007 2860 002
User Manual: 007-2860-002
Open the PDF directly: View PDF .
Page Count: 293
Download | |
Open PDF In Browser | View PDF |
IRIX™ Admin: Networking and Mail Document Number 007-2860-002 CONTRIBUTORS Written by Arthur Evans and Jeffrey B. Zurschmeide, with updates by Pam Sogard Edited by Christina Cary Document Production by Cindy Stief Engineering contributions by Scott Henry, Carlin Otto, Kam Kashani, Andrew Cherenson, Chris Wagner, Dave Higgen, Jeff Doughty, Paul Mielke, Robert Stephens, Joe Yetter, Jack Weldon, Gretchen Helms, and Vernon Schryver. Cover design and illustration by Rob Aguilar, Rikk Carey, Dean Hodgkinson, Erik Lindholm, and Kay Maitz © Copyright 1996 Silicon Graphics, Inc.— All Rights Reserved This document contains proprietary and confidential information of Silicon Graphics, Inc. The contents of this document may not be disclosed to third parties, copied, or duplicated in any form, in whole or in part, without the prior written permission of Silicon Graphics, Inc. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure of the technical data contained in this document by the Government is subject to restrictions as set forth in subdivision (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.227-7013 and/or in similar or successor clauses in the FAR, or in the DOD or NASA FAR Supplement. Unpublished rights reserved under the Copyright Laws of the United States. Contractor/manufacturer is Silicon Graphics, Inc., 2011 N. Shoreline Blvd., Mountain View, CA 94039-7311. Silicon Graphics and IRIS are registered trademarks and 4DDN, 4DLT, CHALLENGE, FDDI Visualyzer, IRIS InSight, IRIS NetWorker, IRIS IRIX, NetVisualyzer, Onyx and are trademarks of Silicon Graphics, Inc. DSI is a trademark of Digicom Systems, Inc. Ethernet is a registered trademark of Xerox Corporation. Hayes is a registered trademark of Hayes Microcomputer Products, Inc. IBM 3270 is a trademark of International Business Machines, Inc. Intel is a registered trademark of Intel Corporation. Macintosh is a registered trademark of Apple Computer Corporation. MS-DOS is a registered trademark of Microsoft Corporation. Sun and RPC are registered trademarks and NFS is a trademark of Sun Microsystems, Inc. Tektronix is a trademark of Tektronix, Inc. Telebit is a registered trademark of Telebit Corporation. UNIX is a registered trademark of UNIX System Laboratories. U. S. Robotics is a registered trademark of U. S. Robotics, Inc. X Window System is a trademark of X Consortium, Inc. ZyXEL is a trademark of ZyXEL. IRIX™ Admin: Networking and Mail Document Number 007-2860-002 Contents List of Figures xiii List of Tables xv IRIX Admin Manual Set xvii About This Guide xix What This Guide Contains xix Conventions Used in This Guide Additional Resources xxi xx 1. Understanding Silicon Graphics’ Networking Products Networking Hardware 1 Networking Hardware Options 3 Controller Interface Names 3 Networking Software 4 Optional Networking Products 5 2. Planning a Network 7 Planning the Physical Network 7 Repeaters, Bridges, Routers, and Gateways 8 Performance Planning 9 Wide Area Networks 10 Internet Protocol Addresses 13 Format of Internet Protocol (IP) addresses 13 Obtaining a Network Number 15 Domain Names 17 Obtaining a Domain Name 17 Subdomains 17 1 iii Contents The Internet 18 Before Connecting to the Internet 18 Contacting Your Local Network Information Center Online Information Sources 22 Name-to-Address Mapping 24 The /etc/hosts database 24 Domain Name System 25 Network Information Service (NIS) 25 Planning to Subnet Local Networks 25 Allocating IP Addresses 27 Planning for Network Security 28 Using Common Network Applications 28 Electronic Mail 29 Network File System (NFS) 29 3. iv 19 Setting Up a Network 31 Configuring an IRIS System for a Network 31 Attaching Your Station to an Ethernet Network 32 Checking the Network Software Configuration 34 Modifying the Hosts Database 35 Naming Your Station 37 Testing Your Network Connectivity 37 Setting Up a Router 38 Configuring a Router With Two Interfaces 38 Configuring a Router With More Than Two Interfaces 39 Configuring Routing Behavior 40 Turning On Multicast Routing 41 Understanding Where Multicast Packets Are Forwarded 42 Setting Up Tunnels to Support Multicast Packets 43 Updating /etc/rpc for NIS Users 44 Subnetting a Network 45 Setting the Netmask 45 Rebooting the Station 46 Modifying the Network Interface Configuration 46 Modifying the Interface Name 47 Modifying the Interface Address 48 Assigning IP Aliases 49 Changing Network Parameters 51 Modifying the ifconfig-#.options File 52 Dynamic Host Configuration With Proclaim 53 Configuring the DHCP Server 54 Configuring the DHCP Relay Agent 54 The Proclaim Client 55 Limitations and Restrictions 55 Creating a Local Network Script 56 Turning On Remote Access Logging 56 Setting Up Network-Wide Services 56 How to Set Up a Proper Anonymous FTP Account Setting Up an InSight File Server 60 Troubleshooting Your Ethernet Connection 64 Cable Problems 64 Late Collisions 65 Packet Size 66 Unable to Contact Server System 66 Checking Additional Network Interfaces 67 4. 57 Managing a Network 69 Network Startup and Shutdown 69 Network Initialization Process 70 Network Shutdown Process 71 Network Management Tools 71 Interpreting Network Statistics 74 Testing Network Connectivity With ping 74 Measuring Network Throughput With ttcp 75 Collecting Network Statistics With netstat 76 v Contents Network Tuning Tips 77 Setting MTU Sizes 77 Setting Packet Forwarding 77 Setting Window Sizes 78 HTTP Considerations 78 Troubleshooting Poor Network Performance Hardware Problems 79 Network Configuration 79 Network Daemons 80 Packet Size 80 Kernel Configuration 80 5. vi 78 SLIP and PPP 83 Overview 84 Installing the Software 85 Selecting a Modem 86 IP Addresses for SLIP and PPP Clients 86 Configuring a System for Dial-Out 87 Configuration Files for Dial-Out 87 Sample SLIP Configuration for Dial-Out 90 Sample PPP Configuration for Dial-Out 91 Configuring a System for Dial-In 92 Configuring SLIP for Dial-In 92 Configuring PPP for Dial-In 94 SLIP and PPP Routing and Address Allocation 94 Proxy-ARP Routing for SLIP Connections 95 SLIP/PPP Subnet 97 Connecting Two Networks With SLIP or PPP 97 Using Dynamic Address Allocation With PPP 97 Configuring a Bidirectional Link 98 Starting SLIP or PPP at Boot Time 98 Demand Dialing 99 NFS Over SLIP or PPP 99 File Transfer Over SLIP or PPP 100 Troubleshooting SLIP and PPP Links 6. 100 BIND Name Server 103 The Domain Name Service 103 BIND Servers and Clients 105 Master Servers 106 Slave and Forwarding Servers 107 Caching-Only Server 107 Clients 108 The BIND Configuration Files 108 BIND’s Boot File 109 BIND’s named.hosts File 111 BIND’s named.rev File 111 BIND’s localhost.rev File 112 BIND’s root.cache File 112 BIND’s /etc/config/named.options File 112 Configuring Hostname Resolution With /etc/resolv.conf Setting Up a BIND Configuration 114 Configuring the Primary Server 115 Configuring the Secondary Server 119 Configuring a Caching-Only Server 120 Configuring the Forwarding Server 121 Configuring a Slave Server 122 Configuring the Client 123 Managing the BIND Environment 123 Adding a New Station 124 Deleting a Station 124 Adding Another Domain 124 Management Scripts 124 Debugging named 125 SYSLOG Messages 126 The nslookup Command 127 112 vii Contents viii 7. UUCP 129 Choosing TCP/IP or UUCP 130 Hardware Requirements for UUCP 131 UUCP Commands 131 UUCP User Programs 131 UUCP Administrative Programs 132 UUCP Daemons 133 Supporting Databases 134 The Devices File 135 The Dialers File 139 The Systems File 142 The Dialcodes File 145 The Permissions File 146 The Poll File 153 The Sysfiles File 154 Other UUCP Files 154 UUCP Administrative Files 155 Setting Up UUCP 157 Determining the Remote and Local Stations 157 Making the Physical Connection 158 Configuring the Local Station 158 Configuring the Remote Station 162 Setting Up UUCP on a TCP/IP Connection 165 Testing the UUCP Connection 166 UUCP Error Messages 169 ASSERT Error Messages 169 STATUS Error Messages 171 8. IRIX sendmail 175 The Mail System 176 An Overview of sendmail 177 System Organization 178 How sendmail Works 179 The sendmail Daemon 180 sendmail Scripts 180 sendmail Related Files and Directories 181 sendmail Commands 184 Aliases Database 185 Building the Aliases Database 185 Testing the Aliases Database 186 Alias Database Problems 187 List Owners 187 sendmail Network Configurations 188 Mail Domains 188 Mail Forwarders 189 Mail Relays 189 User-Configurable Macros and Classes 190 Domain Name Macro and Class (D) 190 Forwarder Station Name Macro and Class (F) 191 Relay Station Name Macro (R) 191 Top-Level Domain Macro (T) 192 Killed Stations Class (K) 192 Pathalias Database Macro (P) 192 sendmail Planning Checklist 192 Configuring sendmail 193 Customizing the sendmail.cf File 194 Modifying the Aliases Database 202 Starting the sendmail Daemon 204 Managing sendmail 205 sendmail Command-Line Flags 205 Debugging Flags 207 Using a Different Configuration File 207 The Mail Queue 208 The .forward File 209 sendmail Questions, Problems, and Troubleshooting 210 ix Contents Notes to Current sendmail Users 211 MX Record Support 212 Multi-Token Class Match 212 x 215 A. BIND Standard Resource Record Format Standard Resource Record Format 215 $INCLUDE 217 $ORIGIN 217 SOA—Start of Authority 217 NS—Name Server 218 A—Address 219 HINFO—Host Information 219 WKS—Well-Known Services 219 CNAME—Canonical Name 220 PTR – Domain Name Pointer 220 MB—Mailbox 220 MR—Mail Rename Name 221 MINFO—Mail Information 221 MG—Mail Group Member 221 MX—Mail Exchanger 221 RP—Responsible Person 222 TXT—Text 223 B. IRIX sendmail Reference 225 sendmail Command-Line Flags 225 Changing the Values of Configuration Options Delivery Mode 226 Queue Mode 226 Daemon Mode 226 Verify Mode 227 Test Mode 227 Debugging Flags 227 Using a Different Configuration File 228 225 Tuning 228 Timeouts and Intervals 229 Forking During Queue Runs 230 Queue Priorities 230 Load Limiting 231 Log Level 232 The Configuration File 233 The Syntax 233 The Semantics 239 Relevant Issues 246 Flags, Options, and Files 251 Command-Line Flags 252 Configuration Options 253 Mailer Flags 256 Support Files 258 Debugging Flags 259 Index 263 xi List of Figures Figure 1-1 Figure 1-2 Figure 2-1 Figure 2-2 Figure 2-3 Figure 3-1 Figure 3-2 Figure 6-1 Figure 6-2 Figure 8-1 Figure 8-2 Figure 8-3 Figure B-1 Ethernet Network Attachment 2 Serial Line Network 3 Heterogeneous Network With Wide-Area Connections The Format of Internet Protocol (IP) Addresses 14 Subnetted Class B Address 27 A Network With Multicast Routers 42 A Tunnel Between Networks A and C 43 Partial View of Domain Name Space 104 Example BIND Configuration 115 Layers of TCP/IP Mail Software 177 sendmail System Structure 179 Example sendmail Configuration Environment 194 Semantics of Rewriting Rule Sets 245 11 xiii List of Tables Table 1-1 Table 1-2 Table 2-1 Table 2-2 Table 3-1 Table 6-1 Table 6-2 Table 7-1 Table 7-2 Table 7-3 Table 7-4 Table 7-5 Table 8-1 Standard Networking Software 4 Optional Networking Products 5 Network Device Characteristics 9 Network Information Centers 20 Variables for the netif.options File 47 BIND Server Configurations 106 named Database Files 109 Comparison of TCP/IP and UUCP 130 UUCP Escape Sequences 140 Three-Wire Null-Modem Pinning Configuration Assert Error Messages 169 STATUS Error Messages 172 Sample aliases File Entries 202 158 xv IRIX Admin Manual Set This guide is part of the IRIX Admin manual set, which is intended for administrators: those who are responsible for servers, multiple systems, and file structures outside the user’s home directory and immediate working directories. If you find yourself in the position of maintaining systems for others or if you require more information about IRIX™ than is in the end-user manuals, these guides are for you. The IRIX Admin guides are available through the IRIS InSight™ online viewing system. The set comprises these volumes: xvii IRIX Admin Manual Set xviii • IRIX Admin: Software Installation and Licensing—Explains how to install and license software that runs under IRIX, the Silicon Graphics® implementation of the UNIX® operating system. Contains instructions for performing miniroot and live installations using Inst, the command line interface to the IRIX installation utility. Identifies the licensing products that control access to restricted applications running under IRIX and refers readers to licensing product documentation. • IRIX Admin: System Configuration and Operation—Lists good general system administration practices and describes system administration tasks, including configuring the operating system; managing user accounts, user processes, and disk resources; interacting with the system while in the PROM monitor; and tuning system performance. • IRIX Admin: Disks and Filesystems—Explains disk, filesystem, and logical volume concepts. Provides system administration procedures for SCSI disks, XFS™ and EFS filesystems, XLV logical volumes, and guaranteed-rate I/O. • IRIX Admin: Networking and Mail—Describes how to plan, set up, use, and maintain the networking and mail systems, including discussions of sendmail, UUCP, SLIP, and PPP. • IRIX Admin: Backup, Security, and Accounting—Describes how to back up and restore files, how to protect your system’s and network’s security, and how to track system usage on a per-user basis. • IRIX Admin: Peripheral Devices—Describes how to set up and maintain the software for peripheral devices such as terminals, modems, printers, and CD-ROM and tape drives. • IRIX Admin: Selected Reference Pages (not available in InSight)—Provides concise reference page (manual page) information on the use of commands that may be needed while the system is down. Generally, each reference page covers one command, although some reference pages cover several closely related commands. Reference pages are available online through the man command. About This Guide This guide explains how to set up and maintain a network of IRIS® workstations and servers. It includes information on TCP/IP networking, including SLIP and PPP, UUCP networking, and configuring the sendmail mail transfer agent. The standard network communications software that runs on Silicon Graphics® workstations is derived from the networking software in the 4.3BSD UNIX® releases from the University of California at Berkeley and the Sun® Microsystems RPC® (remote procedure call) system. The IRIX operating system implements the Internet Protocol suite and UNIX domain sockets using the 4.3BSD UNIX socket mechanism. The system also supports access to the underlying network media by means of raw sockets. What This Guide Contains IRIX Admin: Networking and Mail contains the following chapters: • Chapter 1, “Understanding Silicon Graphics’ Networking Products,” discusses Silicon Graphics standard hardware and software networking products and describes the standard software configuration (files, daemon, processes). • Chapter 2, “Planning a Network,” provides insight into planning a network. It includes internet addressing, the hosts database file, when to use certain applications, how to subnet a network, security issues, and heterogeneous network considerations. • Chapter 3, “Setting Up a Network,” describes, through example, the process of configuring a network (homogeneous and heterogeneous), how to set up a router, and basic troubleshooting advice. • Chapter 4, “Managing a Network,” describes the various tools available for managing a network, including backup strategies, performance issues, and fault isolation. • Chapter 5, “SLIP and PPP,” describes the features and functions of SLIP and details how to connect two stations using SLIP. xix About This Guide • Chapter 6, “BIND Name Server,” provides an overview of the Berkeley Internet Name Domain (BIND) server, also known as named. It also provides an example setup procedure and general information on managing and troubleshooting BIND. • Chapter 7, “UUCP,” compares TCP/IP and UUCP and describes the features and functions of the UUCP networking utilities. It also provides a setup example and information about common UUCP error messages. • Chapter 8, “IRIX sendmail,” provides an overview of the mail system, the sendmail program, and the alias database. It contains a planning checklist and a setup example for various sendmail configurations. • Appendix A, “BIND Standard Resource Record Format,” provides detailed information about all standard resource record formats used in BIND configuration files. • Appendix B, “IRIX sendmail Reference,” provides a concise reference to sendmail as it is implemented under IRIX. Conventions Used in This Guide These type conventions and symbols are used in this guide: Bold Keywords and literal command-line arguments (options/flags) Helvetica Bold Hardware labels Italics executable names, filenames, glossary entries (online, these show up as underlined), IRIX commands, manual/book titles, new terms, tools, utilities, variable command-line arguments, and variables to be supplied by the user in examples, code, and syntax statements Fixed-width type Error messages, prompts, and onscreen text Bold fixed-width type User input, including keyboard keys (printing and nonprinting); literals supplied by the user in examples, code, and syntax statements (see also <>) xx ALL CAPS Environment variables “” (Double quotation marks) Onscreen menu items and references in text to document section titles About This Guide () (Parentheses) Following IRIX commands—surround reference page (man page) section number [] (Brackets) Surrounding optional syntax statement arguments <> (Angle brackets) Surrounding nonprinting keyboard keys, for example,, # IRIX shell prompt for the superuser (root) % IRIX shell prompt for users other than superuser Additional Resources Internet Request For Comment documents are available from the Internet Network Information Center (InterNIC) at the following address: Network Solutions Attn: InterNIC Registration Services 505 Huntmar Park Drive Herndon, VA 22070 Phone: 1-800-444-4345 or 1-703-742-4777 Internet Request For Comment documents are also available by anonymous ftp from various sites, such as ftp.ds.internic.net. Braden, R. “Requirements for Internet Hosts.” Internet Request For Comment 1112 (1989). Costales, B., sendmail. (Sebastopol, CA: O’Reilly & Associates, Inc., 1993). Deering, S. “Host Extensions for IP Multicasting.” Internet Request For Comment 1112 (1989). Everhart, C., Mamakos, L., Ullmann, R., Mockapetris, P. “New DNS RR Definitions.” Internet Request For Comment 1183 (1990) Hunt, C., TCP/IP Network Administration. (Sebastopol, CA: O’Reilly & Associates, Inc., 1992). Lottor, M. “Domain Administrator’s Guide.” Internet Request For Comment 1033 (1987). xxi About This Guide Lottor, M. “TCP Port Service Multiplexer (TCPMUX).” Internet Request For Comment 1078 (1988). Mockapetris, P. “DNS Encoding of Network Names and Other Types.” Internet Request For Comment 1101 (1989). Mockapetris, P. “Domain Names – Concept and Facilities.” Internet Request For Comment 1034 (1987). Mockapetris, P. “Domain Names – Implementation and Specification.” Internet Request For Comment 1035 (1987). Mogul, J., Postel, J. “Internet Standard Subnetting Procedure.” Internet Request for Comment 950 (1985). Partridge, C. “Mail Routing and The Domain System.” Internet Request For Comment 974 (1986). Stahl, M. “Domain Administrator’s Guide.” Internet Request For Comment 1032 (1987). xxii Chapter 1 1. Understanding Silicon Graphics’ Networking Products This chapter provides information about the standard hardware and software networking products provided with Silicon Graphics systems. It explains the physical connection of an IRIX system to an Ethernet and serial network and describes network hardware options and interface names for network devices. This chapter describes the standard networking files, directories, and daemons, and provides an overview of the network startup and shutdown processes. It also supplies a brief description of Silicon Graphics’ optional networking products. Topics covered in the remaining chapters of this guide require an understanding of the fundamentals of network theory and operation. If you need information on networking fundamentals, refer to the bibliography in the introduction to this guide for additional reading. Topics in this chapter include: • An overview of networking hardware. See “Networking Hardware” on page 1. • An overview of networking software. See “Networking Software” on page 4. • A list of optional networking software products. See “Optional Networking Products” on page 5. Networking Hardware The networking hardware that comes standard on every Silicon Graphics system is an Ethernet controller and two serial ports. (Some hardware products may have more ports than this, including an ISDN port.) The Ethernet controller may be an entire board or an integrated chip. Controllers interface between the networking software and the network medium. 1 Chapter 1: Understanding Silicon Graphics’ Networking Products To connect your Ethernet controller to a network, you must have this hardware: • an Attachment Unit Interface (AUI) cable, also referred to as a dropline or even simply as a cable • a transceiver • access to an active Ethernet cable Figure 1-1 shows how systems (termed “stations” on the network) might be connected to an Ethernet network. Terminator Systems Transceiver AUI cable Transceivers AUI cable Figure 1-1 AUI cable Terminator Ethernet Network Attachment The serial ports on an IRIS system allow it to connect to serial networks. Serial-line networks are systems connected by serial lines and modems. You do not need special hardware installed in your computer to connect to a serial network. Figure 1-2 shows systems connected to a serial network using modems. 2 Networking Hardware Serial lines Telephone lines Modems Systems Figure 1-2 Serial Line Network Networking Hardware Options In addition to Ethernet and serial-line hardware, other types of controllers can be installed in Silicon Graphics systems as options. Some optional hardware products are user installable, while others require installation by a System Support Engineer certified by Silicon Graphics. Optional networking products available from Silicon Graphics provide support for other types of networks, including FDDI, token ring, X.25, and SNA. See your sales representative for information on the networking options available for your system. Controller Interface Names The network controller is the physical board or chip. The interface is software’s interpreter and handler of the controller. The interface name is the name most evident to the user. For example, network management tools refer to the interface name when providing information about the physical controller. 3 Chapter 1: Understanding Silicon Graphics’ Networking Products To configure a controller, each network controller on a system must have a valid interface name. A single system may have multiple controllers; each controller must have a unique interface name. Several different types of controllers are available. Each type has its own special interface name. Most network software supports a maximum of four network interfaces by default. You can get a list of the interfaces installed on a system using the hinv command: % hinv -c network Integral ISDN: Basic Rate Interface unit 0, revision 1.0 Integral Ethernet: ec0, version 1 The interface name for the Ethernet controller in this example is “ec0.” Networking Software The standard networking software shipped with all IRIS systems adheres to the Internet Model standards and protocols. It is derived from the networking software in the 4.3BSD UNIX® release from the University of California at Berkeley and the RPC® (remote procedure call) system from Sun Microsystems. The IRIX operating system implements the Internet Protocol suite and UNIX domain sockets using the 4.3BSD UNIX socket mechanism. The system also supports access to the underlying network media by means of raw sockets. All standard networking software is supplied on the Execution Only Environment media (eoe and netls_eoe). See Table 1-1 for a list of standard networking software for IRIS systems. See Table 1-2 for a list of the optional networking products for IRIS systems. Table 1-1 4 Standard Networking Software Standard Networking Software Description TCP/IP Transmission Control Protocol/Internet Protocol support UUCP UNIX to UNIX Copy Programs sendmail Electronic mail support SLIP Serial Line Internet Protocol PPP Point to Point Protocol Optional Networking Products Table 1-1 (continued) Standard Networking Software Standard Networking Software Description BIND Berkeley Internet Name Domain NETLS Network License Server NCS Network Computing System (supports NETLS only) RPC Remote Procedure Call support Optional Networking Products Silicon Graphics supplies a variety of optional networking software to provide interconnectivity between various vendors and mediums. Table 1-2 lists some of these products. See your sales representative for detailed product information. Table 1-2 Optional Networking Products Optional Networking Software Product Description NFS™ Includes software for Network File System (NFS); Network Information System (NIS, formerly YP); and diskless system support. 4DDN™ Enables IRIS systems to function as a Phase IV DECnet end node. 4DLT™ Provides DECnet terminal service. (LAT) Network License Server Developers Option Consists of the License Server Lock (LSLOCK) and the Network License Server (LSSERVER). The LSLOCK allows software developers to license software products, and LSSERVER is used to administer products licensed with LSLOCK. NetVisualyzer™ Offers a set of graphical traffic monitoring, diagnostic, planning, and performance analysis tools that provide network information and statistics in a visually intuitive form. FDDI Visualyzer™ Provides a graphical interface to the FDDI environment. 5 Chapter 1: Understanding Silicon Graphics’ Networking Products Table 1-2 (continued) 6 Optional Networking Products Optional Networking Software Product Description IRIS NetWorker™ Application that automatically backs up systems over the network. Keeps online indices of all backed up files. 4D TCP 3270 Enables IRIS systems to emulate an IBM® 3270™ type terminal and open multiple sessions on an IBM mainframe. IRIS 5080 Emulator Provides IBM 5080™ and 3270 terminal emulation. Delivers direct access to models, applications, and data residing on an IBM mainframe using the IRIS system. 4D Coax Connectivity The 4D CUT 3270 and 4D DFT 3270 coax products provide your system with a cost-effective way to emulate an IBM 3270 type terminal. 4D SNA Connectivity Allows access to the IBM SNA environment. Provides access to mainframe applications, utilizes multiple windows and file transfer programs. Chapter 2 2. Planning a Network This chapter contains common-sense approaches to planning the physical and logical aspects of your network environment. The information contained in this chapter should be read before you set up a new network or integrate into an existing network. This chapter contains the following sections: • “Planning the Physical Network” on page 7 • “Internet Protocol Addresses” on page 13 • “Domain Names” on page 17 • “The Internet” on page 18 • “Name-to-Address Mapping” on page 24 • “Planning to Subnet Local Networks” on page 25 • “Allocating IP Addresses” on page 27 • “Planning for Network Security” on page 28 • “Using Common Network Applications” on page 28 Planning the Physical Network Planning the physical network requires that you first answer the question, “What network media and topology configuration would best suit the needs of my users?” A review of the MAC (Medium Access Control) level and application-level performance information about the products you are considering will help you determine the appropriate choice of media for your environment. In your review, consider the size (number of stations) of your network. Your network size will influence the media type and topology you choose for your network. If your network requires different types of media, determine whether you have the correct equipment for integrating the various media types. 7 Chapter 2: Planning a Network The subsections that follow will help you answer this list of planning questions: • What will my physical network look like? • Do I have a map of my network? • Will I need a repeater, bridge, router, or gateway? • Will this network configuration meet my users’ needs? • Where are my performance bottlenecks? Can I reduce or avoid them? Repeaters, Bridges, Routers, and Gateways Your choice of media and the number of stations, networks, and protocols in your network may require the use of a repeater, bridge, router, or gateway. This section suggests the type of device required for certain network functions. repeater A device that regenerates and amplifies electrical signals. Its purpose is to extend the physical length of a network. bridge A device that decodes MAC-layer frames transmitted between different hardware and media. Its purpose is to resolve network media differences; it allows a network to be composed of various media types (Ethernet, fiber, serial, and so on). It can also be used to segment similar media types. router A device that decodes and passes network-layer packets between different networks. Its purpose is to provide the physical and logical route from one network to another. gateway A device that translates protocols from one station to another. Its purpose is to allow stations with different networking protocols to communicate successfully. Note: The terms router and gateway are sometimes used interchangeably. Be sure you know the function of the device you are considering, as the term may be technically inaccurate. 