health Panel
DrillDown Icon Info: ModusGate Appliance Cannot be Reached after Hooking up to the Network
DrillDown Icon How-To: Configure ModusGate with Specific OpenLDAP Server Attributes
DrillDown Icon How-To: Configure ModusGate with Sun One Open Directory for Sun Email Servers
DrillDown Icon Info: Mailbox Verification vs. Mailbox Authentication
DrillDown Icon How-To: Deactivate the Mimicking of Active Directory’s "Disabled Accounts" in ModusGate
DrillDown Icon Info: Forward Lookup / Pre-auth Options in ModusGate
DrillDown Icon How-To: Change the IIS Port on the ModusGate Appliance
DrillDown Icon How-To: Configure ModusGate with an Exchange/Outlook Junk Email Folder
DrillDown Icon How-To: Deploy ModusGate with Exchange/LDAP Servers
DrillDown Icon How-To: Deploy ModusGate with Groupwise
DrillDown Icon How-To: Deploy ModusGate with Lotus Domino 5 & 6
DrillDown Icon How-To: Deploy ModusGate with Postfix
DrillDown Icon How-To: Deploy ModusGate with Qmail
DrillDown Icon How-To: Deploy ModusGate with Sendmail
DrillDown Icon How-To: Prevent the Accumulation of Invalid User Names with Remote Exchange Server
DrillDown Icon How-To: Test POP3 Authentication with ModusGate
DrillDown Icon Info: Modusadm will not start while installed on Exchange 2013.
DrillDown Icon How-To: Upgrade NEP to modusGate \ modusCloud
DrillDown Icon How-To: Deploy ModusGate with Azure
DrillDown Icon modusMail Only
DrillDown Icon SQL Server Information
DrillDown Icon MySQL Information
DrillDown Icon Security
DrillDown Icon Sieve
DrillDown Icon Spam and False-Positives
DrillDown Icon Statistics and Monitoring Section
DrillDown Icon Web Components
DrillDown Icon Troubleshooting
DrillDown Icon Hardware & OS System Requirements
DrillDown Icon Tools
DrillDown Icon Other Product Technical Information
DrillDown Icon Professional Services
DrillDown Icon Newsletters
  Email This ArticlePrint PreviewPrint Current Article/Category and All Sub-Articles/Categories
 
How-To: Deploy ModusGate with Sendmail

 

Product: ModusGate

Version & Build: All

 
 

The purpose of this how-to is to outline the recommended configuration to enable ModusGate to communicate properly with your Sendmail server.

 

DISCLAIMER:  Vircom has limited knowledge of Sendmail systems and, therefore, make the following recommendations based on our knowledge of ModusGate and how it functions best.  We are not able to provide support for the Sendmail server itself.  If you require more information about Sendmail, please consult your product manual or visit their Website at www.sendmail.com.

 

 

Step 1 - Configure a domain and define its route(s)

 

Once the ModusGate program has been installed and the services have started, you must enter each domain for which ModusGate will filter mail and configure the route(s).  This is done, manually or by using the wizard, in the ModusGate Console in Connections - Properties - General.  For connection options and examples, please consult the ModusGate Administration Guide.

 

If there is more than one email server for a domain (such as a backup server), then several routes can be created per domain with different priorities.  Any additional routes will be used, in order, if the first email server does not respond.

 

Several domains can be routed to the same email server: enter each domain name and create the same route configuration for each.

 

 

 

Step 2 - Configure the Automatically update user list settings

 

Whenever ModusGate receives a message reception request, it must check whether or not the recipient mailbox is valid in order to either accept and filter the message or to reject it with a notification for the sending mail server.  This process is done through a forward lookup using the Automatically update user list configuration.  These settings also ensure that valid mailbox addresses and aliases are automatically created on the ModusGate server as the messages are received and processed.

 

After entering the domain name, click the Add Route button to access the following configuration settings:

 

NOTE: The recommendation is to use either OpenLDAP or SMTP_VRFY but only if you can make changes to the configuration as outlined below.  If you are unable to make these changes, you may have to use a standard SMTP connection.