8 Planning the Physical Network Note that each device may not be limited to a single function. For example, a gateway may also perform router functions if it is configured as a router. Table 2-1 summarizes the characteristics of each network device. Table 2-1 Network Device Characteristics Device Name Media Protocol LAN Purpose repeater same same same extends physical length of the network bridge different/same different/same same/different bridge network media differences router same/different same different gateway same/different different same/different communication between stations with different networking protocols provides physical and logical route between networks Performance Planning You can circumvent some performance bottlenecks with appropriate planning. These bottlenecks might occur as a result of your choice of media, topology, number of network devices, controller boards, or network design. Choice of media Be sure the capacity of the medium you have selected is adequate for the network size and data transmission type (large or small volumes of data, sporadic or steady traffic). For example, Ethernet has a range of capacities depending on the specific type of Ethernet cable used (10base5, 10base2, or 10baseT). Media type is also a factor in data degradation. For example, 10baseT is unshielded twisted pair and is more sensitive to environmental conditions than 10base5. This should be a consideration if you are planning a network for a manufacturing environment that produces a high degree of electrostatic discharge. 9 Chapter 2: Planning a Network Number of devices Network devices can cause degradation to the network performance. Use repeaters only when necessary. Each additional devices introduces additional resistance onto the network. Choice of controller Choose the most efficient controller for your media. For example, Silicon Graphics supplies a standard Ethernet controller. An optional Efast™ card handles more of the protocol processing in hardware and frees the station’s CPU for other processing. Design of network Think about the design of your network before you begin setting it up. If possible, put departments that interact heavily on the same network to decrease router traffic. Use dedicated routers to handle heavy traffic between networks. Wide Area Networks In addition to the many options available for constructing local area networks, there are several different ways of connecting local area networks into wide area networks. These systems can be used to tie together local area networks at different locations, to allow users working at scattered locations to access a network, and to connect your network to the outside world. Figure 2-1 shows how different kinds of wide-area connections might fit into a large heterogeneous network. Two of the available systems, Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP), provide a way of transferring Internet Protocol (IP) packets over a serial telephone line; this means that SLIP and PPP users can access network resources much as it they were on the local area network. PPP can also be used with Integrated Services Digital Network (ISDN). ISDN uses a high-speed digital telephone line to achieve higher throughput than a modem connection. Another system, UNIX to UNIX Copy Program (UUCP) is an older system, primarily designed for transferring information (such as network news and electronic mail) in batch mode over serial lines. Higher-performance network connections can be made using specialized hardware. These connections are usually over dedicated lines, leased from a telephone company, or over the telephone company’s packet-switched network. 10 Planning the Physical Network Ethernet Internet Leased line Main office network SLIP or PPP lines FDDI ring Standalone systems SLIP or PPP line Ethernet Field office network Figure 2-1 Heterogeneous Network With Wide-Area Connections Serial Line Internet Protocol (SLIP) SLIP provides simultaneous operation of multiple processes on a serial cable or telephone line. It allows network users the freedom to use TCP/IP based applications over a serial cable or modem connection. 11 Chapter 2: Planning a Network You might consider setting up a SLIP network when cost and distance are large factors in your network planning. Point to Point Protocol (PPP) The Point to Point Protocol is similar in nature to SLIP. PPP provides a network connection as if your system were connected to the remote host by a LAN connection. Multiple processes and TCP/IP based applications are supported. UNIX to UNIX Copy Program (UUCP) UUCP, also called the Basic Networking Utilities, is a set of utilities that lets stations using a version of the UNIX operating system (such as IRIX) communicate with each other over serial lines. The utilities provided range from those used to copy files between computers to those used for remote login and command execution. You may consider setting up UUCP for long-haul communications using modems and telephone lines. It is usually used to distribute electronic mail and network news. Integrated Services Digital Network (ISDN) ISDN is a system that connects systems using high-speed digital telephone lines. ISDN can achieve throughput up to 128 Kb per second, several times faster than normal modem connections. However, ISDN service can be expensive, and is not available in all areas. See the ISDN User’s Guide for more information on ISDN. High Performance Wide Area Networks If you need higher performance than you can get using SLIP or PPP over a modem link or ISDN, there are several choices available to you. The choices include Frame Relay networking and leased line service, from 56K (56 Kb per second) to T1 (1.5 Mb per second) and T3 (up to 45 Mb per second). If you require this kind of service, you’ll have to shop around, comparing the prices and services offered by local Internet service providers. 12 Internet Protocol Addresses Internet Protocol Addresses Each system on your network needs a unique Internet Protocol (IP) address for each of its network interfaces. The Internet Network Information Center (InterNIC) is responsible for assigning the network portion of an Internet address for each site. For example, if Company A applies for an Internet address, the InterNIC provides the network portion of the Internet address for the entire Company A site. A centralized organization within Company A is responsible for assigning and managing the station ID portion of the Internet address. Internet addresses are maintained on each station or in a centralized network database such as NIS or BIND. See “Name-to-Address Mapping” on page 24 for a comparison of the different database types. Each station that wishes to communicate must have a valid Internet address registered in the appropriate database. The standard hosts name-address database on IRIX stations is the /etc/hosts file. The subsections that follow will help you answer this list of planning questions: • How do I obtain a valid Internet address for my site? • How do I obtain a domain name assigned for my site? • Do I understand the purpose of the /etc/hosts file? • Do I have valid Internet addresses ready for all required stations? Format of Internet Protocol (IP) addresses An IP address is a 32-bit number that network software uses to identify a system on a network. For the sake of human readability, these addresses are usually represented as four one-byte integers, separated by dots (for example, 150.166.248.17). Every system on an IP network must have its own unique IP address for the network to function properly. Systems with more than one network interface must have a unique IP address for each interface. Note: Unlike a system’s Ethernet address, a system’s IP address is determined by the network and network system administrators. 13 Chapter 2: Planning a Network Conceptually, each 32-bit IP address is a pair of numbers where one number represents the network and the other the system itself. There are four classes of addresses in use (A through D). The class of address is determined by the first bits of the address: • Class A addresses begin with 0 and have 7 bits for the network number and 24 bits for the host number. • Class B addresses begin with 10 and have 14 bits for the network number and 16 bits for the host number. • Class C addresses begin with 110 and have 21 bits for the network number and 8 bits for the host number. • Class D addresses begin with 1110 and are special “multicast” addresses for use within a network site. In all cases, host numbers 0 and 255 are reserved, and may not be used for actual systems. Figure 2-2 shows the format of the different classes of Internet addresses. CLASS A (128 networks with 16,777,214 systems each): bit numbers 0 1 7 8 0 network 31 host CLASS B (16,384 networks with 65,534 systems each): bit numbers 0 1 2 10 15 16 network 31 host CLASS C (2,097,152 networks with 254 systems each): bit numbers 0 2 3 110 23 24 network 31 host CLASS D (multicast group address within a network site): bit numbers 0 1110 Figure 2-2 14 3 4 multicast address The Format of Internet Protocol (IP) Addresses 31 Internet Protocol Addresses To simplify Internet addressing, dotted decimal notation is used to break the 32-bit number into four decimal numbers separated by dots. For example, the IP address 128.74.41.123 in binary is: 10000000| 01001010| 00101001| 01111011 or 128 | 74 | 41 | 123 Class A, B and C IP addresses in dot notation conform to the following specifications: Class A -- 001.hhh.hhh.hhh through 126.hhh.hhh.hhh Class B -- 128.001.hhh.hhh through 191.254.hhh.hhh Class C -- 192.000.001.hhh through 223.255.254.hhh Note: hhh is the local system and the leading numbers are the network. Networks are usually identified by network numbers—IP addresses in which the host portion is not specified. For example, 150.166 represents a Class B network, and 192.26.80 represents a Class C network. If your network will be connected to the Internet, then you must obtain a unique network number, as described in “Obtaining a Network Number” on page 15. All the systems on your network must have IP addresses allocated from your network. If you are adding a machine to an existing network, its IP address must be allocated from that network. Obtaining a Network Number You should obtain an Internet network number before you begin setting up your network.The allocation of network numbers is managed by a set of organizations called Network Information Centers (NICs). If your network is going to be isolated, and will never be attached to the Internet, you can theoretically use any addresses you like. However, if your network is ever going to be attached to the Internet, you should obtain a valid network number. Before you request the network number, you should determine the current needs of your organization (how many systems do you currently have that should be on the network?) and expected growth over the next five years. 15 Chapter 2: Planning a Network There are several ways to obtain a network number. In many cases the best option, if you are connecting to the Internet through an Internet service provider, is to have the service provider assign you a portion of the address space they have been allocated by the local NIC. The InterNIC recommends that you request a network number from your network service provider. If they cannot supply one, contact your provider’s provider. As a last resort, contact your Network Information Center. See “Contacting Your Local Network Information Center” on page 19. NIC Required Information To request an Internet network address, you will typically need to supply the following information to the local NIC: • Your administrative point of contact (POC). The administrative POC is the person responsible for answering administrative and policy questions about the network. You need to know his/her name, title, mailing address, and phone number. • Your technical point of contact (POC). The technical POC is responsible for the technical support of the network. You need to know his/her name, title, mailing address, and phone number. • Organization name and postal address. • Your network name (up to 12 characters). • Your network’s geographic location and organization name. • The name and location of the network document plan. • Gateway information (connectivity, hardware, software, address). • The approximate size of your network (number of hosts and subnets), initially and within one year. • Type of network (research, educational, government non-defense, commercial). If you already have one or more network numbers assigned to your organization, the NIC ,may require you to provide information on how these are being used, as evidence that you really need a new network number. If you request 16 or more Class C network numbers, the InterNIC requires you to provide information on network topology, and if you request 256 or more Class C network numbers or a Class B network number, the InterNIC requires you to provide a diagram of the proposed network. 16 Domain Names Domain Names If you’re planning on putting your site on the Internet or exchanging e-mail with sites on the Internet, you should register a domain name with your local NIC. A domain name uniquely identifies your organization. For example, Silicon Graphics has the domain name “sgi.com.” The Internet uses Domain Name Service (DNS) to map domain names to IP addresses. Therefore, even if you don’t use DNS internally, you must provide DNS name servers on the Internet in order to connect your network to the Internet. You should have at least two name servers, a primary and a secondary server. For robustness, the secondary server should not be connected to the Internet through the same gateway as the primary server. Since many organizations are not big enough to have multiple gateways to the Internet, a common solution is to make a reciprocal arrangement with another organization to provide secondary name service for each other. If you are connecting to the Internet through an Internet service provider, they may be able to provide name service for your organization, or help you locate someone to provide secondary name service if you are able to provide a primary name server. Obtaining a Domain Name As with network numbers, the registration of domain names is administered by the Network Information Centers. In some cases, there is a fee associated with holding a domain name. For example, the InterNIC currently charges a fee of $100 for the first two years, and $50 a year thereafter for domains under its jurisdiction. You can register your domain name through your local NIC. See “Contacting Your Local Network Information Center” on page 19 for contact information. When you register a domain, you should also register a reverse domain, also known as an IN-ADDR domain. The reverse domain provides a mapping from IP addresses to domain names. In many cases, Internet service providers will register your domain for you, for a fee. Subdomains Once you have a domain name registered, you’re free to establish subdomains of your own. This is particularly useful for large organizations that use the Domain Name 17 Chapter 2: Planning a Network Service (DNS). The use of subdomains with DNS allows some administrative chores to be decentralized. For example, suppose “salad.com” has branch offices in Gilroy and Paris. These could be established as subdomains, “gilroy.salad.com,” and “paris.salad.com.” The Internet Chances are, you will want to connect your system or network to the Internet. Wherever you may be, there is likely an Internet gateway available within your local calling range. The following sections offer some information that should help you get set up and running. Obviously, each situation is somewhat different, and your local service provider will have variations in service and equipment. Some research and experimentation is usually required before everything works smoothly. Before Connecting to the Internet Before you sign up for an internet connection, consider what level of service you need. For example, if you are an individual looking for basic e-mail, news, and file transfer capabilities, it probably wouldn't make sense to install a dedicated network cable in your home for economic reasons. A better choice for single-user access might be to subscribe to a network provider who establishes an account for you on their system (one that is currently connected to Internet). Typically, access to their system is through a modem connection. If you are trying to establish a connection to the Internet for a corporation, you will likely need the bandwidth of a leased line, and all the required hardware that goes with it. You will have to take into consideration the many administrative issues of running a site. These issues include, but are not limited to 18 • cost analyses/budget • establishing a domain • applying for IP addresses • establishing site policy • establishing site security • administration of network services (such as Domain Name Services, NIS, e-mail, and so on) The Internet There are providers of network connectivity that can provide varying levels of service. You must investigate the providers, and decide who provides the level of service you need, at the appropriate cost. If you choose an individual account on a provider's machine, the service provider deals with most, if not all, of the administrative tasks, and you simply enjoy access to the Internet. If you would like a broader range of services, most providers will set you up with a dedicated modem and phone line for your exclusive use, or they can provide a network-only service (using SLIP, PPP, or UUCP), either through modems or other network connections. Connecting your network to the Internet requires a number of steps, including arranging name servers, obtaining a network number, and registering a domain name for your organization. Many Internet service providers are willing to provide these services for a fee. If you are trying to set up internet access for a company, or corporation, you should research the issues listed above. Based on the information you obtain, formulate a plan for your site based on the needs and expectations of your organization. One of the best sources of information is the Internet itself. You should first obtain an individual account from a local provider. With the individual account, you can gain access to a large amount of information pertaining to establishing a site on the Internet. Contacting Your Local Network Information Center Before you connect your site to the Internet, you’ll need to contact your local Network Information Center. The assignment of network numbers and domain names is coordinated by the Network Information Centers. There are three main regional Network Information Centers, as shown in Table 2-2. 19 Chapter 2: Planning a Network Table 2-2 Region Network Information Centers Organization Asia/Pacific Asia Pacific Network Information Center (APNIC) Europe Réseaux IP Européens Network Coordination Centre (RIPE NCC) Americas Internet Network Information Center (InterNIC) other areas InterNIC Procedures for obtaining IP addresses and registering domain names vary, so contact your local NIC for information. Internet Network Information Center The Internet Network Information Center (InterNIC) was formerly the sole Network Information Center. It serves as the primary NIC for most of North and South America, as well as for other regions that do not yet have NICs of their own. InterNIC maintains a large archive of informational documents, which can be accessed using WWW, FTP, or by e-mail to an automated-response mail server. Registration authority for some countries (including Canada and Brazil) is delegated to national NICs. Contact information for the national NICs may be obtained through InterNIC. Network Solutions Attn: InterNIC Registration Services 505 Huntmar Park Drive Herndon, VA 22070 Phone: 1-800-444-4345 or 1-703-742-4777 E-mail: question@internic.net (general inquiries) E-mail: hostmaster@internic.net (registration services) WWW: http://www.internic.net/ FTP: ftp.ds.internic.net (complete RFCs, and so on) FTP: rs.internic.net (registration information) E-mail server: mailserv@rs.internic.net (send message with subject line “HELP”) 20 The Internet Réseaux IP Européens Réseaux IP Européens (RIPE) maintains an NIC that provides registration services for European sites. It also maintains a store of informational documents, including the InterNIC’s FYI documents, and instructions on how to register a host or network in one of the European domains. RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands Phone: +31 20 592 5065 Fax: +31 20 592 5090 E-mail: ncc@ripe.net WWW: http://www.ripe.net/ FTP: ftp.ripe.net Asia Pacific Network Information Center The Asia Pacific Network Information Center (APNIC) coordinates network information for the Asia and Pacific region. Registration authority for some countries is delegated to national NICs. Contact information for the national NICs may be obtained through APNIC. Asia Pacific Network Information Center c/o United Nations University 53-70 Jingumae 5-chome Shibuya-ku, Tokyo 150 Japan Phone: +81-3-5467-7014 Fax: +81-3-5276-6239 E-mail: info@apnic.net WWW: http://www.apnic.net/ FTP: archive.apnic.net 21 Chapter 2: Planning a Network Online Information Sources With an individual account or other access to the Internet, you can get the information you need to provide access to your own site. Usually, the provider of an individual account will also provide new-user documentation that describes the basics of using the Internet. You can use the World Wide Web (WWW) and the File Transfer Protocol (FTP) to access a wealth of information on many subjects, including Internet connectivity. If you don’t know how to use FTP, see “Retrieving Files With Anonymous FTP” on page 23 for a short tutorial. How you access the Web depends on what Web browser you’re using. Most Web browsers have online help available. Network Information Centers Your local NIC maintains archives of useful information on connecting to the Internet. In addition to information about requesting network numbers and registering domain names, they may have lists of local service providers. Most NICs make this information available by WWW and FTP. See “Contacting Your Local Network Information Center” on page 19 for WWW and FTP addresses for the major NICs. The InterNIC has produced a series of information bulletins called FYIs. Especially notable is FYI 16, entitled Connecting to the Internet -—What Connecting Institutions Should Anticipate. While this is aimed primarily at U.S. educational institutions, it remains one of the better pieces of documentation on establishing a site on the Internet. The FYI documents are available by WWW and FTP from the InterNIC and from RIPE. The Internet Society The Internet Society is a non-governmental international organization for global cooperation and coordination of the Internet. They also provide useful online information—in particular, information on finding an Internet service provider, and a list of network service providers around the world. This information is available by WWW. A subset is available by anonymous FTP. WWW: http://www.isoc.org/ FTP: ftp.isoc.org 22 The Internet Retrieving Files With Anonymous FTP Anonymous FTP is a conventional way of allowing you to sign onto a computer on the Internet in order to obtain copies of files that are made available to the public. Some sites offer anonymous FTP accounts to distribute software and various kinds of information. If you have never used ftp, here is a brief summary on how to use the ftp command. To connect to a remote host, specify the hostname on the command line: ftp ftp.ds.internic.net When ftp connects with the remote system, it prompts you for a login name. Use the login name “anonymous”: Connected to ftp.ds.internic.net. Name (ftp.ds.internic.net:guest): anonymous 331 Guest login ok, send ident as password. Password: Many systems allow any password and request that the password you choose is your user ID. If this fails, the generic password is usually “guest.” 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> Once connected and logged in, you can use ftp’s cd and ls commands to look at the files available on the remote system. To obtain a file from the remote system, use the get command. The get command copies one file from the remote system to your local system. To obtain multiple files from the remote system, use the mget command. ftp> cd fyi 250 CWD command successful. ftp> get fyi6.txt local: fyi6.txt remote: fyi6.txt 200 PORT command successful. 150 Opening BINARY mode data connection for fyi6.txt (3459 bytes). 226 Transfer complete. 3459 bytes received in 0.46 seconds (7.34 Kbytes/s) ftp> 23 Chapter 2: Planning a Network Name-to-Address Mapping Because IP addresses are difficult to remember, they are usually associated with names. In the case of a machine with a single IP address, this name usually consists of the machine’s hostname and domain name. For example, a machine called “fruit” in the domain “salad.com” would usually be referred to as “fruit.salad.com”. For clarity, this type of name will be referred to in this section as a network connection name. Because network connection names usually correspond to the machine’s hostname, these network connection names are commonly referred to as “hostnames,” but this can be misleading. The actual hostname is defined in the /etc/sys_id file. By default, this hostname is used as the network connection name for the machine’s primary network interface, but this behavior is configurable. A machine with multiple network interfaces has multiple network connection names associated with it. By convention, each of these connection names contains the hostname—for example, if the host “fruit” acts as a gateway between two networks in the “salad.com” domain, it might use these names: fruit.salad.com gate-fruit.salad.com The process of mapping network connection names to IP addresses is commonly called hostname resolution. There are several different systems for hostname resolution. Machines can use a local database (the /etc/hosts database), or they can obtain information from servers on the network, using either the Network Information Service (NIS) or the Domain Name System (DNS). The following sections describe the advantages and drawbacks of the different systems: • “The /etc/hosts database” on page 24 • “Domain Name System” on page 25 • “Network Information Service (NIS)” on page 25 The /etc/hosts database The /etc/hosts database is an ASCII file that you can modify with any text editor. The file contains lines of text that specify IP addresses and network connection names. For a small network of stations under the same administrative control, maintaining a consistent /etc/hosts database is straightforward. Establish a master copy on one station and make additions or deletions from its file. Then use rcp(1C) or rdist(1C) to copy the file to the other stations in the network. 24 Planning to Subnet Local Networks Maintaining consistent versions of /etc/hosts on every station in a large network is troublesome. NIS and the BIND name server both make maintenance easier by providing a centralized version of the host database. Domain Name System The Internet uses the Domain Name System (DNS) to map names to IP addresses. The most common implementation of a DNS name server is called Berkeley Internet Name Domain (BIND). If your network interfaces with the Internet, you must have at least two DNS name servers, a primary and a secondary server. Your Internet service provider may be able to take care of this requirement for you. BIND is best suited for large networks, or networks connected directly or indirectly to the Internet. BIND provides access to a much larger set of stations than is provided in the /etc/hosts database. A drawback of BIND is its complicated setup. BIND is described in more detail in Chapter 6, “BIND Name Server” Network Information Service (NIS) NIS is a network-based information service and an administrative tool. It allows centralized database administration and a distributed lookup service. NIS supports multiple databases based on regular text files. For example, NIS databases can be generated from the hosts, passwd, group, and aliases files on the NIS master. NIS is best suited for a moderate-sized network (one containing approximately 1000 stations, or a small collection of interconnected networks). NIS is part of the NFS optional software and is detailed in the NIS Administration Guide. Planning to Subnet Local Networks Subnetting allows you to divide a single network into a set of subnetworks. Subnetworks are useful for many reasons. For example, if you have a satellite office that connects to your main network, it should have its own network number or subnet. If you have a large number of systems to be connected by Ethernet, you may have to use subnets to overcome physical limitations on the number of hosts and length of network cable that can be supported on a single Ethernet network. 25 Chapter 2: Planning a Network Subnetting should be considered when the class limits are unrealistic for your network. For example, a Class B network gives you approximately 64,000 stations per network. This far exceeds the maximum number of stations allowed on most networks. Subnetting allows the local organization to designate some of the host ID bits to form a subnet. Subnetting generates a realistic number of stations per network. All changes are made at the local site by the site administration group and are transparent to off-site stations. Planning is required for subnetting a network (see “Subnetting a Network” on page 45 for subnetting procedure). Primarily, you must determine how to partition the host part of the 32-bit Internet address. To define local subnetworks, use bits from the host number sequence to extend the network portion of the Internet address. This reinterpretation of IP addresses is done only for local networks. It is not visible to off-site stations.You should have at least a rough idea of the physical layout of the network before you plan your subnets. For example, you might want to have a subnet for each floor of your building. If you have a branch office that’s connected to your main network, you might want to set aside one or more subnets for it. In some cases, you may want to set aside a subnet for SLIP and PPP clients (see “SLIP and PPP Routing and Address Allocation” on page 94). Sites with a Class A network number have 24 bits of host part with which to work; sites with a Class B network number, 16 bits; and sites with a Class C network number, 8 bits. For example, if your site has a Class B network number, each station on the network has an Internet address that contains 16 bits for the network number and 16 bits for the host number. To define 254 local subnetworks, each possessing at most 254 stations, you can use 8 bits from the host portion of the address. Construct new network numbers by concatenating the original 16-bit network number with the extra 8 bits containing the local subnetwork number. Figure 2-3 shows what happens to the bit assignments in a Class B Internet address that is subnetted. 26 Allocating IP Addresses 0 1 1 16 8 0 netid (14 bits) 24 31 bits host ID (16 bits) Standard Class B subnetwork (8 bits) 1 0 netid (14 bits) subnetwork (8 bits) host ID (8 bits) host ID (8 bits) Subnetted Class B Figure 2-3 Subnetted Class B Address For example, the Class B Internet address for an entire site as seen from other sites might be 128.50. If subnetting is enabled within the site, the site might be composed of several subnets with network IDs like 128.50.20, 128.50.21, 128.50.22, and so on. A station that resides on the subnet 128.50.21 might have the Internet address 128.50.21.5. Note: The numbers 0 and 1 are reserved for broadcast addresses. Do not use subnetwork numbers with all 0s or all 1s. Allocating IP Addresses Once you have obtained a network number, decided which system to use for hostname resolution, and decided whether you’re going to subnet the network, you’re ready to allocate IP addresses for individual systems. For most systems, this is as simple as assigning an unused IP address from the correct net or subnet. If you use the syntax of the /etc/hosts file, this will look something like this: 150.26.80.1 150.26.80.2 150.26.80.3 green.salad.com green tossed.salad.com tossed jello.salad.com jello Note: Host numbers 0 and 255 are reserved, and shouldn’t be used. 27 Chapter 2: Planning a Network Systems with more than one network interface may be connected to more than one subnet, and require one address for each connected interface. Each interface should be assigned an address from the subnet that the interface is connected to. For example, if fruit.salad.com acts as a gateway between the 150.26.80 net and the 150.26.42 net, it might have the following entries: 150.26.80.19 150.26.42.1 fruit.salad.com fruit gate-fruit.salad.com gate-fruit Even if you’re planning on using NIS or BIND for hostname resolution, you will probably want to put together an /etc/hosts file. If you install this on your systems as you attach them to the network, you’ll be able to communicate while you get NIS or BIND up and running. You should also establish some policy for allocating IP addresses for new systems once the network is in place. If your organization is large, you might want to delegate this authority to separate organizational units. For example, the branch office with its own subnet should allocate IP addresses as needed from its subnet. If your organization is divided up into subdomains, you might want to assign authority over certain subnets to subdomain administrators. Planning for Network Security Securing a network is difficult. If you can discourage potential intruders and quickly isolate or pinpoint successful intruders, you can consider your network secure. You should establish a plan for keeping your network secure before you connect your network to the Internet. For information on network security, see Chapter 5, “Network Security,” in IRIX Admin: Backup, Security, and Accounting. Using Common Network Applications This guide is written specifically to support the standard network hardware and software—Internet protocols over Ethernet. However, when discussing networking in general, it is difficult to ignore network applications that are not standard, but are common to most network environments. This section presents a brief overview of some of the common network applications that you should consider when planning your network. 28 Using Common Network Applications Electronic Mail Electronic mail is a group of programs (sendmail) used to send and receive messages to and from users on the same local station or between remote stations. Mail can be sent using UUCP or TCP/IP protocols. IRIX supports both System V (/bin/mail) and 4.3BSD (/usr/sbin/Mail) mail programs, as well as MediaMail, which provides a graphical interface for electronic mail. Network File System (NFS) NFS is a network program that can access a remote station’s filesystem and attach it and its data to the local station’s filesystem. On the local station, the remote filesystem is accessed as if it were local. NFS should be considered in a network when you want to share files between stations. With NFS, software or data used by a group is put on an NFS server. Authorized NFS clients access the data over the network when needed. This approach ensures consistent information, frees up disk space on client stations, and simplifies the backup procedure. NFS is an optional software product and is described in the ONC3/NFS Administrator's Guide. 29 Chapter 3 3. Setting Up a Network This chapter contains the following sections: • “Configuring an IRIS System for a Network” on page 31 • “Setting Up a Router” on page 38 • “Subnetting a Network” on page 45 • “Modifying the Network Interface Configuration” on page 46 • “Changing Network Parameters” on page 51 • “Dynamic Host Configuration With Proclaim” on page 53 • “Creating a Local Network Script” on page 56 • “Turning On Remote Access Logging” on page 56 • “Setting Up Network-Wide Services” on page 56 • “Troubleshooting Your Ethernet Connection” on page 64 Configuring an IRIS System for a Network The procedure in this section explains how to configure an IRIS station, with one interface, for an Ethernet network using its local /etc/hosts file (without BIND or NIS). Configuring the station takes six steps: 1. Bring the station down 2. Attach the station to the network 3. Check the station’s network configuration 4. Modify the /etc/hosts database 5. Name the station 6. Test the connection Each of these steps is explained in the sections that follow. 31 Chapter 3: Setting Up a Network Attaching Your Station to an Ethernet Network Attach your station to the network by connecting one end of the Attachment Unit Interface (AUI) cable to the Ethernet I/O port and the other end to the network transceiver or Medium Access Unit (MAU). If your transceiver model has status lights, make sure that the power light on the transceiver comes on when you attach the AUI cable to your workstation and the transceiver. This light indicates that the Ethernet card or the integral Ethernet controller is alive. Your station must be powered on to activate the power light on the transceiver. You may also see another light, which indicates that your link to the network is activated. If the power light on the transceiver is lit or if your transceiver or MAU has no lights, bring your station back up into multiuser mode now. Checking Your Ethernet Connection You can use the ping command to check your Ethernet connection. This command tests whether you can connect with another system on the Ethernet network. Perform the following steps: 1. Obtain the hostname of at least one reliable station on the local area network to which your system is connected. If possible, get the fully qualified hostname and the IP address. (For example, a hostname might be hancock, and the fully qualified hostname might be hancock.corp.gen.com, while the IP address might be 128.70.3.56.) It is important that the station you select has a reliable Ethernet connection and that it is up and running. 2. Once you have obtained a hostname and IP address, give the command ping -r hostname You should see a series of records indicating the returned packets from the remote host. For example (using our example system): PING hancock (128.70.3.56): 56 data bytes 64 64 64 64 64 32 bytes bytes bytes bytes bytes from from from from from 128.70.3.56: 128.70.3.56: 128.70.3.56: 128.70.3.56: 128.70.3.56: icmp_seq=0 icmp_seq=1 icmp_seq=2 icmp_seq=3 icmp_seq=4 ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 time=2 time=2 time=2 time=2 time=2 ms ms ms ms ms Configuring an IRIS System for a Network 3. Press -C or your Delete key to stop the ping command. You see the tallied results of the ping command. For example: ----hancock PING Statistics---5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 2/2/2 ms 4. If your network connection is working, you should see results comparable to those above. Your ping results should show 0% packet loss and an equal number of packets transmitted and received. If some packets are being lost, the first thing you should check is the tightness and quality of the cable connections. Loose cables are frequently the cause of lost packets. The round-trip time factors are a function of the size and general load of your network, and not necessarily an indication of a problem with your Ethernet connection. If your ping command is not successful, there are several things you should check. Perform these steps: 1. Try to ping the station by its IP address. For example, using our sample host hancock, use the command ping -r 128.70.3.56 2. Try to ping a different station on your local network. 3. Check the network configuration on your system with the netstat -in command. You should see information similar to this: Name Mtu ec0 Network Address Ipkts Ierrs Opkts Oerrs 1500 128.70.3 128.70.3.9 18 0 18 0 The ec0 entry indicates your primary Ethernet connection. The Ipkts and Opkts fields indicate the number of inbound and outbound packets the network interface has processed. The Ierrs and Oerrs fields indicate the number of errors in input and output, respectively. For the purposes of this troubleshooting session, though, check that the portion of the IP address shown under the Network heading match the IP address of the hostname that you attempted to ping. If the network addresses are not the same, the station is on a different network and the ping likely failed for that reason. Find a system to ping that is on your immediate local network. 4. Check the /var/adm/SYSLOG file for Ethernet error messages. 5. Check to ensure that other stations are operating normally on the local network. 33 Chapter 3: Setting Up a Network 6. Check to ensure that the correct software (eoe.sw.tcp) package has been installed on your system. 7. Check the physical connections to the Ethernet cables and transceivers for tightness and connection. A good indicator is the status light display on your transceiver (if your transceiver has these lights). If your Ethernet hardware is loose or disconnected, the /var/adm/SYSLOG file and your system console should both show messages such as ec0: no carrier: check Ethernet cable 8. If all connections are tight and you still receive errors, replace the pieces of the Ethernet connection outside your system (the cable and transceiver). Different transceivers require different wire connections, and sometimes the wrong cables are used. 9. If you receive a message indicating that another host has the same IP address, find out which host has the same address, and determine which host has set their address incorrectly. (It is more likely that the same address was accidentally assigned to a second system, or that the new system being tested incorrectly set the address.) Checking the Network Software Configuration When the station comes up, verify the station’s software configuration. Log into the station as root. Issue the chkconfig(1M) command to check that your station’s standard networking software is correctly configured: /etc/chkconfig You see information similar to this: named network rwhod timed timeslave gated mrouted rtnetd snmpd routed 34 off on off on off off off off on on Configuring an IRIS System for a Network Note: Your output will vary from the output above depending upon installed software and configuration flag settings. If you are familiar with the network-related daemons, you can customize your configuration flags to suit your network needs. If you are not familiar with the network-related daemons, set your network-related flags as shown above. In particular, make sure that the network variable is configured on. Modifying the Hosts Database Before you modify the hosts database, you should have a list of station names and valid Internet addresses of all stations in your network, as discussed in “Allocating IP Addresses” on page 27. If the network has routers (stations with multiple network interfaces), there must be a valid Internet address and name for each interface. See “Internet Protocol Addresses” on page 13 for a description of IP addresses. The hosts file is the hostname database. It contains information regarding known stations, from the perspective of the local station. This example assumes that you are not using NIS or BIND. If you are using NIS, refer to the NIS Administration Guide for more information. If you are using BIND, refer to Chapter 6, “BIND Name Server,” for more information. The /etc/hosts database is an ASCII file that you can modify with any text editor. The file contains lines of text that specify a station’s address, its “official” name, and any aliases. The “official” name should be the fully qualified domain name. The address and name(s) are separated by blanks, tabs, or both. Comments begin with a pound sign (#) and continue to the end of the line. An /etc/hosts database is shown in this sample /etc/hosts file: # This is a 127.0.0.1 119.0.3.20 119.0.3.21 119.0.3.22 comment localhost tuna.salad.com tuna # tuna is an alias chicken.salad.com salad walrus.salad.com walrus Each IRIS system must have a copy of /etc/hosts that contains entries for localhost and all of its network interfaces. As shipped, the /etc/hosts database contains two entries. The first entry is a name you can use to test the local network software: 127.0.0.1 localhost 35 Chapter 3: Setting Up a Network When you reference localhost, the message is looped back internally; it is never transmitted across the network. Caution: Many important programs depend on the localhost entry—do NOT remove or modify it. If the master copy of /etc/hosts is not maintained on an IRIS station or if you are using BIND or NIS, make sure that the host database contains the localhost entry. To enable the IRIS system to access the network, add an entry containing the newly assigned IP address and the name in /etc/sys_id. The entry must contain the sys_id name, either as the official hostname or as an alias. Using the example /etc/hosts file above, the /etc/sys_id file for the host walrus should contain either “walrus” or “walrus.salad.com”. If you change the IRIS system’s name in /etc/sys_id, make sure to update the entry in /etc/hosts; otherwise the network software will not initialize properly. If the following message appears during station startup, then the /etc/hosts and /etc/sys_id files are inconsistent and must be fixed: *** Can't find hostname's Internet address in /etc/hosts If your IRIS system is a gateway, each network interface must be assigned an Internet address and have an entry in /etc/hosts, as described in “Setting Up a Router” on page 38. It is important that each station have a consistent version of the host database. The proper method for maintaining the consistency depends on the size of your network and whether the network is connected to the Internet. You can use the rcp or rdist programs by means of a cron job to ensure that the hosts files stay in sync. Edit the /etc/hosts file and add the hostnames and Internet addresses for all stations on your network. Each station on the network must have all station names in the local /etc/hosts file. If you have a large /etc/hosts file, the easiest way to install it on a new system is to set up a minimal hosts file with entries for the new system and for another system that has an authoritative copy of the hosts file. This allows you to get the new system on the net and copy the more complete hosts file from the other system (using rcp or ftp). Another option is to transfer the hosts file on tape or disk. 36 Configuring an IRIS System for a Network Naming Your Station Once you have determined your station’s name, edit the /etc/sys_id file to give your station its new identity. 1. Remove the default station name (IRIS) and replace it with the new station name (setup1 for this example). You can use this command: echo setup1 > /etc/sys_id 2. For the change to take affect, reboot your station with this command: reboot When your station comes back up, it should have the new station name as the login prompt. Testing Your Network Connectivity Two network management tools, rup and ping, provide quick information about network connectivity. rup indicates if there is a physical problem with the network, such as your station being unable to contact the other stations. Since rup uses broadcasts as a default, it does not go through routers. If your station can see the other stations on the network, use ping to test communication abilities. ping uses the Internet Control Message Protocol (ICMP), which requests an echo from the designated station. It lets you know if you can transmit and receive packets to and from specific stations. 1. Issue the rup command to determine if your station can contact the other stations on the network: /usr/bin/rup You should get output on each of the stations on your network. The other stations on your network must be up for your station to get a user-friendly response. If the other stations are powered on and attached to the network but not up in user mode, the information comes back in hexadecimal. 2. Issue the ping command to see if your station can communicate with the other stations on the network: /usr/etc/ping station_name 37 Chapter 3: Setting Up a Network Let the output run a few seconds, then use to break it. Pay particular attention to the ping statistics. ping gives you the number of packets transmitted, number of packets received, percentage packet loss, and round trip time (minimum, maximum, and average). These are all good indicators as to the general condition of your network. Obviously, you want 0% packet loss and a fast round-trip time. Setting Up a Router A router is a station with multiple network connections that forwards packets between networks. This section provides the configuration procedure for a router with two interfaces and a router with more than two interfaces. A station can have multiple interfaces and not act as a router. The procedure for turning forwarding off on a station with multiple interfaces is also provided in this section. Configuring a Router With Two Interfaces The /etc/init.d/network script is designed to automatically detect and configure a router with two interfaces if the default naming scheme for the interfaces is used. By default, the Internet addresses of the primary and secondary interfaces are derived from the /etc/sys_id file. The primary interface uses the name in the sys_id file. The secondary interface prefixes gate- to the name specified in the sys_id file. To set up a router with two interfaces using the default naming scheme, follow this procedure: 1. Log in as root. 2. Assign valid Internet names and addresses to both interfaces in the /etc/hosts file. For example, the /etc/hosts file entries for the primary and secondary interfaces on the station biway might look like this: 128.70.75.2 128.70.80.3 biway gate-biway 3. Ensure that the router has the appropriate name in its /etc/sys_id file. Following this example, the /etc/sys_id file should look like this: biway 38 Setting Up a Router 4. Reconfigure the kernel and reboot the station to initialize your changes and interfaces. Some systems prompt you for permission, as in the following example. Others simply return a shell prompt. In either case, enter the reboot command when the kernel has been reconfigured: /etc/autoconfig Automatically reconfigure the operating system? (y/n)y reboot Note: If you do not want to use the standard router naming scheme, you must modify the /etc/config/netif.options file. “Modifying the Network Interface Configuration” on page 46 details the procedure for changing an interface name. Configuring a Router With More Than Two Interfaces If the router contains more than two interfaces, you must modify the /etc/config/netif.options file in addition to the /etc/hosts and /etc/sys_id files. In the netif.options file, you must define the interface type (enp1, ipg0, and so on). By default, the names for the third and fourth interfaces are gate2-$HOSTNAME and gate3-$HOSTNAME, where $HOSTNAME is the value returned when you issue the hostname command. If you want to modify the interface names, see “Modifying the Network Interface Configuration” on page 46 for the detailed procedure. To set up a router with more than two interfaces and using the default naming scheme, follow this procedure: 1. Log in as root. 2. Assign valid Internet names and addresses to all interfaces in the /etc/hosts file. For example, the /etc/hosts file entries for the router freeway, with four interfaces, would look like this: 128.70.30.1 128.70.32.4 128.70.41.5 128.70.59.6 freeway gate-freeway gate2-freeway gate3-freeway 3. Ensure that the router has the appropriate name in its /etc/sys_id file. Following this example, the /etc/sys_id file should look like this: freeway 39 Chapter 3: Setting Up a Network 4. Modify the netif.options file to define your interface types. For this example, the third and fourth interfaces are FDDI (ipg*). Change the if3name and if4name variables from if3name= if4name= to if3name=ipg0 if4name=ipg1 5. Save your changes to the netif.options file. 6. Reconfigure the kernel and reboot the station to initialize your changes and interfaces. Some systems prompt you for permission, as in the following example. Others simply return a shell prompt. In either case, enter the reboot command when the kernel has been reconfigured: /etc/autoconfig Automatically reconfigure the operating system? (y/n)y reboot Configuring Routing Behavior By default, when a station has two or more network interfaces, it automatically forwards (routes) packets between the two interfaces. If you do not want the station to serve as a router on its network, disable its route advertising. 1. Modify the /etc/config/routed.options file so the router will not supply routing information about general network routes (-q) or local interface routes (-h). Enter: echo -qh > /etc/config/routed.options 2. Using the /etc/init.d/network script, turn the network off momentarily, then start it again. Enter: /etc/init.d/network stop /etc/init.d/network start 3. When the network comes up, verify that it is not forwarding packets with the netstat tool. Enter: netstat -s -p ip |grep forward 40 Setting Up a Router To change forwarding dynamics, create or edit the /etc/config/routed.options file to contain the desired options. Some of the behaviors that can be altered by means of the /etc/config/routed.options file are listed below: • Suppress or force publicizing of routing information • Enable tracing of all received packets • Filter packets destined for specific networks See the routed(1M) online reference page for more details. Turning On Multicast Routing Multicast routing is a delivery method in which a message is sent to a designated group of receivers by the shortest delivery path (see Figure 3-1). Silicon Graphics systems implement the Distance-Vector Multicast Routing Protocol (DVMRP, originally specified by RFC-1075) with the mrouted process. Note: As of IRIX 6.3, multicast routing can be used in combination with Network Information Service (NIS) to reduce the number of NIS servers needed throughout the network. For details, see the information on multicast-YP in the portmap(1M) and ypserv(1M) reference pages. To turn on multicast routing, do the following: 1. Identify the routers on each network that need to support multicasting. Make sure that the routers you select are running IRIX Version 5.2 or later. 2. If you haven’t already done so, install on each router the eoe.sw.ipgate subsystem from your IRIX distribution source. Run autoconfig(1M) if necessary. 3. As root, enter the command chkconfig mrouted on 4. Restart the system with the reboot command. 41 Chapter 3: Setting Up a Network Understanding Where Multicast Packets Are Forwarded Figure 3-1 shows an example network with three routers. Host Host et N Router 1 D Router 2 et N C Host Router 3 et N B Host et N A Figure 3-1 42 A Network With Multicast Routers • If people on networks A, C, and D are listening for packets, as shown in the figure, all four networks receive the multicast packets. • If people on networks A and C are listening for packets, networks A, B, and C receive the multicast packets. • If three or more people on network A are listening for packets, networks A and B receive the multicast packets. The multicast routing protocol prevents packets from being sent to “leafs” of the network, such as networks C and D; however, it doesn’t prevent packets from being sent to interior networks, such as network B. Setting Up a Router Setting Up Tunnels to Support Multicast Packets If your routers do not support multicast routing, you can support multicast packets by creating tunnels between the networks. Any Silicon Graphics workstation running IRIX Version 5.2 or later can be configured as the endpoint of a tunnel. With tunneling, the multicast packets are encapsulated inside unicast packets, and then are sent to the other end of the tunnel. They are converted back into multicast packets when they are received. Figure 3-2 shows an example of a setup with a tunnel between networks A and C. Host Router 1 et N C Host Router 2 et N B Host et N A Figure 3-2 A Tunnel Between Networks A and C 43 Chapter 3: Setting Up a Network To create the tunnel, edit the file /etc/mrouted.conf. Step-by-step instructions follow: 1. Select the systems on each network that you will use for the sending and receiving end of the tunnel. Choose a system that is running IRIX Version 5.2 or later, is fast, and is not used extensively. The audio and video data may be intermittent if the system you select is slow or overloaded. 2. If you haven’t already done so, install the eoe.sw.ipgate subsystem from your IRIX distribution source. 3. As root, edit the file /etc/mrouted.conf on the sending and receiving end of the tunnel. Note that these endpoints can be separated by many routers; you can use any machine on the network that is running IRIX Version 5.2 or later. Add the following line for each network to which you want to establish a tunnel. tunnel In the above example, the system on network D would have the following entry: tunnel 128.70.58.1 128.65.170.2 The system on network A would have the following entry: tunnel 128.65.170.2 128.70.58.1 4. You can specify other optional settings for the tunnel. For details, see the mrouted(1M) reference page. 5. Restart the system. Note: One copy of the multicast packets is sent for each tunnel entry in mrouted.conf. This results in extra network traffic. For example, suppose you have a workstation with one network interface and you set up tunnels to workstations on three other networks. The packets are replicated three times. Updating /etc/rpc for NIS Users The IRIX copy of the /etc/rpc file contains additions that are essential for using certain multicast utilities if you’re running the Network Information Service (NIS). If the NIS master is not running IRIX Version 5.2 or later, or is not a Silicon Graphics workstation, verify that the /etc/rpc file on the NIS master includes these additions: sgi_iphone 391010 sgi_videod 391011 44 Subnetting a Network Subnetting a Network Implementing the subnet address scheme is a very simple procedure. The following steps are necessary to implement subnetting: 1. Set the netmask. 