 

 

1. SMTP on Port 25

 

This is the default communication method between ModusGate and all types of mail servers.  However, you must note the following:

  • Each valid email address and all aliases are all counted as separate mailboxes
  • Users can have different user settings (one per address)
  • Users will have several WebQuarantines (one per address)
  • Users will receive several Quarantine reports (one per address)

2. SMTP_VRFY on Port 25

 

By default, SendMail does not allow this SMTP command but it can be easily enabled by adding/modifying the line "PrivacyOptions=authwarnings,noexpn,restrictqrun,nobodyreturn,needmailhelo,restrictmailq" in the SendMail file '/etc/sendmail.cf'.

 

 

3.  Exchange 5.5 & 2000+:  To be used with Microsoft Exchange only

 

 

4.  OpenLDAP on Port 389:  This is the preferred option if Sendmail is configured with an OpenLDAP server.  See details below.

 

 

5. Lotus Domino:  Similar to SMTP_VRFY

 

 

6. Disabled (for manual, not automatic mailbox creation) 

 

User mailboxes and aliases must be entered and maintained manually in the ModusGate Console or WebAdmin interface.  This option involves little or no configuration changes and is intended for domains with small mailbox counts and few changes.

 

 

Configure OpenLDAP Settings on Port 389:

 

1. Make sure that the Route mail to host or IP address setting points to the valid email server IP address for that domain

 

2. Enter the IP address of the LDAP server for the domain (ideally the root server) in the field next to Automatically update user list 

 

3. ModusGate must access the LDAP server database by means of a user account that has Read access for all domains on the LDAP server itself.  You can use the rootdn but if this is a security issue, create a new user (on the LDAP server) that has Read capabilities on the LDAP database.

 

Configuration under LDAP Identification:

  • On the LDAP server, open the slapd.conf file (usually located in /usr/local/etc/openldap/slapd.conf)

The slapd.conf file is as follows:

database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data

 

In the Console (under Connections), at the LDAP Identification > Base DN field, enter the domain of the configured LDAP user in the format: dc=example,dc=com

 

 

4. In the Console (under Connections), at the LDAP Identification > User DN field, enter the domain of the configured LDAP user in the format: cn=username,dc=example,dc=com

 

Example of a typical object representing a user account:

dn: uid=john,ou=people,dc=example,dc=com
cn: John Doe
uid: john
uidNumber: 1001
gidNumber: 100
homeDirectory: /home/john
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount

 

5. In the Console (under Connections), at the LDAP Identification > Password field, enter the password of the configured LDAP user account.

 

Without a valid LDAP user login, ModusGate rejects all WebQuarantine and WebAdmin login attempts with a temporary error.

 

If experience problems with the configuration, we recommend using a Windows freeware LDAP browser program to test the connection.  Go to http://www.ldapadministrator.com and download the lightweight LDAP Browser 2.6.  It can be run on the ModusGate server to check credentials.  If the LDAP browser login is successful, it displays the LDAP directory contents.

 

 

Step 3 - Configure the Authentication request settings:

 

This setting is used to authenticate WebQuarantine and WebAdmin access.  Users must enter their full email address and password to log in.  ModusGate does not store any passwords so it, therefore, queries the mail or authentication server for validation.

 

The recommended setting to use with Sendmail is either OpenLDAP, SMTP Auth or POP3.

 

 

Alternative methods:

 

1.  SMTP_Auth on Port 25 in base64 coding

 

Please consult the following URL for information about enabling SMTP AUTHENTICATION on a SendMail server: http://www.joreybump.com/code/howto/smtpauth.html

 

 

2.  Exchange 5.5 & 2000+:  To be used with Microsoft only

 

 

3. POP3 on Port 110

 

This is the preferred option as most users are configured to use the POP3 protocol.  Test this with the option Strip domain name* disabled and enable it only if necessary.  Do not forget to click on Apply and Stop and Start all services in the Console.

 

* When using this setting, users are still required to enter their full email address to log into the Web applications but ModusGate will send only the username portion of the address for authentication.

 

 

4. OpenLDAP on Port 389

 

This is the preferred option if Sendmail is configured with an OpenLDAP server and if mailbox validation is already running this setting.

 

  

IMPORTANT:  If there are any firewalls installed between the ModusGate and Sendmail servers, you must allow communication on all ports configured above for the Modus server's IP address.

 

 

LDAP-related Internet pages: 

 

http://www.metaconsultancy.com/whitepapers/ldap.htm

http://www.openldap.org/doc/admin22/quickstart.html

http://www.openldap.org/doc/admin22/slapdconfig.html

 

Modified 12/20/2006
Keywords: pre-auth, Sendmail
Article ID: 1383