2. Reboot the station. Note: If you have not done so already, read Chapter 2, “Planning a Network.” It contains information about partitioning Internet addresses for subnetting. Setting the Netmask The netmask option of the ifconfig command is used to interpret and define the network portion (subnets included) of the Internet address. A network mask defines the portion of the Internet address that is to be considered the network part. This mask normally contains the bits corresponding to the standard network part as well as the portion of the host part that has been assigned to subnetworks. If no network mask is specified when the address is set, it will be set according to the class of the network. To configure a station’s primary interface to recognize a subnetted Class B address that is using 8 bits of the host ID for defining the subnets, create or modify the /etc/config/ifconfig-1.options file and insert the following line: netmask 0xffffff00 This netmask value indicates that for the primary interface, the upper 24 bits of the Internet address represent the network portion of the address, and the remaining 8 bits represent the host ID. The nonsubnetted netmask for a Class B address (in hexadecimal) would be 0xffff0000. The netmask value can be set using hexadecimal, dot-notation Internet address, or pseudo-network name formats. This entry must be made on all stations on the subnet. Note: For stations with multiple interfaces, the network mask should be set for each interface in the appropriate ifconfig-*.options file. 45 Chapter 3: Setting Up a Network Rebooting the Station When the netmask value is set, the station must be reconfigured and rebooted to incorporate the new network address into the stations routing tables. Always reboot routers before regular stations, because they provide routing information to other stations and networks. Reconfigure the kernel and reboot the station to initialize your changes and interfaces. Some systems prompt for permission before reconfiguring the kernel, while others simply return a shell prompt. In either case, enter the reboot command explicitly: /etc/autoconfig Automatically reconfigure the operating system? (y/n)y reboot Modifying the Network Interface Configuration You do not always need to modify (configure) a station’s network interface; in most situations, the default configuration suits the site’s needs. Modifying the network interface configuration requires that you modify the /etc/config/netif.options file. You modify this file if • the station has more than two interfaces • you don’t like or use the default naming conventions • the default order is incorrect There are two configurable variables in the netif.options file: interface name and interface address. The interface name variable designates the order (first, second, third, or fourth) and type of interface involved. The interface address variable assigns a valid Internet address to each interface. There must be a valid Internet address for each interface in the /etc/hosts file. Table 3-1 summarizes the interface name and interface address variables. 46 Modifying the Network Interface Configuration Table 3-1 Variables for the netif.options File Variable Name Variable Examples Interface Name ifxname= if1name=enp0 where: if2name=ipg0 x = 1, 2, 3, or 4 if3name=enp1 name=ec0, et0, enp0, if4name=enp2 enp1, fxp1, ipg0, ipg1, etc. Interface Address ifxaddress= if1address=$HOSTNAME where: if2address=fddi-$HOSTNAME x = 1, 2, 3, or 4 if3address=gate-goofy address=$HOSTNAME, station name, or Internet address if4address=128.70.28.2 You can modify either or both variables. Instructions for modifying both variables are provided below. Modifying the Interface Name When a station has more than two network interfaces, you must modify the name entries in the /etc/config/netif.options file to assign the interface order. Default order is assigned only to the first two interfaces. Additionally, if you want to change the order (first, second, and so on) or interface type assigned to a network interface, you must modify the /etc/config/netif.options file. This example makes the first FDDI interface secondary. 1. Using the netstat command, verify the network interface’s name: /usr/etc/netstat -ina 2. Using vi or any editor, open the netif.options file for editing: vi /etc/config/netif.options 47 Chapter 3: Setting Up a Network 3. Locate and modify the appropriate interface name variable. For this example, search for the secondary interface name variable (if2name) and change it from the default configuration to a configuration that supports the first FDDI interface as secondary: Change from this: : if2name = to this: if2name=ipg0 Caution: Note that all default variables (primary and secondary) start with a leading colon (:). You must remove it and enter the interface type to change the default interface name. 4. Save and exit the file. If you have no other changes, autoconfigure and reboot the station. Otherwise, repeat this procedure for each interface name change. Note: When you alter the order of one network interface, the other interfaces in the station remain in their default relative ordering. For example, on a three-interface station (a=first, b=second, and c=third), if you were to make the default second the first (b=first), the remaining interfaces would be configured a=second and c=third. Modifying the Interface Address To change the default interface address, modify the /etc/config/netif.options file. All interface names require valid Internet addresses as found in the /etc/hosts file. The $HOSTNAME variable pulls the station name from the /etc/sys_id file. This example changes the second, third, and fourth interface addresses as follows: 48 • second interface address: fddi-$HOSTNAME • third interface address: gate-goofy • fourth interface address: 128.70.28.26 Modifying the Network Interface Configuration Follow these instructions to modify your network interface address according to the above example: 1. Verify or assign a valid entry for each interface in the /etc/hosts file. Write down the name and address for each interface. 2. Using vi or any editor, open the netif.options file for editing: vi /etc/config/netif.options 3. Locate and modify the appropriate interface address variable. For this example, we want to modify the second, third, and fourth interface address variables. Find and modify each variable as follows: Change from this: : if2addr=gate-$HOSTNAME if3addr=gate2-$HOSTNAME if4addr=gate3-$HOSTNAME to this: if2addr=fddi-$HOSTNAME if3addr=gate-goofy if4addr=128.70.28.26 Caution: Note that all default variables (primary and secondary) start with a leading colon (:). You must remove it and enter the interface address to change the default interface address. 4. Save and exit the file. Repeat this procedure for each interface address change. If you have no other changes, reconfigure and reboot the station. Assigning IP Aliases You can assign multiple IP addresses to a single network interface using the IP aliasing feature of the ifconfig command (see ifconfig(1M)). This feature is useful if you find it necessary to use the same network interface for connections to several networks; it is also useful for maintaining an obsolete address for a host until users learn its new address. IP aliasing is supported on all network interface types. 49 Chapter 3: Setting Up a Network When IP aliasing is implemented on a host, the address that the /etc/host file assigns to the hostname in /etc/sys_id is considered the primary address for the interface, and alternative names assigned by the ifconfig command are considered IP aliases. When you display network information (see “Collecting Network Statistics With netstat” in Chapter 4), the primary address of an interface is listed first, followed by its aliases. To assign an IP alias, use this form of the ifconfig command: # ifconfig interface alias address [netmask mask_num] [broadcast address] Note: Be sure to read the information in “IP Alias Guidelines” (below) before assigning IP aliases. You can specify a hostname from /etc/hosts instead of an IP address as the value of alias. For example, either command below assigns an IP alias to the ec0 interface. The interface in this example uses a netmask and broadcast address, but these fields are optional: # ifconfig ec0 alias 128.70.40.93 netmask 0xffffff00 broadcast 128.70.40.255 # ifconfig ec0 alias plum netmask 0xffffff00 broadcast 128.70.40.255 IP Alias Guidelines In theory, the number of IP aliases assigned to a given network interface is limitless; however, the recommended maximum number is 1000. In addition, the primary address of an interface and all its IP aliases should share a common subnet address. For example, if the primary address of an interface on a class B network is 128.70.12.23, its IP aliases should be addresses such as 128.70.12.19, 128.70.12.53, and so on. Creating an IPaliases File You can save IP alias settings in the /etc/config/ipaliases.options file so they are automatically assigned during the network initialization process. The ipaliases.options file is read by the network script if the /etc/config/ipaliases file contains the value on. Use the procedure below to create an ipaliases.options file and assign IP aliases automatically during network initialization: 1. Edit ipaliases.options using your favorite editor: # vi /etc/config/ipaliases.options 50 Changing Network Parameters Your entries should look similar to the example below. In this example, broadcasting is performed on the Ethernet but not the FDDI network: ec0 ec0 ipg0 ipg0 128.64.56.51 netmask 0xffffff00 broadcast 128.64.56.255 128.64.56.12 netmask 0xffffff00 broadcast 128.64.56.255 190.111.79.16 netmask 0xffffff00 190.111.79.10 netmask 0xffffff00 2. Create an ipaliases file and set IP aliasing on in the file: # chkconfig -f ipaliases on 3. Stop and restart the network to put your changes into effect: /etc/init.d/network stop /etc/init.d/network start IP Aliasing and Routing Each IP alias is maintained in the IRIX routing table as a host route between the primary address and the alias. By default, IRIX assumes that a host containing multiple network interfaces is a router. These multi-homed hosts perform packet forwarding and advertise routing information on the networks to which they are attached. However, if you implement IP aliasing on a host with a single network interface (to connect a local network and the Internet, for example), route advertising is not enabled. In this case, it is necessary to force route advertising to make the network location of the local hosts known. To force route advertising, enter the -s option in the routed.options file on the IP-aliased host. Changing Network Parameters Network parameters are those settings that determine how an interface processes or supplies certain network information. Modifying network parameters requires that you create and modify the appropriate /etc/config/ifconfig-#.options file (where “#” can be 1, 2, 3, or 4, based on the interface name). The default parameter settings are known to function well and suit most site needs. Changing the settings can cause a network to become dysfunctional. It is recommended that these parameters be changed only by experienced or trained network managers. 51 Chapter 3: Setting Up a Network Modifying the ifconfig-#.options File There are four nondefault network parameters that can be set in the ifconfig-#.options file: • netmask • broadcast address • Address Resolution Protocol (ARP) • route metric These steps show how to set the nondefault network parameters: 1. Using the netstat command, determine the order assigned to the network interface at configuration time: /usr/etc/netstat -i 2. Using vi or any editor, open or create the file /etc/config/ifconfig-#.options, where the pound sign (#) represents the network interface’s name. For example, to configure a primary interface, open or create the file /etc/config/ifconfig-1.options. 3. To change the network mask value for a network interface, enter a line with the word netmask followed by a space and either the 32-bit hexadecimal value, Internet address dot-notation, or the pseudo-network name: netmask 0xffffff00 See “Turning On Multicast Routing” on page 41 for more details regarding netmasks. 4. To change the broadcast address for a network interface, enter a line with the word broadcast followed by a space and the dotted decimal IP broadcast address: broadcast 189.170.6.0 To enable or disable the Address Resolution Protocol (ARP), enter a line with arp (to enable) or -arp (to disable): arp The ARP tables are used by some of the network management tools (netstat, ifconfig, and so on) and provide the administrator with invaluable network information. 52 Dynamic Host Configuration With Proclaim 5. To change the routing metric count for a network interface, enter a line with the word metric followed by a space and the count: metric 7 The default metric count, also called hops, is 0. The routed daemon monitors the number of hops required to route data from one network to another. If you want to reduce network traffic on a particular route, increase the metric count on the appropriate router. The interface configuration file for the secondary interface might look like the following: cat /etc/config/ifconfig-2.options netmask 255.255.255.0 broadcast 129.78.50.0 -arp metric 4 The interface configuration file above indicates that the Class B network is subnetted using 8 bits of the host ID for the subnet. It uses 0 as the broadcast address instead of the default 1. ARP has been disabled and the metric (hop) count has been set to 4 to discourage router traffic. Dynamic Host Configuration With Proclaim This section describes the IRIX proclaim facility, which is based on the dynamic host configuration protocol (DHCP) described in RFC 1541. Proclaim and DHCP allow you to allocate hostnames and network addresses automatically. DHCP permits site administrators to set up one or more server systems that dynamically distribute network IP addresses and site configuration parameters to new or requesting client systems. In this way, a site with only a few available addresses can serve a large number of hosts that connect to the network only occasionally, or a large site can manage the permanent assignment of addresses with a minimum of administrative attention. The proclaim facility consists of a daemon that runs on a master server, optional relay daemons for servers on subnets, GUI configuration programs, and a client application that communicates with the DHCP servers. All these programs are bundled with the IRIX operating system. 53 Chapter 3: Setting Up a Network The sections below provide information about configuring proclaim servers and clients. If you are not comfortable with the basic concepts of networking, IP addresses, and netmasks, please read Chapter 1, “Internet Protocol Addresses” in Chapter 2, and “Setting the Netmask” in this chapter before continuing with this section. Configuring the DHCP Server The dhcp_bootp program is a server that communicates with DHCP and proclaim clients to provide host configuration information, including an IP address at minimum. If your site uses DNS to maintain the hosts map, you need some external mechanism (such as a script) to update the DNS map from the DHCP server. If your site uses NIS to maintain the hosts and ethers maps, dhcp_bootp must be run on the same machine as the NIS master server. The DHCP server generally uses configuration parameters based upon the subnet number of the originating client request. The configuration files are all placed in the directory /var/dhcp/config and are named in the form config. . For example, the configuration file for clients on the 128.78.61 network should be named config.128.78.61.0. If the subnet configuration file does not exist, then the config.Default file applies instead. If the default configuration file is missing or unreadable, clients are configured to match the DHCP server itself. To configure the DHCP server, you can run the ProclaimServerMgr graphical interface, as described by the ProclaimServerMgr(1M) reference page. If you prefer, you can configure server options using your favorite text editor, altering the keywords documented on the dhcp_bootp(1M) reference page. Configuring the DHCP Relay Agent The dhcp_relay program is a subnet agent that communicates with the main DHCP server to provide DHCP and proclaim clients with host configuration information. If your site uses DNS to maintain the hosts map, you need some external mechanism (such as a script) to update the DNS map from the DHCP server. If your site uses NIS to maintain the hosts and ethers maps, your site’s main DHCP server must be on the same machine as the NIS master. In any case, you should run dhcp_relay on all subnets besides the one with the main DHCP server. 54 Dynamic Host Configuration With Proclaim The DHCP relay agent reads the configuration file /var/dhcp/config/dhcp_relay.servers to determine the location of the main DHCP server. This configuration file should contain the IP address and hostname of the DHCP server, on two separate lines. To configure the relay agent, you can run the ProclaimRelayMgr graphical interface, as described by the ProclaimRelayMgr(1M) reference page. If you prefer, you can configure relay agent options using your favorite text editor, following the steps documented on the dhcp_relay(1M) reference page. The Proclaim Client The proclaim client communicates with a DHCP server to obtain host configuration parameters, including an IP address and IP address lease at minimum. You can use proclaim to set up and configure new systems automatically, and also to move systems from one network to another without administrative intervention. The proclaim client can also verify configurations at reboot time. For more information about setting up proclaim on client systems, see the proclaim(1M) reference page. Limitations and Restrictions The following restrictions and limitations are present in this release: • The DHCP server must be the NIS master if your site uses NIS for hostname, IP address, or network hardware address validation and mapping. Note that NIS is an optional software product, and not all systems and networks use it. • If your site uses DNS to maintain the hosts map, you need an external mechanism (manual or automated) to update the DNS map from DHCP. This limitation should be lifted in the next release. • The server cannot respond simultaneously to both DHCP and bootp clients requests, although it can act as the bootp server for normal bootp requests. 55 Chapter 3: Setting Up a Network Creating a Local Network Script To start and terminate locally developed network daemons, or to publish ARP entries and set routes, create the separate shell script /etc/init.d/network.local. Make symbolic links in /etc/rc0.d and /etc/rc2.d to this file to have it called during station startup and shutdown: ln -s /etc/init.d/network.local /etc/rc0.d/K39network ln -s /etc/init.d/network.local /etc/rc2.d/S31network See /etc/init.d/network for the basic format of the script. Also refer to network(1M), rc2(1M), and rc0(1M) for more information. Turning On Remote Access Logging Several network daemons have an option that lets you log remote accesses to the station log file /var/adm/SYSLOG by using syslogd. Sites connected to the Internet should use this feature. To enable logging for ftpd, tftpd, and rshd, edit /etc/inetd.conf and add “-l” after the right-most instance of ftpd and tftpd. Add “-L” after the right-most instance of rshd. For additional ftp logging, add “-ll” to the ftpd entry. Signal inetd to reread its file after you have added your changes: /etc/killall -HUP inetd Remote logins by means of rlogin, telnet, and the 4DDN sethost programs can be logged by login. Edit /etc/default/login and add the keywords “SYSLOG=ALL” or “SYSLOG=FAIL” to it. For example, this command in the login file logs successful and failed local and remote login attempts to syslogd: syslog=all See the login(1) reference page for details. Setting Up Network-Wide Services In addition to the required software that you must set up on each system on the network, you may want to designate certain systems to provide network-wide services. For example, you can set up a system as an InSight server, so that users can access a complete set of InSight books without installing them all on their local disks. The following sections discuss setting up an anonymous ftp server, and setting up an InSight server. 56 Setting Up Network-Wide Services How to Set Up a Proper Anonymous FTP Account An anonymous FTP account is a way for you to make information on your system available to anybody, while still restricting access to your system. An anonymous FTP account lets anybody log in to your system as user “anonymous,” or “ftp.” Any such login causes the system to chroot to the FTP home directory (~ftp). This effectively limits the anonymous FTP user from accessing any part of your directory structure that is not a subdirectory of ~ftp (see chroot(1M)). The following procedure is designed to help you set up a network-accessible anonymous FTP account. As usual, understanding the various steps and continually monitoring how the account is used are necessary to protect your system security. 1. Create the anonymous FTP user entry in /etc/passwd. The user name should be “ftp.” Put an asterisk (*) in the password field, and assign user and group IDs, a home directory, and a login shell. The following is an example of a typical entry in /etc/passwd for an anonymous FTP account: ftp:*:997:999:anonymous FTP account:/usr/people/ftp:/dev/null The login shell /dev/null is recommended but not required, and the home directory can be anywhere, with reservations as explained in the next step. 2. Create an anonymous FTP directory. This may be wherever you like but, especially if you are going to allow writes to it, it should probably be on a separate partition from / or usr. That way, if the partition fills up, it will not disable basic system operations. In this example procedure, /usr/people/ftp is the name of the anonymous FTP directory. First, make the directory: # mkdir /usr/people/ftp and then, if it is a separate disk or disk partition, you can mount the device on it (see mount(1M)). The anonymous FTP home directory you make must be the same one you specify in the /etc/passwd file. 3. Set global read and access permission for the anonymous FTP directory, and change the owner to “ftp” and the group to “other”: # chmod 555 /usr/people/ftp # chown ftp.other /usr/people/ftp 57 Chapter 3: Setting Up a Network 4. Change directory to the ftp home directory and create the subdirectories used for FTP access: # cd /usr/people/ftp # mkdir bin etc pub private In addition to the standard bin, etc, and pub directories, you may wish to make a private directory for private transmissions, as explained below. 5. For the bin and etc directories, set the owner to “root,” group to “sys,” and global read and access permissions: # chmod 555 bin etc # chown root.sys bin etc 6. For the pub directory, set the owner to “ftp,” the group to “other,” and global read, write, and access permission: # chown ftp.other pub # chmod 777 pub Caution: By allowing write permission, you make it possible for anonymous FTP users to fill the disk partition. 7. If you created a private directory, set the permissions to allow anybody to write to it but not to read its contents: # chown ftp.guest private # chmod 333 private Anybody logging in can now place or retrieve files in the private directory, but they must be told the name of the file beforehand, because they cannot list the directory contents. Caution: By allowing write permission, you make it possible for anonymous FTP users to fill the disk partition. 8. Copy the ls command from /bin to ~ftp/bin: # cp bin/ls bin 58 Setting Up Network-Wide Services 9. Copy /etc/passwd and /etc/group to ~ftp/etc and edit the files to an acceptable minimum: # cp /etc/passwd etc # cp /etc/group etc A good choice for the contents of passwd might be root:*:0:0:super-user:/:/dev/null bin:*:2:2:system tools owner:/bin:/dev/null sys:*:4:0:system activity owner:/usr/adm:/dev/null ftp:*:997:999:anonymous FTP account:/usr/people/ftp:/dev/null A good choice for the contents of group might be other::995: guest:*:998: ftp:*:999: 10. Set restrictive permissions on ~ftp/etc/passwd and ~ftp/etc/group: # chmod 444 etc/* 11. Add appropriate device and library files for anonymous FTP as follows: # mkdir dev # /sbin/mknod /usr/people/ftp/dev/zero c 37 0 # mkdir lib # cp /lib/libc.so.1 lib # cp /lib/rld lib 12. Add the following entry to the file /etc/aliases to cause mail sent to the user ftp to go to the postmaster: ftp: postmaster Run the command newaliases to make this take effect. (This assumes you have an alias of postmaster in /etc/aliases. See aliases(4) and newaliases(1M).) 13. Enable FTP logging as described in “Limiting inetd Services” in Chapter 5 in IRIX Admin: Backup, Security, and Accounting . Note that if you use one -l argument with ftpd, you record only successful and unsuccessful FTP login attempts. If you use two “l”s, you also record actions on files and directories performed during ftp login sessions, and three “l”s cause the report to include the number of bytes transferred in get and put operations. 59 Chapter 3: Setting Up a Network For example, the following entry in /etc/inetd.conf means all logging information but the byte count is sent to /var/adm/SYSLOG: ftp stream tcp nowait root /usr/etc/ftpd ftpd -ll 14. Once you have edited /etc/inetd.conf, restart inetd with the following command: # /etc/killall -HUP inetd Note: Although the FTP logging records in /var/adm/SYSLOG now show any passwords entered by users logging in, no password checking is done for anonymous FTP. The convention is for anonymous users to enter their e-mail addresses for passwords, but they could just as easily enter another user’s address or anything at all. If you place any text in the file /etc/issue, it is displayed when a user connects to your system, before the login prompt is displayed. You might want to include information here about the kind of services your FTP site offers, and whom to contact in case of problems. In addition, any text in the file ~/ftp/README is displayed after the anonymous FTP user logs in. Refer to crontab(1), syslogd(1M), and the file /var/spool/cron/crontabs/root for information on changing the frequency or nature of system log file maintenance—you may, for example, want to increase the length of time you keep log files. To help you keep track of the demands made on your public FTP server, see Chapter 6 of IRIX Admin: Backup, Security, and Accounting for information on auditing system resource usage, and Chapter 7 of IRIX Admin: Backup, Security, and Accounting for general system accounting information. Setting Up an InSight File Server The files and directories that make up the InSight system of online documentation take up a great deal of space. In your network, there is no reason for each system to maintain a separate copy of the InSight documents as long as all systems are at substantially the same software revision level. If the InSight software revision level is the same across several systems, you can designate one system to serve the others with the InSight files, thus freeing up disk space on the client systems. Be sure to choose a server system that is not called upon to carry a heavy workload, and take your network performance into account before you begin. If your users use InSight a great deal and your network is already burdened, you may find that your users will not appreciate the decreased response time from both InSight and your network in general. 60 Setting Up Network-Wide Services Also, if a person is to use the InSight server as his or her workstation, that person must be prepared to accept a certain (possibly substantial) amount of disk, CPU, and network overhead as a result. There are two convenient ways to set up an InSight server. These will be detailed in the following subsections. Both methods require that you have the NFS software option installed. If you do not understand the terms and concepts behind NFS, you should read the ONC3/NFS Administrator’s Guide and the NIS Administration Guide before undertaking these projects. The second method described here also requires a dedicated CD-ROM drive to hold the InSight distribution media. A Conventional InSight Server/Client System To install the IRIS InSight Viewer and Document Library on a remote server and retrieve the information from a local client system, follow the steps below. On the server system: 1. Log in as root (superuser). 2. Bring up inst(1M) and install the complete IRIS InSight product image (from your CD-ROM drive or distribution directory) with the commands Inst> install insight insight_gloss *.books.* Inst> go The total size of the viewer and document library is a little less than 23 megabytes. 3. Export the /usr/share/Insight/library/SGI_bookshelves directory using the System Manager or the exportfs command: exportfs -i /usr/share/Insight/library/SGI_bookshelves If the server does not have a graphical display, a warning is generated during the exit. This warning relates to updating the X server's font directory and can be ignored. On the client system: 1. Log in as root (superuser). 2. Give the command versions remove *.books.* to remove the books on your bookshelves. 61 Chapter 3: Setting Up a Network 3. Run the inst command on your client system and give the following commands to install the insight.sw.client subsystem (you may want to install the insight.man.man and the insight.man.relnotes subsystems as well): Inst> keep insight insight_gloss Inst> install insight.sw.client Inst> go 4. Mount the SGI_bookshelves directory from your server on your client system. In the example below, the name of the server machine is capra. mkdir /usr/share/Insight/library/SGI_bookshelves mount capra:/usr/share/Insight/library/SGI_bookshelves /usr/share/Insight/library/SGI_bookshelves Note that when you enter the mount command on your client system, the entire command line goes on a single line. The command is broken across two lines in this example due to formatting limitations. Note: If you have remote-mounted your InSight books, the Silicon Graphics desktophelp system will not operate correctly while the books are mounted. To view the desktophelp, unmount the books temporarily. A CD-ROM InSight Server/Client System With this method, you need not use up your disk space for the InSight files if you have a CD-ROM drive you can dedicate to InSight. You simply leave the CD with the InSight distribution in the drive and link the mounted distribution to the directory where InSight would have installed the files. The drawback of this system is that you must dedicate a CD-ROM drive to the purpose, but this method can be used with NFS to provide server access to your entire network. Note: If you have a version of the IRIS InSight Document Library installed on your client disk but you want to mount the books from the CD-ROM, you must remove all the files in /usr/share/Insight/library before creating the symbolic link described in step 2. Use the versions remove command to cleanly remove the books, then check the directory to be sure all files have been removed. If you wish to use the IRIS InSight Viewer and Document Library from the CD-ROM and access the information from a local or remote system, follow the steps below. 62 Setting Up Network-Wide Services On the server system with the CD-ROM drive: 1. Log in as root (superuser). 2. Insert the IRIS InSight CD into the CD-ROM drive. If the drive is not mounted, use the System Manager or the mount(1M) command to mount the drive. The most common mount point is /CDROM. If the drive is mounted correctly, you should be able to change directories to /CDROM and see all the files in the IRIS InSight CD. To see the files, use the command cd /CDROM/insight 3. As root, create a symbolic link from /usr/Insight/library/SGI_bookshelves to the CD insight directory. You may need to create the directory /usr/Insight/library if it doesn't exist. Use the commands: mkdir -p /usr/share/Insight/library ln -s /CDROM/insight/SGI_bookshelves /usr/share/Insight/library Note that when you enter the link command on your client system, the entire command line goes on a single line. The command is broken across two lines in this example due to formatting limitations. At this point, the InSight bookshelves are mounted on your server and available for use on that system. To allow users on other systems on your network to use the bookshelves, proceed to step 4. 4. If you want to share the bookshelves with other users on your network, export the /CDROM directory using the System Manager or the exportfs command: exportfs -i /CDROM On each client system, perform the following steps: 1. Log in as root (superuser). 2. Run the inst command and give the following commands to install the insight.sw.client subsystem (you may want to install the insight.man.man and the insight.man.relnotes subsystems as well). You can get the installation software from the CD in the /CDROM/dist directory on the server. Inst> keep * Inst> install insight.sw.client Inst> go 63 Chapter 3: Setting Up a Network 3. Mount the bookshelves from the server. In the example below, the name of the server machine is capra. Use the following command: mount capra:/CDROM/insight/SGI_bookshelves /usr/share/Insight/library/SGI_bookshelves Note: When you enter the mount command on your client system, type the entire command on a single line. The command in the previous example is broken across two lines due to formatting limitations. Using Remote InSight After the software has been installed, you should force your shell to remake its list of available programs and commands with the command rehash You can now invoke the IRIS InSight Viewer. The command to invoke the viewer is iiv (an acronym for IRIS InSight Viewer): iiv Troubleshooting Your Ethernet Connection This section addresses some of the common Ethernet-related problems. See also “Troubleshooting System Configuration Using System Error Messages” in IRIX Admin: System Configuration and Operation. Cable Problems Unplugged or loose cables are the most common problem that causes Ethernet-related error messages. For example: unix: : no carrier: check Ethernet cable This message means that the carrier was not detected when attempting to transmit. One recommendation is • 64 Check to see if the Ethernet cable is unplugged from the back of the machine. For detailed instructions on connecting the cable, see your owner’s guide. You do not need to shut down the system to connect or disconnect the cable. If you re-connected the cable, test the network connection. Troubleshooting Your Ethernet Connection After determining that the transceiver cable is plugged into the back of the machine and also into the transceiver box, look for other possible reasons for failure. • Check the machine’s transceiver. • Check the transceiver cable, and try swapping it out with one that is working on another machine. • Check for a problem with a 10baseT hub. • If you try all the troubleshooting techniques and you still cannot access the network, contact your service provider; the network itself may be temporarily out of order. For more information on this error, see the reference page for ethernet(7). Late Collisions Another problem related to cabling is that of late collisions. These result in errors like the following: unix: : no carrier: check Ethernet cable The controller tried to transmit a packet but received a late collision signal from another machine. This usually indicates a problem in the Ethernet cable layout. The most frequent causes of this problem are excessively long cables and loose cable connections. To isolate the problem, first look for violations of the Ethernet cable limits. For 10BASE5 cable (thicknet) the maximum segment length is 500m; for 10BASE2 cable (thinnet) the maximum segment length is 200m. The length of a transceiver cable (the cable that goes between a machine’s Ethernet port and its transceiver) should not exceed 50meters. If all cables are within the specified limits and all connectors are firmly seated, this error could indicate a hardware problem in an Ethernet controller or transceiver. Some recommendations are: • Check other machines on the network for bad Ethernet controllers. • Check other machines on the network for bad transceivers. I f you suspect a bad transceiver, you can try swapping in a different one that works on another system. • Check to see if removing a certain machine from the network makes the problem change or disappear. 65 Chapter 3: Setting Up a Network Packet Size A bad Ethernet controller somewhere on the network can cause problems by sending packets that are too large or too small, causing errors like this: unix: : packet too small (length = ) unix: : packet too large (length = ) The Ethernet controller received a packet that was smaller than the minimum packet size or larger than the maximum packet size allowed by Ethernet. This problem is caused by another machine with a bad Ethernet controller or transceiver. Some recommendations are • Check other machines on the network for bad Ethernet controllers. • Check other machines on the network for bad transceivers. I f you suspect a bad transceiver, you can try swapping in a different one that works on another system. • Check to see if removing a certain machine from the network makes the problem change or disappear. For more information on this error, see the reference page for ethernet(7). Unable to Contact Server System When your system cannot contact a network system, an error message similar to this is displayed: portmapper not responding: giving up This problem occurs in one of these situations: • The system is not running. Physically go to the system or call the system’s Primary User or Administrator to check to see if the system is powered up and running. • The network is not running. To check, try to access another system on the network. 66 Troubleshooting Your Ethernet Connection • The network administrator changed some information about the system or about the system’s logical location on the network. Check whether this is the case, and get the appropriate information to fix the problem. • The system has too many users or systems using its resources. It cannot provide services to you at this time. Contact the system’s Primary User or Administrator to check on this. Checking Additional Network Interfaces If your system has more than one network interface (additional interfaces are usually fiber-optic [FDDI] links or SLIP connections or other Ethernet boards) you can easily perform the above checks on each network interface. To check your other network interfaces, give the netstat -in command. You see output similar to the following: Name Mtu Network Address ec0 1500 128.70.0 128.70.0.9 15 0 15 0 24 ec1 1500 128.70.2 128.70.2.5 15 0 15 0 24 sl0 1006 (pt-to-pt) 128.70.0.9 0 0 0 0 0 lo0 8304 loopback 8101 0 8101 0 0 localhost Ipkts Ierrs Opkts Oerrs Coll The second Ethernet connection is to the network 128.70.2, a different LAN from the first Ethernet connection. The address of the local station on the second LAN is 128.70.2.5. To check that connection, use the ping command to test the connection to another station on that network. There is also a SLIP link running in this example. The SLIP link extends the same LAN as ec0 to another system in a different location. To test this link, find the hostname or IP address of the station at the other end of the SLIP link and use the ping command to test connectivity. The lo0 interface is the loopback network interface on the local host. 67 Chapter 4 4. Managing a Network This chapter provides information on how to manage a network after installation. Management includes maintenance, monitoring, and problem isolation. This chapter provides brief descriptions of the various network management tools, help in interpreting network statistics, a discussion of the factors that can affect network performance, and some of the network kernel configuration options. The following topics are covered: • “Network Startup and Shutdown” on page 69. • “Network Management Tools” on page 71 • “Interpreting Network Statistics” on page 74 • “Troubleshooting Poor Network Performance” on page 78 Network Startup and Shutdown The main network script is /etc/init.d/network. Other scripts for other network applications (UUCP, mail, and so on) also reside in this directory, but are covered in their appropriate chapter in this guide. A brief description of the network script is provided. The network master script is called during system startup and shutdown. It defines the system name and host ID, ensures that the system has a valid Internet address, starts networking daemons, and initializes the network interfaces. Site-dependent configuration commands to start and stop local daemons, add static routes, and publish ARP entries should be put in a separate shell script called /etc/init.d/network.local. Make symbolic links from /etc/rc0.d and /etc/rc2.d to /etc/init.d/network.local so the network.local file is called at system startup and shutdown (see “Creating a Local Network Script” on page 56 for setup procedure). 69 Chapter 4: Managing a Network The network master script is linked to /etc/rc0.d/K40network, which is invoked from /etc/rc0 during shutdown, and to /etc/rc2.d/S30network, which is invoked from /etc/rc2 during startup. The script understands two arguments: start and stop. It can be run manually for testing and troubleshooting network-related problems without having to reboot the system. Network Initialization Process During system initialization, the shell script /etc/init.d/network is called. These are the actions performed by the script at startup: 1. Checks hostname and Internet address to determine if system should be configured as standalone or networked. Checks sys_id and hosts files. If the network configuration flag is off, the system is configured for standalone operation. 2. Determines names and addresses or primary and router interfaces for typical configurations. 3. Obtains any site-dependent information for interfaces from the netif.options file. 4. If system is not diskless, the shell script flushes all old routes. 5. Configures all interfaces, including loopback, using the ifconfig command. 6. If configured for IP packet filtering, the shell script starts the IP packet filtering daemon (/usr/etc/ipfilterd). The ipfilterd daemon must be started before gateway interface initialization. 7. Initializes gateway interface. 8. Initializes additional interfaces specified in the netif.options file. 9. If specified, initializes the Hypernet interface according to the ifconfig-hy.options file. 10. Initializes the loopback interface. 11. Using the chkconfig command, determines daemon configuration and reads relevant daemon configuration files (*.options). 12. Sets default route for all IP multicast packets to the primary interface. 13. If NIS software is configured, defines and sets NIS domain name. 14. If NIS software is configured, starts appropriate NIS daemons. 15. If NFS software is configured, starts appropriate NFS daemons and mounts any NFS filesystems listed in the /etc/fstab. 16. If configured on with chkconfig, it starts standard daemons (inetd, timed, timeslave, rarpd, rwhod, snmpd, and so on). 70 Network Management Tools Network Shutdown Process During system shutdown, /etc/init.d/network stops the daemons and disables the network devices. These are the actions the script performs at system shutdown: 1. Kills all network services that may be associated with a shell (rlogind, rexecd, rshd, ftpd, telnetd, and so on). 2. Kills some network daemons immediately (inetd, bootp, tftpd, snmpd, and so on). 3. If NFS is running, unmounts remote filesystems. 4. Kills all remote daemons. 5. If NFS is running, unexports exported filesystems. See the ONC3/NFS Administrator’s Guide and the NIS Administration Guide for complete information about the optional NFS software. 6. Kills daemons that must be kept alive until the last minute (portmap, slip, ipfilterd). 7. Gracefully takes the system off the FDDI ring, if it is on the ring. 8. Stops the ypbind process of NIS. Network Management Tools This section describes a number of standard and some optional networking tools at your disposal for day-to-day management of your network. Except as noted, the standard networking tools reside in the /usr/etc directory. See the online reference pages for additional information. ifconfig(1M) Configures the network interface devices. ifconfig is performed at boot time by the master network configuration script /etc/init.d/network. Interface configuration includes enabling and disabling the interface and any interface options that should be set when the interface is configured. Options include support for the Address Resolution Protocol (ARP), routing metrics, netmask, broadcast addresses, and so on. The ifconfig tool used with the station’s interface name displays the current interface configuration. 71 Chapter 4: Managing a Network netstat(1) Displays various network-related data structures that are useful for monitoring and troubleshooting a network. It has many options to show information about all or specific interfaces (-i or -I), routing tables (-r and -M), socket information (-a or -A), queue information (-iq), network memory (-m), and protocols (-p). arp(1M) Displays and manipulates arp table entries located in cache. arp options include -a for all entries, -d to delete an entry, -s to publish an entry and act as a server for this entry, and -f to pull information from a specified file instead of /dev/kmem. arp. This is a good tool for troubleshooting physical address resolution on a network. arp does not display the local station’s Ethernet address. To get a local station’s Ethernet address, use the netstat command with the -ia options. rpcinfo(1M) Provides information about Remote Procedure Call (RPC) based programs on local and remote stations. This is an excellent tool for isolating network problems related to the RPC service. The information provided by rpcinfo includes a list of rpc-based applications (portmapper, NIS, rstatd, and so on), and the program number, version number, protocol (TCP/UDP), and associated port number. If you are running an RPC-based network application and cannot get a response from the remote station, use the rpcinfo tool to ensure that the remote station supports the desired application. ping(1M) Tests and measures general network performance. It is based on the Internet Control Message Protocol (ICMP) and sends an ECHO_REQUEST soliciting an ECHO_RESPONSE, thereby creating a two-way stream. It provides general information about packet loss and round-trip time. ping increases network load; this factor should be considered when testing a network with ping. spray(1M) Sends a one-way stream of packets to a station using remote procedure calls. It reports information about the transfer rate and the number of packets received by the remote station. It provides very limited information about general network performance. rtquery(1M) Sends a request to a designated station for information on the station’s network routing tables (routed or gated). This tool is especially useful for troubleshooting routing problems. traceroute(1M) Tracks packets as they journey through the network. This tool is very useful for isolating network and router faults in a large heterogeneous network. It displays the names and addresses of all the intermediary 72 Network Management Tools routers that support the Internet Protocol “time-to-live” (TTL) field. It also displays the amount of time the packet spends traveling to the router, on the router, and leaving the router. traceroute increases network load; this factor should be considered when testing a network with traceroute. route(1M) Manipulates the network routing tables. Typically, the routing tables are handled automatically by the routed or gated daemon. However, route can be used to create, maintain, and delete static routing tables, to flush routing tables, and to show metric information about routes. To have static routes incorporated at startup, modify the file /etc/gateways and /etc/config/routed.options. rup(1C) Displays status information, including uptime and load average, about remote stations using Sun RPC broadcasts. If no specific station is specified, it uses broadcasting and returns information about stations on the local network; broadcasting does not go through routers. This tool is useful for isolating physical problems with a station or the network. ttcp(1) Used to test Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) performance. This tool provides a more realistic measurement of performance than the standard tests (spray, rup, ping). It allows measurements to be taken at both the local and remote end of the transmission. These network management tools are available as options for use on any Silicon Graphics system: NetVisualyzer A passive network management product. It offers a set of graphical traffic monitoring, diagnostics, planning, and performance analysis tools that provide network information and statistics for Ethernet or FDDI networks in a visually intuitive form. NetVisualyzer comprises six tools: NetLook, NetGraph, NetCPA, Analyzer, RouteQuery, and TraceRoute. NetVisualyzer allows you to view and monitor your network, collect network statistics and generate reports based on those statistics, and decode heterogeneous packets layer by layer. SPECTRUM A UNIX based network management tool for large-scale, multi-LAN, multi-vendor networks. It provides you with graphical, real-time views of your network. These views represent network location layouts, 73 Chapter 4: Managing a Network network topology maps, and device front panels. The information provided by these views allows you to intelligently manage, monitor, and configure your network. IRIS NetWorker™ An automatic backup and recovery service for networked stations that performs backups of client systems to a centralized server. Backup schedules are specified by the network administrator. Stations in the network may be heterogeneous. Interpreting Network Statistics The network management tools provide the network administrator with valuable information about the network. However, the presentation of these statistics can be overwhelming. This section illustrates how to use three of the most common management tools and how to interpret the network statistics generated by these tools. Testing Network Connectivity With ping The ping tool tests and measures general network performance. It tells you when there is a problem with your network. The most important piece of information provided by ping is the percentage packet loss. Ideally, you want to see 0% packet loss; however, anything under .01% is acceptable. This low packet-loss threshold is required because many network applications transmit large packets. If 0.1% of a packet is lost, the entire packet must be retransmitted. This can cause a network to be saturated by retransmissions. The following example uses ping in its simplest form, but the information obtained is very useful. The ping tool is testing and measuring traffic between the local station and the station testcase. See the ping(1M) reference page for more details about the many ping options. 74 Interpreting Network Statistics /usr/etc/ping testcase PING testcase (192.55.43.4): 56 data bytes 64 64 64 64 64 bytes bytes bytes bytes bytes from from from from from 192.55.43.4: 192.55.43.4: 192.55.43.4: 192.55.43.4: 192.55.43.4: icmp_seq=0 icmp_seq=1 icmp_seq=2 icmp_seq=3 icmp_seq=4 ttl=249 ttl=249 ttl=249 ttl=249 ttl=249 time=160.314 ms time=47.057 ms time=28.129 ms time=48.596 ms time=131.894 ms ----testcase PING Statistics---5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 28.129/83.198/160.314 ms The percentage packet loss is highlighted in bold. Again, 0% packet loss is the goal. Anything over 0.1% should be investigated further. Measuring Network Throughput With ttcp The ttcp tool measures network throughput. It provides a realistic measurement of network performance between two stations because it allows measurements to be taken at both the local and remote ends of the transmission. As with all network management tools, the statistics must be interpreted with the network configuration and applications in mind. For example, the statistics generated from a ttcp probe between two stations with routers in between results in lower throughput than if the stations were located on the same network. On the same note, users running applications that transmit large data structures see slower throughput than users running applications that transmit smaller data structures. In any case, on a relatively quiet network, you should expect to see throughput in the 700 KBps or greater range. Throughput of 500 KBps or less is questionable, and 400 KBps or less may indicate a definite network problem. The following example illustrates the statistics you might see if you ran a simple ttcp test between the stations sheridan and longstreet (two workstations) on a clean network. See the ttcp(1) reference page for details about the many ttcp options. On sheridan, give the command ttcp -r -s 75 Chapter 4: Managing a Network You see the following output: ttcp-r: ttcp-r: ttcp-r: ttcp-r: ttcp-r: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp socket ttcp-r: accept from 192.102.108.4 16777216 bytes in 19.99 real seconds = 819.64 KB/sec +++ 10288 I/O calls, msec/call = 1.99, calls/sec = 514.67 0.1user 3.4sys 0:19real 17% On longstreet, enter the command ttcp -t -s sheridan You see the following output: ttcp-t: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp -> sheridan ttcp-t: socket ttcp-t: connect ttcp-t: 16777216 bytes in 19.98 real seconds = 820.02 KB/sec +++ ttcp-t: 2048 I/O calls, msec/call = 9.99, calls/sec = 102.50 ttcp-t: 0.0user 2.3sys 0:19real 12% The throughput statistics are highlighted in bold and are in units of KBps. The throughput on the station sheridan is 819.64 KBps and the throughput on the station longstreet is 820.02 KBps. Both throughput values indicate good network performance between the stations. Collecting Network Statistics With netstat The netstat tool displays various network-related data structures that are useful for monitoring and troubleshooting a network. Detailed statistics about network collisions can be captured with the netstat tool. Collision rates above 5% could indicate a problem with the network. The problem could be physical (bad tap, transceiver, loose terminator, and so on) or there might be too much traffic on the network. This example illustrates the statistics you might see on a station using netstat. See the netstat(1) reference page for details about the many netstat options: netstat -i Name Mtu enp0 1500 lo0 32880 Network Address central thumper loopback localhost Ipkts Ierrs Opkts Oerrs Coll 498690 1678915 937 0 1066135 1678915 3 0 4858 0 The collision rate is approximately 0.45%, well within the acceptable range. 76 Network Tuning Tips If the network interface is assigned IP aliases, the output from netstat -i looks similar to this: netstat -i Name Mtu Network enp0 1500 enp0 1500 lo0 32880 central bldg-2 loopback Address Ipkts Ierrs Opkts Oerrs Coll thumper 498690 hopper 584280 localhost 1678915 937 163 0 1066135 137245 1678915 3 0 0 4858 40717 0 Network Tuning Tips In general, IRIX TCP/IP services are factory-tuned for optimum performance under routine network operating conditions and no tuning is required after a network setup. Kernel TCP/IP tuning parameters are controlled with the systune command or from the file /var/sysgen/master.d/bsd. Caution: It is not advisable to change the factory-shipped settings in this file unless you receive explicit instructions in product documentation or you are highly experienced in network administration. Setting MTU Sizes IRIX 6.2 and later versions implement MTU Discovery, a feature that allows a host to calculate maximum transmission unit (MTU) sizes using a table of commonly used MTU sizes. MTU Discovery is specified by the tcp_mtudisc variable in /var/sysgen/master.d/bsd. When tcp_mtudisc is on and a router requests packet fragmentation without providing MTU size information, the calculated segment size is used to fragment the packet instead of the default maximum segment size (specified by tcp_mssdflt). The MTU Discovery flag is on (set to 1) by default. Setting Packet Forwarding By default, IRIX hosts that contain more than one network interface are assumed to be routers, so IP packet forwarding is enabled at system startup. In addition, the factory-shipped configuration enables ICMP redirection, which causes the router to forward messages that are destined for a particular host to an alternative router instead. Two tunable kernel parameter, ipforwarding and icmp_dropredirects, turn packet forwarding and ICMP redirection on and off. 77 Chapter 4: Managing a Network On firewall systems, ipforwarding and icmp_dropredirects must be turned off to prevent packets from breaching the security boundary. See the product documentation for your firewall application for specific instructions on setting IP forwarding characteristics. Also see the systune(1M) reference page for more information. Setting Window Sizes Send and receive window sizes are specified by the variables tcp_sendspace and tcp_recvspace in /var/sysgen/master.d/bsd. By default, both variables are set to 60 KB. For wide area network traffic, reducing window sizes to a value in the range of 4 to 8 KB can result in better response times in interactive sessions. Large amounts of bulk transfer traffic from systems using TCP windows larger than 4 to 8 KB can overflow the buffers of slow- or moderate-speed routers on wide area network. Overflowing WAN router buffers reduces the speed of the bulk transfers, and interactive traffic usually must wait behind such large bursts in a route queue. Note: Using small window sizes on high-speed WAN links (such as T3) severely reduces TCP speed. On a local Ethernet network, reducing the window size often increases performance. However, it degrades performance on an FDDI network. HTTP Considerations In some cases, variables in /var/sysgen/master.d/bsd need adjusting for HyperText Transport Protocol (HTTP) servers. These variables frequently include changes to the number of connections and connection time-outs. See the product documentation for your HTTP application for specific tuning instructions. Troubleshooting Poor Network Performance A variety of factors can affect network performance, including hardware problems, network configuration, network applications, and packet size. 78 Troubleshooting Poor Network Performance Hardware Problems Hardware problems can cause a network to be slow or inoperable. These problems are usually in the form of packet loss or corruption. Both of these problems can cause increased network traffic to the point of unmanageable congestion. Items to check at the physical level are: Controller board Even if the network media bandwidth is capable of handling the network traffic load, the individual station may not be able to handle the traffic. This is evidenced by a high degree of traffic on the network interface for no apparent reason. This traffic can be seen using the gr_osview tool (see the gr_osview(1) online reference page for options to see network traffic statistics). If traffic is unusually heavy on the interface, then there may be a problem with the controller, or the controller may be too slow to handle the volume of traffic. You may need a high-speed controller like the Efast card. Transmitter and controller Ensure that the Signal Quality Error (SQE), also called heartbeat, is disabled on both the transmitter and controller. SQE can cause unnecessary network traffic between the local station and the transceiver. See the installation guides for your network controller and transceiver for instructions on disabling SQE. By default, all Silicon Graphics network controller boards are shipped with SQE disabled. Physical problems with the media Cables, taps, and other hardware will periodically break or malfunction. A time domain reflectometer (TDR) is essential for troubleshooting Ethernet cable problems. A good analyzer is also strongly recommended to assist in isolating network physical problems. Silicon Graphics’ NetVisualyzer product supplies a visual network analyzer ideal for locating physical problems with the media. Network Configuration The network configuration or topology can also adversely affect network performance. Check for the following conditions: • Check network configuration to ensure that it is within the official guidelines for the media and topology. Pay special attention to the number and location of repeaters and bridges. 79 Chapter 4: Managing a Network • Consider work group affiliations when determining which network is best suited for a particular station. Planning a network based on work group affiliations can reduce the amount of intranetwork traffic. Put stations on the same network if they routinely share resources (NFS filesystems, NIS domain, electronic mail, financial databases). • If connecting large subnets, use a dedicated router (station that performs routing function only) as the primary router. Ensure that there are at least two ways in and out of a network, because one of the routers will eventually fail. The router should also use appropriate filters to filter out unnecessary traffic. Network Daemons Some network daemons (rwhod, rtnetd, and so on) can have an undesirable effect on the network or network interface. For example, if a workstation is a multi-processor or is running real-time processes, the rtnetd daemon may be running on the station. This daemon is responsible for preempting incoming network packets to provide better response time for real-time processes. This is perfectly acceptable if the user is aware of the trade-offs between network processing and real-time processing. Some network daemons should be evaluated individually. Do not load rtnetd software on routers or other network intensive stations (mail servers, NIS and DNS servers, and so on). Packet Size The maximum transfer unit (MTU) for data on the Ethernet is 1500 bytes. Network performance and efficiency increase with packet size up to the MTU for the medium. Packets that are larger than the media’s MTU must be broken into smaller packets (fragmented) to fit within the medium’s MTU. IRIX versions 6.2 and higher use MTU Discovery to perform fragmentation (see “Setting MTU Sizes” on page 77 for details). Kernel Configuration You can change several parameters to customize network behavior for local configurations. The parameters listed below are in the /var/sysgen/master.d/bsd configuration file.For details on reconfiguring the kernel after changing this file, see IRIX Admin: System Configuration and Operation. 80 Troubleshooting Poor Network Performance Kernel Tunable Options There are four kernel parameters which directly affect the network performance: tcp_sendspace, tcp_recvspace, udp_sendspace, and udp_recvgrams. These parameters determine the default amount of buffer space used by TCP (SOCK_STREAM) and UDP (SOCK_DGRAM) sockets. The tcp_sendspace and tcp_recvspace parameters define the initial buffer space allocated to a socket. The udp_sendspace parameter defines the default maximum size of UDP datagrams that can be sent. The udp_recvgrams parameter determines the number of maximally sized UDP datagrams that can be buffered in a UDP socket. The total receive buffer size in bytes for each UDP socket is the product of udp_sendspace and udp_recvgrams. A program can increase or decrease the send buffer and receive buffer sizes for a socket with the SO_SNDBUF and SO_RCVBUF options to the setsockopt(2) system call. Many older TCP implementations have problems with large TCP sendspace/recvspace values. This should be decreased from 60 to 24 in environments where older stations have problems communicating. For 4.2BSD compatibility, the IRIX system limits its initial TCP sequence numbers to positive numbers. PC Connectivity Many industry-standard personal computers with TCP/IP implementations experience difficulty connecting to Silicon Graphics workstations and servers. This is because of the increased size of the tcp_sendspace and tcp_recvspace variables in the IRIX file /var/sysgen/master.d/bsd. To allow your personal computers to connect successfully, change the values of the above variables from the default (60 * 1024) to (24 * 1024) and reconfigure the kernel with the lboot command. For more information on reconfiguring these values, see IRIX Admin: System Configuration and Operation. 81 Chapter 5 5. SLIP and PPP This chapter introduces the Silicon Graphics implementation of the Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP). SLIP and PPP are protocols for TCP/IP networking over a serial line. SLIP and PPP can be used for connecting remote systems to a local area network, or for connecting two networks together. The Silicon Graphics implementation provides both RFC 1144 data compression and its own proprietary data compression, which compresses header framing, checksum, and TCP/IP information to three bytes. SLIP is part of the eoe software subsystem, and is installed via the eoe.sw.slip package. Use the versions(1M) command to check to see if you have SLIP installed on your system. PPP offers substantially the same features as SLIP, but it is more flexible and robust. For this reason, PPP is usually preferred over SLIP (you must use SLIP if the system to which you are connecting supports SLIP and not PPP, however). In addition to its use in dial-up connections over telephone lines and modems, PPP is also used in ISDN connections; however, this guide assumes that you are using PPP over a conventional serial line connection. Note: If you are connecting a remote host with ISDN, you might prefer to use the configuration instructions in the ISDN User’s Guide instead of using the procedures in this chapter (also see the isdn(1M) reference page). You should use the information in this chapter for an understanding of PPP operation and maintenance, however. PPP is part of the eoe software subsystem, and is installed via the eoe.sw.ppp package. Use the versions command to check to see if you have PPP installed on your system. The following sections are included in this chapter: • “Overview” on page 84 • “Installing the Software” on page 85 • “Selecting a Modem” on page 86 • “IP Addresses for SLIP and PPP Clients” on page 86 83 Chapter 5: SLIP and PPP • “Configuring a System for Dial-Out” on page 87 • “Configuring a System for Dial-In” on page 92 • “SLIP and PPP Routing and Address Allocation” on page 94 • “Configuring a Bidirectional Link” on page 98 • “Starting SLIP or PPP at Boot Time” on page 98 • “Demand Dialing” on page 99 • “NFS Over SLIP or PPP” on page 99 • “File Transfer Over SLIP or PPP” on page 100 • “Troubleshooting SLIP and PPP Links” on page 100 Overview Usually, a SLIP or PPP connection serves one of the following purposes: • To connect a single remote system to a network. Here the systems have a client-server relationship, with the single system being the client, and the system directly connected to the network being the server. The server handles all of the routing. • To connect two networks together. In this case, the two systems usually act as peers. A given SLIP or PPP link can be set up so that one system always initiates the connection (by dialing the other system), or it can be set up so that either system can initiate the connection. In the case of a client-server connection, the client usually initiates the connection by dialing the server. However, the connection can be bi-directional as well. In the case of a connection between two networks, you can either choose one system to initiate connection, or allow either system to initiate the connection as needed. Setting up an individual system as a SLIP or PPP client requires the following steps: 1. Install the software. 2. Select and install the appropriate hardware (modem and cable). 3. Select an IP address. 4. Configure the software for dial-out. 5. Configure routing behavior. 84 Installing the Software Setting up a system as a SLIP or PPP server requires the following steps: 1. Install the software. 2. Select and install the appropriate hardware (modem and cable). 3. Configure the software for dial-in (set up configuration information for each client). 4. Configure routing behavior. Connecting two networks using SLIP or PPP requires the following steps: 1. Install the software on both systems. 2. Select and install the appropriate hardware (modem and cable) on both systems. 3. Configure the software for dial-out access on one or both systems. 4. Configure the software for dial-in access on one or both systems. 5. Configure routing behavior. Installing the Software Make sure you have the appropriate software installed: to use SLIP, you must have the eoe.sw.slip and eoe.sw.uucp subsystems installed. To use PPP, you must have the eoe.sw.ppp and eoe.sw.uucp subsystems installed. You should also install the corresponding reference pages (eoe.man subsystems). To verify whether these packages are installed, use the versions command. For example, to check whether you have PPP installed, you could use the following command: % versions eoe.\*.{ppp,uucp} If PPP and UUCP are installed, versions should produce output something like this: I = Installed, R = Removed Name I I I I I I I eoe eoe.man eoe.man.ppp eoe.man.uucp eoe.sw eoe.sw.ppp eoe.sw.uucp Date 09/24/96 09/24/96 09/24/96 09/24/96 09/24/96 09/24/96 09/24/96 Description IRIX Execution Environment, 6.3 IRIX Execution Environment Man Pages Point-to-Point Protocol Man Pages UNIX-to-UNIX Copy Man Pages IRIX Execution Environment Software Point-to-Point Protocol Software UUCP Utilities 85 Chapter 5: SLIP and PPP For instructions on installing software, see IRIX Admin: Software Installation and Licensing. After installing the SLIP or PPP software, you must reboot your system to reconfigure the kernel. Selecting a Modem A modem capable of at least 9600 bits per second (bps, sometimes referred to as “baud”) is required for use with SLIP or PPP. However, at this speed, your link will be quite slow. A good modem choice is any modem that supports the V.32bis or V.34 standards and a speed of 14,400 bps or greater. A half-duplex modem can be used but is less desirable for interactive tasks. Silicon Graphics does not manufacture these modems and cannot be responsible for changes to the modems. Silicon Graphics cannot guarantee modem compatibility or the quality of the telephone line used with SLIP or PPP. (Removed PEP references) If you are using a high-speed modem, be sure it supports hardware flow control using RTS/CTS. With such a modem, use the ttyf* device name. Note: Silicon Graphics supports DSI™, Intel®, Telebit®, ZyXEL™, U.S. Robotics®, Hayes®, and most Hayes compatible modems. While many others work, configuring them may be much more complicated and their operation is not guaranteed. For instructions on installing modems and configuring modems, see “Installing a Modem” in IRIX Admin: Peripheral Devices. IP Addresses for SLIP and PPP Clients Each SLIP or PPP client needs an IP address and hostname for its SLIP or PPP interface. If it is also connected to one or more local area networks, it will also require an address and hostname for each of its other network interfaces. If you have had an address and hostname assigned to you by your system administrator or network service provider, you can use this information to configure your system. Some network service providers use dynamic addressing, where each client is given a dynamically allocated IP address when it connects. IRIX PPP has support for dynamic 86 Configuring a System for Dial-Out addressing. IRIX SLIP does not support dynamic addressing. See “Using Dynamic Address Allocation With PPP” on page 97 for more information about dynamic addressing. If you are setting up a SLIP or PPP server on your LAN, or are connecting two networks over a serial link, you should see “SLIP and PPP Routing and Address Allocation” on page 94 for planning information. Configuring a System for Dial-Out Configuring SLIP or PPP for dial-out requires approximately the same steps: 1. Add a line to the /etc/uucp/Systems file describing the connection. 2. Add a line for the modem in the /etc/uucp/Devices file. 3. If your modem is not already listed in the /etc/uucp/Dialers file, add an entry for it. 4. Verify that the modem line is correctly configured in the /etc/inittab file. PPP requires one additional step, setting up the /etc/ppp.conf file. Configuration Files for Dial-Out This section describes the various configuration files for SLIP and PPP: • /etc/uucp/Systems • /etc/uucp/Devices • /etc/uucp/Dialers • /etc/uucp/inittab • /etc/ppp.conf /etc/uucp/Systems The /etc/uucp/Systems file contains the information your system needs to dial up another system. The remote station’s node name and telephone number, as well as the local modem’s speed and a password, are all kept here and are used to log in to the remote station. The format for a line representing a SLIP or PPP connection in the systems file is system Any type speed phone login-script 87 Chapter 5: SLIP and PPP system specifies the name of the remote system. type gives the name of an entry in the Devices file, specifying a line and modem type. speed specifies the speed of the connection between the system and the modem. phone specifies the phone number for the remote system. The login-script tells SLIP or PPP how to log into the remote system. In this example, the local station “wenders” uses this line in its /etc/uucp/Systems file to call station lynch. The connection is made at 38,400 bps. The password is “hopper.” SLIP logs in to the remote station by responding with “slip-wenders” to the login prompt, and “hopper” to the password prompt. lynch Any ACUSLIP 38400 5551212 "" \r\c ogin:--ogin: slip-wenders \ asswd: hopper SLIP The information must be in one continuous line. The last string, “SLIP,” forces the local station to wait for the remote station to announce that it is starting the SLIP protocol. The third field in the systems file (in this case, “ACUSLIP”) specifies the modem line to be used to call the remote station. There must be at least one entry matching this field in the /etc/uucp/Devices file. For more information on the /etc/uucp/Systems file, see “The Systems File” on page 142. /etc/uucp/Devices The file /etc/uucp/Devices is used to configure the desired device, modem speed, and dialer program for SLIP on your IRIS station. The correct format for a line appropriate for SLIP in /etc/uucp/Devices is: type device null speed 212 x dialer The first field, type, can be any string you like, but it should correspond with the type specified in the Systems file. If you have multiple modems that can be used interchangeably, they should all have the same type name—the system automatically selects one of these modems when making a call. The type name ACUSLIP is commonly used to designate a modem for use with SLIP or PPP. device can be any flow-control device associated with a port not currently in use. speed should be the speed of the connection between your system and the modem. dialer can be any dial program listed in /etc/uucp/Dialers. 88 Configuring a System for Dial-Out If you want to configure more than one modem speed, use a different port, or use a modem that supports a different command set, create a new line in the devices file that reflects the change. For example, the following line configures SLIP to use a TelebitTM T2500 modem at 38,400 bps on the serial port 2 hardware flow control device: ACUSLIP ttyf2 null 38400 212 x t25slip For more information on the /etc/uucp/Devices file, see “The Devices File” on page 135. /etc/uucp/Dialers The /etc/uucp/Dialers file contains entries for various types of modems. The dialer field in the Devices file should refer to one of these entries. It should not be necessary to add an entry to the dialers file, unless you are installing a type of modem not supported by IRIX. If you need to add or modify an entry in the dialers file, see “The Dialers File” on page 139. /etc/inittab The port you specified in /etc/uucp/Devices must be configured for dial-out or dial-in/dial-out use in the /etc/inittab file. If you set up your modem for dial-out or dial-in/dial-out use as directed in “Installing a Modem” in IRIX Admin: Peripheral Devices, the /etc/inittab file should already be set up correctly. For example, if you want to use ttyf2 for dial-out SLIP, the line for ttyf2 in /etc/inittab should read t2:23:off:/etc/getty ttyf2 co_38400 # port 2 This line turns off the getty program on port number 2. If the link can be initiated by either station, you must turn on uugetty. For example, to configure a symmetric link using Telebit T2500 modems, change the line to t2:23:respawn:/usr/lib/uucp/uugetty -Nt 60 -it25in,conn ttyf2 dx_38400 Changes made to /etc/inittab are acted upon when init reexamines the /etc/inittab file. To make init reexamine /etc/inittab immediately, use this command: /etc/telinit q 89 Chapter 5: SLIP and PPP For more information, see inittab(4). /etc/ppp.conf The /etc/ppp.conf file is used to specify options for PPP connections. Each entry in the file consists of a host name and a set of options. For example: salad out remotehost=dial-in.salad.com localhost=caesar.salad.com quiet add_route This example specifies a connection between the local host caesar.salad.com and a remote machine called dial-in.salad.com. The out keyword specifies that this is an outgoing connection. The quiet keyword specifies a demand-dialed connection (see “Demand Dialing” on page 99). The add-route keyword tells PPP to set up a default route through dial-in.salad.com. For a complete list of options for the ppp.conf file, see the ppp(1M) reference page. Sample SLIP Configuration for Dial-Out This section shows a sample SLIP configuration for dial-out. This example sets up a connection between tuna.salad.com and dial-in.salad.com, a server on the salad.com corporate network. /etc/uucp/Systems salad Any ACUSLIP 38400 5551212 "" \r\c ogin:--ogin: slip-tuna \ asswd: celery SLIP /etc/uucp/Devices ACUSLIP ttyf2 null 38400 212 x t25slip /etc/inittab t2:23:off:/etc/getty ttyf2 co_38400 # port 2 To start SLIP using the configuration in this example, enter the following command: % /usr/etc/slip -o -p comp -r salad 90 Configuring a System for Dial-Out Sample PPP Configuration for Dial-Out The main configuration file for PPP is /etc/ppp.conf. This file is described in detail in the ppp(1M) reference page. Here is an example of a ppp.conf file: salad out remotehost=dial-in.salad.com localhost=caesar.salad.com quiet add_route This entry describes an outgoing connection from a standalone system to a remote host named “dial-in.salad.com,” which acts as a gateway to the spice.com network. The entry specifies demand-dialed (quiet) mode. Stand-alone clients should usually include the add_route keyword to set up a default route through the PPP server. The entry salad should match an entry in the /etc/uucp/Systems file, such as the following: salad Any ACUSLIP 38400 555-1212 "" @\r\c ogin--ogin: ppp-caesar \ ssword: mypasswd PPP IRIX PPP sends out the message “starting PPP” before starting the protocol; therefore, the chat script shown above waits to receive the string “PPP” to ensure that the login has succeeded. If you are connecting to a non IRIX system, you may need to remove the “PPP” string from this example. There must be at least one ACUSLIP entry in the /etc/uucp/Devices file: ACUSLIP ttyf2 null 38400 212 x t25slip This entry specifies that ttyf2 is connected to a Telebit 2500 modem. You should also have your /etc/inittab file set up to expect the modem port speed you are using (in this case, 38400 bps) and to have getty or uugetty turned off. Specific details on editing the /etc/inittab file and restarting telinit are found in IRIX Admin: Peripheral Devices. The following entry works with the above listed file entries for PPP: t2:23:off:/etc/uucp/uugetty ttyd2 dx_38400 # ppp modem You may use dial-out PPP with the above-listed entry, but for dial-in PPP, you must configure uugetty to answer the line, as described in IRIX Admin: Peripheral Devices. It is important to note that the above-listed entries are simply examples of one configuration that works for one example site. The same entries may not yield satisfactory results in every case, due to other differences in site configuration and modem manufacturer and model. For example, the PPP site you are dialing into may require different settings in the /etc/ppp.conf file, and the entry in the Devices file assumes 91 Chapter 5: SLIP and PPP a specific brand and model of modem. Also, the example assumes you have configured the modem as described in “Installing a Modem” in IRIX Admin: Peripheral Devices. When you have configured the files, you must issue the ppp command as root. The following command works for the above-listed example file entries: ppp -r salad For complete information on the ppp command and its options, see the ppp(1M) reference page. Configuring a System for Dial-In To configure any system for dial-in, you must have at least one port set up for dial-in use (or combination dial-in/dial-out use). Each system that can dial in requires an entry in the /etc/passwd file. In addition, SLIP connections may require an entry in the /usr/etc/remoteslip file, and PPP connections may require an entry in /etc/ppp.conf. Configuring SLIP for Dial-In SLIP requires an entry in /etc/passwd in order to log in. The user ID and group ID must both be zero (0). Instead of the shell specified at the end of a normal entry in /etc/passwd, SLIP uses the file /usr/etc/remoteslip. To allow tuna.salad.com to log in as “slip-tuna,” dial-in.salad.com should have this line in /etc/passwd: slip-tuna:3RsB768WRAN2.:0:0:slip for tuna:/:/usr/etc/remoteslip An entry like this one is necessary for each station that calls in by using SLIP. For maximum system security, the home directory for SLIP accounts should only be writable by the superuser. Using open directories such as /tmp opens your system up to a variety of threats. Note: The encrypted password in the example does not represent a real password. You must use the passwd command to set the password for the SLIP login. See the passwd(1) reference page for information on using passwd. 92 Configuring a System for Dial-In /usr/etc/remoteslip In the /etc/passwd entry for slip-tuna, the login shell is specified as the file /usr/etc/remoteslip. This file is used to invoke SLIP on a remote station. In /usr/etc/remoteslip, the slip command can specify the remote station’s name and any other options appropriate to that connection. /usr/etc/remoteslip is a Bourne shell script. You can add to the case statement as you would to any Bourne shell script case statement. The sh(1) reference page contains detailed information about shell script programming. Each SLIP connection should have an entry in the following format: slip-nodename ) exec /usr/etc/slip options ;; nodename is the name of the remote station. Options for slip are detailed in the slip(1M) reference page. The /usr/etc/remoteslip file might contain this entry on the station dial-in.salad.com: # Edit the case statement as required. case $USER in slip-tuna) exec /usr/etc/slip -p comp -i -r tuna ;; *) exec /usr/etc/slip -i -r $USER ;; esac The connection between dial-in.salad.com and tuna uses the Silicon Graphics proprietary header prediction and compression for faster data transfer because the -p comp option is specified. To use RFC 1144 compression, use -p cslip instead. The option tells SLIP that the session is input from another station. The slip option, -r tuna, specifies the remote station’s name. Note that this example also supplies a default case. If all of your SLIP clients use the same parameters, you can just modify the default case, instead of adding entries for each client. 93 Chapter 5: SLIP and PPP Configuring PPP for Dial-In Like SLIP, PPP requires an entry in /etc/passwd in order to log in. The user ID and group ID must both be zero (0). Instead of the shell specified at the end of a normal entry in /etc/passwd, PPP uses the command /usr/etc/ppp. To allow the system caesar.salad.com to log in as “ppp-caesar,” dial-in.salad.com should have this line in /etc/passwd: ppp-caesar:3RsB768WRAN2.:0:0:PPP for caesar:/:/usr/etc/ppp An entry like this one is necessary for each station that calls in by using PPP. For maximum system security, the home directory for PPP accounts should be writable only by the superuser. Using open directories such as /tmp exposes your system to a variety of threats. Note: The encrypted password in the example does not represent a real password. You must use passwd to set the password for the PPP login. See the passwd(1) reference page for information on using passwd. If the default parameters are acceptable, you don’t even need an entry in /etc/ppp.conf for a client. You may want to add a minimal entry, such as this: ppp-caesar in remotehost=caesar.salad.com Note: You should never use the add-route keyword by itself on a server system. SLIP and PPP Routing and Address Allocation There are three basic ways to deal with routing over a SLIP or PPP link, depending on the circumstances. 94 • If you have a few standalone clients connecting to a server with SLIP on your main network, you probably want to assign client addresses from the server’s network, and use proxy-ARP routing (PPP handles ARP table entries automatically). • If you have a lot of standalone clients connecting to your server, you’re better off setting aside a subnet for SLIP and PPP client addresses. In this case, the server appears to the main network as a gateway to the SLIP/PPP “net.” • If you’re connecting two networks together using SLIP or PPP, each network should have its own network number, and the systems that form the endpoints of the link should both run routed. SLIP and PPP Routing and Address Allocation In all cases, the server should run the routing daemon, routed, unless you have a very small network and use static routing. For more information, see the routed(1M) and route(1M) reference pages. You can turn routed on using the chkconfig command: # chkconfig routed on Standalone clients should not run routed. Proxy-ARP Routing for SLIP Connections If you have a small number of standalone hosts connecting to a SLIP server, you can use Proxy-ARP routing (proxy-ARP routing is not required for PPP connections, since PPP automatically installs ARP table entries if they are needed). In this system, each of the standalone hosts is assigned an Internet address from the server’s network. Each client sets up a default route through the server, and the server advertises each of the client’s addresses using the Address Resolution Protocol (ARP). To set up a default route through the server, you can use the route command after a SLIP connection is established. Add this command to the script that you use to start SLIP: route add net default server-address 1 For each SLIP client, the server should issue an arp command: arp -s client-hostname server--ethernet-address pub Note that the server’s Ethernet address is not the same as its IP address. To determine the server’s Ethernet address, run the arp command from another system on the same Ethernet: % arp dial-in.salad.com dial-in.salad.com (192.70.79.7) at 8:0:69:9:4f:ef The string of hexadecimal numbers separated by colons (8:0:69:9:4f:ef) is the server’s Ethernet address. The server can be set up to run the arp commands at boot time by placing the commands in a local network script. The following example shows a local network script that sets up ARP entries for a set of clients: #!/bin/sh # # starting up local networking stuff 95 Chapter 5: SLIP and PPP # IS_ON=/etc/chkconfig CONF=/etc/config SERV_ADDR=8:0:69:9:4f:ef if $IS_ON verbose ; then ECHO=echo VERBOSE=-v else # For a quiet startup and shutdown ECHO=: VERBOSE= fi case "$1" in 'start') # setup proxy ARP for the dialin hosts # if this host has more than one interface, # you will need to hard-code the Ethernet MAC address # instead of letting it be determined at run time. # note that 4DDN (among others) may change the MAC address from default! # and some AppleTalk packages change the output of `netstat -ian`! arp -s client1 $SERV_ADDR pub arp -s client2 $SERV_ADDR pub arp -s client3 $SERV_ADDR pub ;; 'stop') # be nice and delete the ARP entries arp -d client1 arp -d client2 arp -d client3 ;; *) echo "usage: $0 {start|stop}" ;; esac exit 0 # 96 SLIP and PPP Routing and Address Allocation Assume the preceding file was named /etc/init.d/network.local, and you want it to run just after networking started, then you would use the following commands to create the startup and shutdown links: ln -s /etc/init.d/network.local /etc/rc2.d/S31netlocal ln -s /etc/init.d/network.local /etc/rc0.d/K39netlocal SLIP/PPP Subnet If you have a lot of standalone clients, it would be cumbersome to issue arp commands for all of them. A better strategy is to allocate client addresses from a special subnet set aside for SLIP and PPP clients. The server acts as a gateway to this net. The server must run routed, and it should use the -F option to reduce unnecessary network traffic. For example, if the SLIP/PPP subnet was 128.70.80, the string “-F 128.70.80” should be added to the /etc/config/routed.options file. The clients should set up default routes through the server, just as with proxy-ARP routing. In addition, if clients are to communicate with one another, they must have their Ethernet interfaces turned off: % chkconfig network off If clients have their Ethernet interfaces enabled, they will try to reach other clients on the same “net” through Ethernet, rather than through the server. Connecting Two Networks With SLIP or PPP Connecting two networks using SLIP or PPP is probably the simplest case from a routing standpoint. Each network should have its own network number, and the addresses of the server and client should be allocated from their respective networks. Both client and server should run routed. Routers on the main network may need to be configured to recognize and route to the new network. Using Dynamic Address Allocation With PPP If you are connecting to a service provider who uses PPP with dynamic address allocation, use the keywords localhost=0,0 and add_route in the /etc/ppp.conf file, to allow the remote system to assign an IP address, and set up a default route through the remote system. 97 Chapter 5: SLIP and PPP Configuring a Bidirectional Link A simple SLIP or PPP link, in which one station must always initiate the connection, can be changed to allow either station to initiate the connection. The first step is to establish a link in one direction. Once you’ve gotten that link working correctly, set up the link in the reverse direction. You should be able to use the same ppp.conf entry for both dial-in and dial-out. Starting SLIP or PPP at Boot Time To have a SLIP or PPP connection between networks start automatically, create a local network script, /etc/init.d/network.local, for that purpose. The script resides on the station where you want to initiate the link and should be linked to appropriate files in the /etc/rc2.d and /etc/rc0.d directories. For example, to automatically start the demand-dialed PPP link described in “Sample PPP Configuration for Dial-Out” on page 91, you would create a local network script on caesar.salad.com. The script should start PPP when called with the argument start, and terminate it when called with the argument stop. #!/bin/sh # ppp boot startup script case $1 in start) /etc/killall ppp if /etc/chkconfig ppp && test -x /usr/etc/ppp -a -s /etc/ppp.conf then /usr/etc/ppp -r salad & fi ;; stop) /etc/killall -TERM ppp ;; *) echo “usage: $0 {start|stop}” ;; esac This script should be linked to the appropriate filenames in the /etc/rc2.d and /etc/rc0.d directories: ln -s /etc/init.d/network.local /etc/rc2.d/S31netlocal ln -s /etc/init.d/network.local /etc/rc0.d/K39netlocal 98 Demand Dialing Demand Dialing If you have a SLIP or PPP link that is used irregularly but frequently, it is likely to be economical for you to make that link a demand-dialing link. With demand dialing, the system makes the telephone connection as needed, when there is network traffic to be transmitted, and it drops the connection when there is no traffic. By default, much of the non-essential network traffic does not cause a link to be established. For example, the traffic generated by the time daemon (timed) would not cause a call to be placed, but a request for file transfer would cause the connection to be made. To use demand-dialing, add the -q option to your slip command on system that initiates the connection. Demand-dialing mode is also known as “quiet” mode. For complete information on this and other options, see the slip(1M) reference page. PPP can be configured to use demand dialing by adding the “quiet” keyword to the ppp.conf file. When using demand-dialing, it makes sense to start SLIP or PPP automatically at boot time, as described in “Starting SLIP or PPP at Boot Time” on page 98. Note that the link is initiated only when there is traffic on the initiating end of the link. NFS Over SLIP or PPP You can run NFS over a SLIP or PPP link. NFS will be very slow because of the amount of information transferred in NFS transactions. You may be able to improve performance with these measures: • Use NFS with modems faster than 9600 bps. • Use one of the SLIP header prediction and compression options. For more information regarding the SLIP compression options, comp and cslip, see the slip(1M) reference page. • Adjust the NFS options rsize, wsize, timeo, and retrans when mounting NFS file systems. To improve performance, read and write smaller blocks and specify longer timeouts. See the fstab(4) reference page for more information on NFS filesystem options. 99 Chapter 5: SLIP and PPP File Transfer Over SLIP or PPP File transfer over a serial link may be slow if other demanding utilities share the link. For faster file transfer, try using uucp. Using uucp is effective if you do not want to share the line with other utilities. Troubleshooting SLIP and PPP Links If your SLIP or PPP link seems to be connecting, but you can’t reach systems on the remote network, you might have a routing problem. Try to reach the remote system with ping: % ping -c 10 dial-in.salad.com If the connection is working, you should see output something like this: PING dial-in.salad.com (128.70.79.52): 64 bytes from 128.70.79.52: icmp_seq=0 64 bytes from 128.70.79.52: icmp_seq=1 64 bytes from 128.70.79.52: icmp_seq=2 64 bytes from 128.70.79.52: icmp_seq=3 64 bytes from 128.70.79.52: icmp_seq=4 64 bytes from 128.70.79.52: icmp_seq=5 64 bytes from 128.70.79.52: icmp_seq=6 64 bytes from 128.70.79.52: icmp_seq=7 64 bytes from 128.70.79.52: icmp_seq=8 64 bytes from 128.70.79.52: icmp_seq=9 56 data ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 ttl=255 bytes time=2 time=1 time=1 time=1 time=1 time=1 time=1 time=1 time=2 time=1 ms ms ms ms ms ms ms ms ms ms ----dial-in.salad.com PING Statistics---10 packets transmitted, 10 packets received, 0% packet loss If the connection is not working, you should see output like this: PING dial-in.salad.com (128.70.79.52): 56 data bytes ----dial-in.salad.com PING Statistics---10 packets transmitted, 0 packets received, 100% packet loss If you can contact the remote host, but not other systems on the network, you probably have a routing problem. Check that your routing is set up as described in “SLIP and PPP Routing and Address Allocation” on page 94. 100 Troubleshooting SLIP and PPP Links If you aren’t getting any connection at all, test the line with another utility. If you are familiar with uucp, you may want to establish a uucp link between the stations as a means of testing the connection. Most users will find cu an easier way to debug the link. Note: cu requires a direct entry in the /etc/uucp/Devices file. Refer to “The Devices File” on page 135 for more details. When debugging a SLIP connection, check each station separately. First check the port and modem on the local station by using a cu command like this: cu -d -s speed -l port For example, to test the port and modem installed on the station tuna.salad.com, you would use this cu command: cu -d -s 38400 -l ttyf2 (It may be necessary to turn off the (uu)getty first by changing respawn to off on the line for the port in the file /etc/inittab.) The modem should respond. Many modems respond by printing AT. If the modem does not respond as expected, review the SLIP configuration procedure for the local station and review the modem configuration and documentation. If the modem does respond as expected, disconnect from cu by typing a tilde followed by a dot: ~. Connect the stations you want to link as you would for the SLIP link. On the local station, use cu to call the remote station through the port and connection you have already verified with cu. Check the connection to the remote station with a cu command like this: cu -d -sspeed telno For example, to test the connection between tuna and dial-in.salad.com, you would call dial-in from tuna with this cu command: cu -d -s38400 5552002 You should see the local station tell the modem to call the remote station. Eventually, you should see the login prompt. Type the send strings from the /etc/uucp/Systems file in response to the expect strings. 101 Chapter 6 6. BIND Name Server The Berkeley Internet Name Domain (BIND) server implements the Internet Domain Name Service (DNS) for the IRIX operating system. A name server is a network service that enables clients to name resources or objects in the network and share this information with other network objects. In effect, a name server is a distributed database system for objects in a computer network. All IRIX network programs can use BIND to store and retrieve station names and addresses. You can use BIND to replace the original host table lookup of information in the /etc/hosts file. BIND has two parts: the name server program, named, and a set of C library “resolver” routines that access the server. named is a daemon that runs in the background and responds to UDP and TCP queries on a well-known network port. The library routines reside in the standard C library, libc.a. The host-address lookup routines gethostbyname, gethostbyaddr, and sethostent use the resolver routines to query the name server. The resolver library routines described in resolver include routines that build query packets and exchange them with the name server. The following topics are covered in detail in this chapter: • “The Domain Name Service” on page 103 • “BIND Servers and Clients” on page 105 • “The BIND Configuration Files” on page 108 • “Setting Up a BIND Configuration” on page 114 • “Managing the BIND Environment” on page 123 • “Debugging named” on page 125 The Domain Name Service Host-table lookup routines, such as those using the /etc/hosts file, require that the master file for the entire network be maintained at a central location by a few people. This approach works well for small networks where there are only a few stations and there is 103 Chapter 6: BIND Name Server cooperation among the different organizations responsible for them. However, this approach does not work well for large networks where stations cross organizational boundaries. The Domain Name Service eliminates the need for a single, centralized clearinghouse for all names. The authority for this information can be delegated to the organizations on the network that are responsible for it. The Domain Name Service is organized as a hierarchical name space, like the IRIX file system. Figure 6-1 shows a small section of this hierarchy. Each subtree in the hierarchy is called a domain, and is given a label. At the top of the hierarchy is the root domain, which is labelled with the null label (“ ”). The name of the domain is the concatenation of all the domain labels from the root to the current domain. The labels are listed from right to left and are separated by dots. (For example, the name for the domain labelled “fruit” in Figure 6-1 would be “fruit.salad.com”.) A label must be unique only within its domain. "" (root domain) ARPA COM EDU SALAD IN-ADDR STANFORD BERKELEY FRUIT MONET ORANGE = domains/subdomains Figure 6-1 104 = hosts Partial View of Domain Name Space LEMON BIND Servers and Clients Immediately below the root domain is a set of top-level domains. These top-level domains are relatively static, and are administered by the Network Information Center. These are the current top-level domains registered with the Network Information Center: arpa a temporary domain for stations, also used as the top-level domain for address-to-name mapping com companies and businesses edu universities and other educational institutions gov government agencies mil military organizations net various network-type organizations and network management-related organizations, such as information centers and operations centers org technical support groups, professional societies, or similar organizations There are also many national domains, such as DE for Germany and FR for France. The whole space is partitioned into several non-overlapping areas of authority called zones. Information in each zone is handled by the zone’s “authoritative” or “master” name server(s). Each zone starts at a domain and extends down to the leaf domains, or to domains where other zones start. Zones usually represent administrative boundaries. An example of a domain name for a station at the University of California, Berkeley is monet.berkeley.edu. The top-level domain for educational organizations is edu. Berkeley is a subdomain of edu, and monet is the name of the station. BIND Servers and Clients BIND is based on a server-client relationship. There are several different classes of servers, with varying degrees of authority. This section discusses the interaction between various types of servers, and between servers and clients. This information is summarized in Table 6-1. 105 Chapter 6: BIND Name Server Table 6-1 summarizes the general characteristics for various BIND server configurations. Table 6-1 BIND Server Configurations Primary Server Secondary Server Caching-only Server Forwarder Server Slave Server Authoritative "Delegated" server for the authority from domain primary server Nonauthoritative Nonauthoritative Nonauthoritative Loads data Loads data from local file from primary server Answers queries or forwards queries to authoritative servers Answers recursive requests or interacts with other name servers before answering requests Accesses data from specified list of servers (forwarders) All server configurations must run the named server daemon. The named daemon is started automatically during station startup if the configuration flag named is “on.” See the chkconfig(1M) reference page for more details. The client accesses data from the name servers specified in its resolv.conf file. It does not run the domain server, named. Master Servers A master server for a domain is the authority for that domain. This server maintains all the data corresponding to its domain. Each domain should have at least two master servers: a primary master, and a secondary master to provide backup service if the primary is unavailable or overloaded. A server can be a master for multiple domains, serving as primary for some domains and secondary for others. A primary master server is a server that loads its data from a file on disk. This server can also delegate authority to other servers in its domain. A secondary master server is a server that is delegated authority and receives its data for a domain from a primary master server. At boot time, the secondary server requests all the data for the given 106 BIND Servers and Clients domain from the primary master server. This server then periodically checks with the primary server to see if it needs to update its data. Root servers are the master servers for the root and top-level Internet domains. They are listed in the root.cache file described in “BIND’s root.cache File” on page 112. Slave and Forwarding Servers A slave server always forwards queries it cannot satisfy locally to a fixed list of forwarding servers, instead of interacting with the master name server for the root and other domains. There may be one or more forwarding servers, and they are tried in turn until the list is exhausted. A slave-and-forwarder configuration is useful when you do not want all the servers at a given site to interact with the rest of the Internet servers. The stations might be administratively prohibited from having Internet access. To give the stations the appearance of access to the Internet domain system, the stations could be slave servers to the forwarding server on the gateway station. The gateway server would forward the queries and interact with other name servers on the Internet to resolve each query before returning the answer. A benefit of using the forwarding feature is that the central station develops a more complete cache of information, which all the stations can take advantage of. The use of slave mode and forwarding is discussed further in “Setting Up a BIND Configuration” on page 114. There are two main reasons to use forwarders. First, if your station does not have full network access, it cannot send IP packets to the rest of the network. Therefore, it must rely on a forwarder with access to the network. Second, the forwarder can see all queries as they pass through the server and, therefore, builds up a more complete cache of data than the cache in a typical station name server. In effect, the forwarder becomes a meta-cache from which stations can benefit, thereby reducing the total number of queries from that site to the rest of the network. Caching-Only Server A caching-only server is not authoritative for any domain. It services queries and asks other servers, who have the authority, for needed information. The results of queries are cached, to reduce traffic to the authoritative server. Query responses include a time-to-live field, which indicates how long they should be cached for. 107 Chapter 6: BIND Name Server Clients A BIND client accesses the name servers that run on other stations in the network. The named server does not run on the client station. The BIND Configuration Files This section discusses the various BIND configuration files. Examples of these files are provided in “Setting Up a BIND Configuration” on page 114. In IRIX, the named database files are stored in the /var/named directory. A README file contains a short summary of the setup procedure and a list of official names for BIND clients and servers. Typically, servers are also clients. BIND clients require the /etc/resolv.conf file. The /var/named/Examples subdirectory contains sample named database files. The files in the Examples directory should be used and changed to reflect your setup. These files use the record format described in Appendix A, “BIND Standard Resource Record Format.” The database files needed to set up your BIND environment are: • named.boot • root.cache • named.hosts • named.rev • localhost.rev Note: If your network has more than one domain, incorporate the domain name as part of the named.hosts, named.rev, and localhosts.rev filenames when you create your versions of these files. The number and configuration of the database files depend on the server type. 108 The BIND Configuration Files Table 6-2 summarizes which database files are required for each type of server. Table 6-2 named Database Files Filename Primary Server Secondary Server Caching-Only Server Forwarder Server Slave Server named.boot required required required required required localhosts.rev required required required required required named.hosts required N/A N/A N/A N/A named.rev required N/A N/A N/A N/A root.cache required required required required required BIND’s Boot File The boot file is first read when named starts up. It tells the server what type of server it is, which zones it has authority over, and where to get its initial data. The default name of this file is /etc/named.boot. The template for this file is called /var/named/Examples/named.boot.master (for primary server) and named.boot.slave (for secondary server). To use a different file, create or modify the /etc/config/named.options file with this entry: -b other-bootfile-name The recognized boot file structures are described in the subsections that follow. Directory The directory line specifies the directory in which the name server should run, allowing the other filenames in the boot file to use relative pathnames. directory /var/named This entry is required. It makes sure named is in the proper directory when you try to include files by relative pathnames with $INCLUDE. It also allows named to run in a location that is reasonable for dumping core, if necessary. 109 Chapter 6: BIND Name Server Primary Master The line in the boot file that designates a primary server for a zone looks like this: primary Berkeley.EDU named.hosts The first field specifies that the server is a primary one for the zone stated in the second field. The third field is the name of the file from which the data is read. Secondary Master The line for a secondary server is similar to that for the primary, except that it lists addresses of other servers (usually primary servers) from which the zone data is obtained. For example: secondary Berkeley.EDU 128.32.0.10 128.32.0.4 ucbhosts.bak The first field specifies that the server is a secondary master server for the zone stated in the second field. The two network addresses specify the name servers that are primary for the zone. The secondary server gets its data across the network from the listed servers. It tries each server in the order listed until it successfully receives the data from a listed server. If a file name is present after the list of primary servers, data for the zone is saved in that file. When the server first starts, it loads the data from the backup file if possible, and consults a primary server to check that the zone information is still up to date. Caching-Only Server All servers should have a line like this one in the boot file to prime the name server’s cache: cache . root.cache All listed cache files are read when named starts up. Valid values are reinstated in the cache, and the root name server information in the cache files is always used to handle initial queries. The name server needs to know the servers that are the authoritative name servers for the root domain of the network. The root.cache file primes the server’s cache with the addresses of these higher authorities. This file uses the Standard Resource Record format (or Master File format) described in detail in Appendix F. 110 The BIND Configuration Files You do not need a special line to designate that a server is a caching server. What denotes a caching-only server is the absence of authority lines, such as secondary or primary, in the boot file. Forwarders Any server can make use of forwarders. For example, a server capable of processing recursive queries may try resolving queries on behalf of other stations. The forwarders command specifies forwarders by Internet address as follows: forwarders 128.32.0.10 128.32.0.4 Slave Mode You can use slave mode if, because of limited network access, use of forwarders is the only way to resolve queries. You can also use slave mode if you wish to prevent the name server from using forwarders other than those listed. Slave mode is activated by the following command in the boot file: slave If you use slave, you must specify forwarders. In slave mode, the server forwards each query to each of the forwarders until an answer is found or the list of forwarders is exhausted. BIND’s named.hosts File This file contains the host-address database for your domain. It is required for primary servers. BIND’s named.rev File This file specifies the IN-ADDR.ARPA domain, which is used to translate IP addresses into names. Because Internet addresses do not fall within domain boundaries, this special domain was formed to allow inverse mapping. The IN-ADDR.ARPA domain for a station has four labels preceding it. These labels correspond to the four octets of an Internet address in reverse order. All four octets must be specified, even if an octet is zero. 111 Chapter 6: BIND Name Server For example, the Internet address 128.32.130.12 is located in the domain 12.130.32.128.IN-ADDR.ARPA. This reversal of the address allows for the natural grouping of stations in a network. An IN-ADDR.ARPA domain can also represent a network. For example, if the ARPANET is network 10, there is a domain called 10.IN-ADDR.ARPA. BIND’s localhost.rev File This file specifies the IN-ADDR.ARPA domain of the local loopback interface’s network address, 127.0.0.1. The address is better known as the localhost address. Many important network programs depend on the information in this domain. This file is required on all servers. BIND’s root.cache File This file, by default, contains the initial cache data for root domain servers. It is required, in one form or another, on all servers. BIND’s /etc/config/named.options File This file is optional. It is used during station startup and by the named.restart script. Specify command-line arguments for named in this file. See the named(1M) reference page for details on the options. Configuring Hostname Resolution With /etc/resolv.conf The only configuration file required by BIND clients is the /etc/resolv.conf file.This file is read the first time gethostbyname or gethostbyaddr is called. The resolv.conf file has several functions: 112 • It defines the default domain or the default domain search list. • It specifies the ordering of host resolution services used by gethostbyname and gethostbyaddr. • It lists Internet addresses of name servers. The BIND Configuration Files The first two items apply to both client and server stations. The last item is required only by client stations. The file’s format is described in detail in the resolver(4) reference page. To set up a station as a client of remote servers, add nameserver entries for the Internet addresses of the name servers to /etc/resolv.conf. For example: nameserver 128.32.130.12 You can specify up to three nameserver entries. It is usually not necessary to create this file if you have a local server running. An entry for the local server should use an Internet address of 0 (meaning “this station”). On client and server stations, the name in /etc/sys_id should be set to the fully qualified domain name. For example: monet.Berkeley.EDU However, if you choose not to use fully qualified domain names, add a line with the keyword domain and the station’s domain to the resolv.conf file. For example: domain berkeley.edu The gethostbyname and gethostbyaddr library routines are normally configured to access station information in this order: 1. NIS 2. BIND 3. Local /etc/hosts file You can change this behavior with the hostresorder keyword in /etc/resolv.conf. See the resolver(4) reference page for details. To enable the system manager to copy files from another station when it is in single-user mode, the /etc/hosts file should contain entries for important stations in addition to the entries for the local station’s network interface(s) and localhost. See the hosts(4) reference page for more information about the format. 113 Chapter 6: BIND Name Server Setting Up a BIND Configuration This section provides an example of how a BIND environment might be organized and describes the procedure for configuring the various servers and client stations. The example assumes you are connected to the Internet. When setting up your own environment, replace the variables in the example with your own BIND environment variables. The example is based on these variables: • the domain is fruit.com, network address 128.70.10, and the network is attached to the Internet • primary server is apples.fruit.com, internet address 128.70.10.1 • aecondary server is oranges.fruit.com, internet address 128.70.10.2 • dorwarding server is banana.fruit.com, internet address 128.70.10.3 • caching-only server is guava.fruit.com, internet address 128.70.10.4 • slave servers are pineapple1.fruit.com and pineapple2.fruit.com, Internet addresses 128.70.10.8 and 128.70.10.9 • clients are plum1.fruit.com, plum2.fruit.com, and plum3.fruit.com, Internet addresses 128.70.10.5, 128.70.10.6, and 128.70.10.7 Figure 6-2 illustrates the example BIND environment described above. Station names in the figure are shortened for illustrative purposes only. 114 Setting Up a BIND Configuration f r u i t . c o es m ng ora les app Secondary server Primary server va gua ana Caching server m3 plu ban m2 Forwarder server plu m1 plu Client servers e1 ppl ea pin le2 app e pin Slave servers Figure 6-2 Example BIND Configuration Configuring the Primary Server Use this procedure to configure a primary server: 1. Log in as root. 2. Move to the named example directory: cd /var/named/Examples 3. Copy the template files to the /var/named directory: cp named.boot.master root.cache named.hosts \ named.rev localhost.rev /var/named 115 Chapter 6: BIND Name Server 4. Move named.boot.master to the default filename: cd .. mv named.boot.master named.boot 5. Modify named.boot with your editor of choice to resemble the following: ; ; Boot file for apple.fruit.com, primary for fruit.com ; directory /var/named ;type domain source host/file backup file cache . root.cache primary fruit.com fruit.named.hosts 6. Modify the named.hosts file, here called fruit.named.hosts, to resemble the following: ; Authoritative data for fruit.com ; @ IN SOA apples.fruit.com. named-mgr.apples.fruit.com. (1994021501 ; Serial 10800 ; Refresh 3 hours 3600 ; Retry 1 hour 3600000 ; Expire 1000 hours 86400 ) ; Minimum 24 hours ; authoritative name servers for fruit.com IN NS apples.fruit.com. IN NS oranges.fruit.com. ; address records for all hosts on the net IN A 128.70.10.1 apples IN A 128.70.10.1 oranges IN A 128.70.10.2 banana IN A 128.70.10.3 guava IN A 128.70.10.4 plum1 IN A 128.70.10.5 plum2 IN A 128.70.10.6 plum3 IN A 128.70.10.7 pineapple1 IN A 128.70.10.8 pineapple2 IN A 128.70.10.9 localhost IN A 127.0.0.1 ; canonical or alias name for localhost loghost IN CNAME localhost 116 Setting Up a BIND Configuration 7. Modify the localhost.rev file to resemble the following: ;localhost.rev -- PTR record for 127.1 ; @ IN SOA apples.fruit.com. named-mgr.apples.fruit.com. (1994021501 ;Serial 10800 ;Refresh 3 hours 3600 ;Retry 1 hour 3600000 ;Expire 1000 hours 86400 ) ;Minimum 24 hours ; authoritative name servers for fruit.com IN NS apples.fruit.com. IN NS oranges.fruit.com. 0 IN PTR loopback.fruit.com. 1 IN PTR localhost. 8. Modify the named.rev file (fruitnamed.rev) to resemble the following: ; ; ; @ @(#)named.rev IN 1.1 (Berkeley) 86/02/05 SOA apples.fruit.com. named-mgr.apples.fruit.com. (1994021501 ; Serial 10800 ; Refresh 3 hours 3600 ; Retry 1 hour 3600000 ; Expire 1000 hours 86400 ); Minimum 24 hours ;authoritative name servers for fruit.com IN NS apples.fruit.com. IN NS oranges.fruit.com. ;named.rev addresses, by default, are the last two numbers ;of the internet addresses in reverse order, if Class B ;address. If Class C address, then it’s the last number. 1 IN PTR apples.fruit.com. 2 IN PTR oranges.fruit.com. 3 IN PTR banana.fruit.com. 4 IN PTR guava.fruit.com. 5 IN PTR plum1.fruit.com. 6 IN PTR plum2.fruit.com. 7 IN PTR plum3.fruit.com. 8 IN PTR pineapple1.fruit.com. 9 IN PTR pineapple2.fruit.com. 117 Chapter 6: BIND Name Server 9. Use the default root.cache file if the primary server is attached to the Internet. If practical, you should obtain the most up-to-date list from rs.internic.net using anonymous FTP. The list is kept in the file domain/named.root. ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the “cache . ” ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC registration services ; under anonymous FTP as ; file /domain/named.root ; on server FTP.RS.INTERNIC.NET ; -OR- under Gopher at RS.INTERNIC.NET ; under menu InterNIC Registration Services (NSI) ; submenu InterNIC Registration Archives ; file named.root ; ; last update: Sep 1, 1995 ; related version of root zone: 1995090100 ; ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; formerly TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; ; formerly NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. 118 Setting Up a BIND Configuration E.ROOT-SERVERS.NET. 3600000 ; ; formerly NS.ISC.ORG ; . 3600000 F.ROOT-SERVERS.NET. 3600000 ; ; formerly NS.NIC.DDN.MIL ; . 3600000 G.ROOT-SERVERS.NET. 3600000 ; ; formerly AOS.ARL.ARMY.MIL ; . 3600000 H.ROOT-SERVERS.NET. 3600000 ; ; formerly NIC.NORDU.NET ; . 3600000 I.ROOT-SERVERS.NET. 3600000 ; End of File A 192.203.230.10 NS A F.ROOT-SERVERS.NET. 39.13.229.241 NS A G.ROOT-SERVERS.NET. 192.112.36.4 NS A H.ROOT-SERVERS.NET. 128.63.2.53 NS A I.ROOT-SERVERS.NET. 192.36.148.17 10. Enable named and reboot the station with the following commands: chkconfig named on reboot Configuring the Secondary Server Use this procedure to configure a secondary server: 1. Log in as root. 2. Move to the named example directory: cd /var/named/Examples 3. Copy the template files to the /var/named directory: cp named.boot.slave root.cache localhost.rev /var/named 4. Move named.boot.slave to the default filename: cd .. mv named.boot.slave named.boot 119 Chapter 6: BIND Name Server 5. Modify named.boot to look like the following: more named.boot ; ; Boot file for orange.fruit.com, secondary for fruit.com ; directory /var/named ; type domain source host/file backup file cache . root.cache secondary fruit.com 128.70.10.1 fruithosts.bak 6. Use the same localhost.rev file you installed on your primary server. 7. Use the same root.cache file you installed on your primary server. 8. Enable named and reboot the station with the following commands: chkconfig named on reboot Configuring a Caching-Only Server Use this procedure to set up a caching-only server: 1. Log in as root. 2. Move to the named example directory: cd /var/named/Examples 3. Copy the template files to the /var/named directory: cp named.boot.master root.cache /var/named 4. Move named.boot.master to the default filename: cd .. mv named.boot.master named.boot 120 Setting Up a BIND Configuration 5. Modify named.boot to look like the following: more named.boot ; ;Boot file for guava.fruit.com,caching-only server for ;fruit.com ;Note that there should be one primary entry for each SOA ;record. ; ; directory /var/named ;type domain source host/file backup file cache . root.cache 6. Use the same localhost.rev file you installed on your primary server. 7. Use the same root.cache file you installed on your primary server. 8. Enable named and reboot the station with the following commands: chkconfig named on reboot Configuring the Forwarding Server Use this procedure to set up a forwarding server: 1. Log in as root. 2. Move to the named example directory: cd /var/named/Examples 3. Copy the template files to the /var/named directory: cp named.boot.master root.cache localhost.rev /var/named 4. Move named.boot.master to the default filename: cd .. mv named.boot.master named.boot 121 Chapter 6: BIND Name Server 5. Modify named.boot to look like the following: more named.boot ; ;Boot file for banana.fruit.com, forwarder server ;for fruit.com ;Note that there should be one primary entry for each ;SOA record. ; ; directory /var/named ;type cache forwarders domain . 128.70.10.1 source host/file root.cache 128.70.10.2 backup file 6. Use the same localhost.rev file you installed on your primary server. 7. Use the same root.cache file you installed on your primary server. 8. Enable named and reboot the station with the following commands: chkconfig named on reboot Configuring a Slave Server 1. Log in as root. 2. Move to the named example directory: cd /var/named/Examples 3. Copy the template files to the /var/named directory: cp named.boot.slave root.cache localhost.rev /var/named 4. Move named.boot.master to the default filename: cd .. mv named.boot.slave named.boot 122 Managing the BIND Environment 5. Modify named.boot to look like the following: ; ;Boot file for pineapple1.fruit.com, slave server for ;fruit.com ; directory /var/named ;type domain source host/file backup file cache . root.cache forwarders 128.70.10.3 slave 6. Use the same localhost.rev file you installed on your primary server. 7. Use the same root.cache file you installed on your primary server. 8. Enable named and reboot the station with the following commands: chkconfig named on reboot Configuring the Client Use this procedure to set up a BIND client: 1. Log in as root. 2. Create or modify the resolv.conf file to include the default domain name, the host resolution order, and the list of name servers. It should look something like this: domain fruit.com nameserver 128.70.10.4 nameserver 128.70.10.2 nameserver 128.70.10.1 hostresorder bind local 3. Rebooting the client is suggested, but not required. Managing the BIND Environment This section describes the steps involved in maintaining the databases. It details how to add and delete a station from the domain and how to add a new subdomain. It also discusses some of the scripts that manage the BIND database. 123 Chapter 6: BIND Name Server Adding a New Station To add a new station to your zone files: 1. Edit the appropriate zone file for the station’s domain. 2. Add an A record for each address of the station. 3. Add CNAME, HINFO, WKS, RP, and MX records (optional). 4. Add the reverse IN-ADDR entry for each station address in the appropriate zone files for each network the station is on. Deleting a Station To delete a station from the zone files: 1. Remove all the station’s resource records from the zone file of the station’s domain. 2. Remove all the station’s PTR records from the IN-ADDR zone files for each network the station was on. Adding Another Domain To add a new subdomain to your domain: 1. Set up the other domain server, the new zone file, or both. 2. For each server of the new domain, add an NS record to the zone file of the parent domain. 3. Add any necessary glue address records. See Appendix A, “BIND Standard Resource Record Format” for details about glue records. Management Scripts You can use two shell scripts to manage named: /usr/sbin/named.reload and /usr/sbin/named.restart. 124 Debugging named named Reload Script This shell script sends the HUP signal to named, which causes it to read named.boot and reload the database. All previously cached data is lost. Use this script when named is running and you want the internal database for named to reflect any changes you have made. named Restart Script This shell script terminates the running named and starts a new one. Use this script when you have made changes to the named.boot file, or whenever you need to place the server in a known state. Debugging named When named is running incorrectly, first check /var/adm/SYSLOG for any messages. For additional information, send named one of the following signals, using killall(1M) and defining SIG as INT, ABRT, USR1, or USR2: /etc/killall -SIG named INT Dumps the current database and cache to /var/tmp/named_dump.db. This dumping should indicate whether the database was loaded correctly. ABRT Dumps statistics data into /var/tmp/named.stats. Statistics data is appended to the file. USR1 Turns on debugging. Each subsequent USR1 increases the debug level. There are 10 debug levels, and each prints more detailed information. A debug level of 5 is useful for debugging lookup requests. The output goes to /var/tmp/named.run. USR2 Turns off debugging completely. 125 Chapter 6: BIND Name Server SYSLOG Messages Using syslog(3B), named logs certain errors to /var/adm/SYSLOG. This section lists important error messages and their meanings. • dname has CNAME and other illegal data An alias has more than just a CNAME record. For example, since only “monet” should have the A record, the following is wrong: ucbmonet IN CNAME monet ucbmonet IN A 128.32.0.1 • Attempted to query myself on ipaddr as name server for dname The station is listed incorrectly as a forwarder in the named.boot file. • zoneref: Masters for secondary zone dname unreachable This station is a secondary server for dname. The primary server returned an invalid data response or, because of a network problem, the station was not able to contact the primary server to obtain the current state of the zone information. • Lame delegation to dname1 received from ipaddr(purported server for dname2) on query on name [dname3] The message indicates that the remote server at the specified address is supposed to be authoritative for the dname2 domain but has returned an indication that implies it is not. The remote server or the server for its parent domain is misconfigured. This error message can be disabled if named is started with the -L lamedel option. • MAXQUERIES exceeded, possible data loop in resolving dname The name server has tried to query too many other servers for the specified record. This might happen if each of two remote servers reply that the other has the desired information for dname. • Malformed response from ipaddr The remote DNS server at the specified address returned a malformed packet. This message typically indicates an error in the remote server. • Bogus root NS dname1 received from ipaddr on query on name[dname2] -rejected The name server at the specified address improperly returned NS records for the root domain. The records have been ignored. You can disable this error message if named is started with -L rootns. 126 Debugging named • Root NS dname1 received from ipaddr on query on name [dname2] The name server at the specified address returned NS records for the root domain. You can disable this informational message if named is started with the -L rootns option. The nslookup Command The nslookup command is a useful debugging tool for querying local and remote name servers. nslookup operates in either interactive or non-interactive mode. Interactive mode allows the user to query the name server for information about various stations and domains or print a list of stations in the domain. Non-interactive mode is used to print just the name and requested information for a station or domain. The following example of nslookup output gets the address record for the station monet.berkeley.edu: Default Server: ucbvax.berkeley.edu Address: 128.32.133.1 > monet Server: ucbvax.berkeley.edu Address: 128.32.133.1 Name: monet.berkeley.edu Address: 128.32.130.6 To exit, press or enter exit. The help command summarizes available commands. The complete set of commands is described on the nslookup(1C) reference page. 127 Chapter 7 7. UUCP UUCP stands for “UNIX to UNIX Copy Program,” and is a set of utilities that lets computers using versions of the UNIX operating system (such as IRIX) communicate with each other and with remote terminals. These utilities range from those used to copy files between computers (uucp and uuto), to those used for simple encoding and decoding (uuencode and uudecode), to those used for remote login and command execution (cu and uux). The following topics are covered in this chapter: • “Choosing TCP/IP or UUCP” on page 130 • “Hardware Requirements for UUCP” on page 131 • “UUCP Commands” on page 131 • “UUCP Daemons” on page 133 • “Supporting Databases” on page 134 • “UUCP Administrative Files” on page 155 • “Setting Up UUCP” on page 157 • “UUCP Error Messages” on page 169 The UUCP system is contained in the eoe subsystem of your IRIX distribution, in the package called eoe.sw.uucp. Use the versions command to determine if you have this subsystem installed. UUCP connections using telephone lines and modems are used to distribute electronic mail and “net news” among thousands of computers in the USENET network. As an administrator, you need to be familiar with the administrative tools, logs, and database files used by UUCP. This chapter provides details about the UUCP files, directories, daemons, and commands. 129 Chapter 7: UUCP Choosing TCP/IP or UUCP This section compares UUCP and the TCP/IP protocol suite for various purposes. You can use them together, each for the tasks for which it is best suited. Both UUCP and TCP/IP software are standard features of the IRIX operating system. To use the TCP/IP software, you must have one of these communications mechanisms: • a connection to an Ethernet network • the optional FDDI hardware and software • the Serial Line Internet Protocol (SLIP) software To use UUCP, you must be connected to a serial network or to any TCP/IP network. TCP/IP provides reliable interactive and batch services. UUCP is a batch-mode service; when you issue a uucp command, it is placed in a queue with other commands. The system checks the queue at regular intervals and executes the commands that it finds. After your command is carried out, UUCP reports the results of the command. The time it takes to carry out a command on a remote station varies on different stations. Table 7-1 shows a comparison of features of TCP/IP and UUCP. Table 7-1 Comparison of TCP/IP and UUCP TCP/IP Features UUCP Features runs on Ethernet and FDDI, and over serial lines runs over serial lines or over TCP/IP links transfers files interactively transfers files in batch mode executes commands on remote stations interactively executes commands on remote stations in batch mode sends mail interactively or in batch mode sends mail in batch mode 130 starts a shell on a remote station starts a shell on a remote station provides remote login facilities with rlogin/telnet provides remote login facilities with cu transfers data to any station running TCP/IP transfers data to any station running UUCP Hardware Requirements for UUCP Hardware Requirements for UUCP Before your computer can communicate with other computers through UUCP, you must set up the hardware to complete the communications link. The cables and other hardware you will need depend on how you want to connect the computers: direct links, telephone lines, or local area networks. Note: Refer to IRIX Admin: Peripheral Devices and the Personal System Administration Guide for information on setting up modems and other hardware. Direct links You can create a direct link to another computer by running cables between serial ports on the two computers. Direct links are useful if two computers communicate regularly and are physically close—within 50 feet of each other. You can use a limited-distance modem to increase this distance somewhat. Transfer rates of up to 38,400 bits per second (bps) are possible when computers are directly linked. Such direct links are now rarely used because local area networks provide faster, easier-to-use connections. Telephone lines Using a modem capable of dialing telephone numbers, your computer can communicate with other computers over standard phone lines. The modem dials the telephone number requested by the networking utilities. The computer it is trying to contact must have a modem capable of answering incoming calls. UUCP Commands UUCP programs can be divided into two categories: user programs and administrative programs. The subsections that follow describe the programs in each category. UUCP User Programs The UUCP user programs are in /usr/bin. No special permission is needed to use these programs; they are all described in the reference pages. cu Connects your computer to a remote computer so you can log in to that computer, allowing you to transfer some files or execute commands on either computer without dropping the initial link. 131 Chapter 7: UUCP uucp Lets you copy a file from one computer to another. This program creates work files and data files, queues the job for transfer, and calls the uucico daemon, which in turn attempts to contact the remote computer. uuto Copies files from one computer to a public spool directory on another computer (/var/spool/uucppublic/receive). Unlike uucp, which lets you copy a file to any accessible directory on the remote computer, uuto places the file in an appropriate spool directory and sends mail to the remote user who requested that it be picked up with uupick. uupick Retrieves the files placed under /var/spool/uucppublic/receive when files are transferred to a computer that is using uuto. uux Creates the work, data, and execute files needed to execute commands on a remote computer. The work file contains the same information as work files created by uucp and uuto. The execute files contain the command string to be executed on the remote computer and a list of the data files. The data files are those files required for the command’s execution. uustat Displays the status of requested transfers (uucp, uuto, or uux). This program also provides a way to control queued transfers. UUCP Administrative Programs Most of the administrative programs are in /usr/lib/uucp, though the UUCP database files reside in /etc/uucp. The only exception is uulog, which is in /usr/bin. These commands are described in their respective reference pages. You should use the uucp login ID when you administer UUCP because it owns the basic networking and spooled data files. The home directory of the uucp login ID is /usr/lib/uucp. The other UUCP login ID is nuucp, used by remote computers that do not have their own login IDs to access your computer. A computer that logs in with nuucp receives uucico as its shell. The following programs are the administrative utilities of UUCP: uulog 132 Displays the contents of a specified computer’s log files. A log file is created for each remote computer with which your computer communicates. The log files contain records of each use of uucp, uuto, and uux. UUCP Daemons uucleanup Cleans up the spool directory. This command is normally executed from a shell script called uudemon.cleanup, which is started by cron. Uutry Tests call-processing capabilities and does a moderate amount of debugging. This command invokes the uucico daemon, in debug mode, to establish a communications link between your computer and the remote computer that you specify. uucheck Checks for the presence of UUCP directories, programs, and support files. This program can also check certain parts of the Permissions file for obvious syntactic errors. genperm Generates the Permissions file for stations that assign each remote station its own login ID. The following programs are used for initializing different types of modems. The use of these programs is described in IRIX Admin: Peripheral Devices, Chapter 1, “Terminals and Modems.” fix-dsi This program initializes DSI modems fix-hayes This program initializes Hayes modems. fix-intel This program initializes Intel modems. fix-telebit This program initializes Telebit modems. fix-usr This program initializes U. S. Robotics modems. fix-zyxel This program initializes Telebit modems. UUCP Daemons There are several daemons in UUCP. These daemons handle file transfers and command executions. They can also be run manually from the shell. uucico Selects the device used for the link, establishes the link to the remote computer, performs the required login sequence and permission checks, transfers data and execute files, logs results, and notifies the user by mail of transfer completions. It also starts uuxqt to execute any requested commands. When the local uucico daemon calls a remote computer, it “talks” to the uucico daemon on the remote computer during the session. 133 Chapter 7: UUCP The uucico daemon is executed by the uucp, uuto, and uux programs, after all the required files have been created, to contact the remote computer. It is also executed by the uusched and Uutry programs. uuxqt Executes remote execution requests. This daemon searches the spool directory for execute files (always named X.file) that have been sent from a remote computer. When an X.file file is found, uuxqt opens it to get the list of data files that are required for the execution. It then checks to see if the required data files are available and accessible. If the files are present and can be accessed, uuxqt checks the Permissions file to verify that it has permission to execute the requested command. The uuxqt daemon is executed by the uudemon.hour shell script, which is started by cron. uusched Schedules the queued work in the spool directory. Before starting the uucico daemon, uusched randomizes the order in which remote computers are called. uusched is executed by a shell script called uudemon.hour, which is started by cron. uugetty This program is very similar to the getty program except that it permits a line (port) to be used in both directions. uugetty is assigned to a port in the /etc/inittab file if you want a port to be bi-directional. uugetty is described on the uugetty(1M) reference page. Supporting Databases The UUCP support files are in the /etc/uucp directory. 134 Devices Contains information concerning the location and line speed of the automatic call units (modems) and direct links. Dialers Contains character strings required to negotiate with automatic call units (ACUs) or modems in establishing connections to remote computers. Systems Contains information needed by the uucico daemon and the cu program to establish a link to a remote computer. This file contains information such as the name of the remote computer, the name of the connecting device associated with the remote computer, when the computer can be reached, the telephone number, the login ID, and the password. Dialcodes Contains dial-code abbreviations that can be used in the phone number field of Systems file entries. Supporting Databases Permissions Defines the level of access that is granted to remote users using uucp or uux when they attempt to transfer files or remotely execute commands on your computer. Poll Defines computers that are to be polled by your station and when they are polled. Sysfiles Assigns different or multiple files to be used by uucico and cu, such as Systems, Devices, and Dialers files. The subsections that follow provide details on the structure of these files so you can edit them. There are several other files that can be considered part of the supporting database; these files are not directly related to the process of establishing a link and transferring files. The files, Maxuuxqts, Maxuuscheds, and remote.unknown, are described briefly in “Other UUCP Files” on page 154. The Devices File The Devices file (/etc/uucp/Devices) contains information for all the devices that can be used to establish a link to a remote computer, such as automatic call units, direct links, and network connections. Note: This file works interdependently with the Dialers, Systems, and Dialcodes files. Before you make changes in any of these files, you should be familiar with them all. A change to an entry in one file may require a change to a related entry in another file. Each entry in the Devices file has the following format: Type Line Line2 Class Dialer-Token-Pairs Entries for use with modems should always have the form Name device null speed 212 x dialer Entries for use over TCP/IP network connections have the form TCP - - Any TCP uucp Devices file fields are defined in the following sections. 135 Chapter 7: UUCP The Type Field The keyword used in the Type field is matched against the third field of Systems file entries. The Type field can contain one of these keywords: Direct, ACU, or a station name. Direct This keyword indicates a direct link to another computer or a switch (for cu connections only). ACU This keyword indicates that the link to a remote computer is made through an automatic call unit (automatic-dial modem). Sys-Name This value indicates a direct link to a particular computer. (Sys-Name is replaced by the name of the computer.) This naming scheme is used to convey the fact that the line associated with this Devices entry is for a particular computer in the Systems file. You can designate a protocol to use for a device within this field. See the “Protocols” section at the end of the description of this file. The Line Field This field contains the device name of the line (port) associated with the Devices entry. For instance, if the automatic dial modem for a particular entry is attached to the /dev/ttyf5 line, the name entered in this field is ttyf5. You should always use the ttyf devices when working with modems. These devices support hardware flow control, which is used by all modems that support V.32 or V.32bis. The Line2 Field If the keyword ACU is used in the Type field and the ACU is an 801-type dialer, the Line2 field contains the device name of the 801 dialer. (801-type ACUs do not contain a modem. Therefore, a separate modem is required and must be connected to a different line, defined in the Line field.) The need for a separate modem line means that one line would be allocated to the modem and another to the dialer. Since non-801 dialers do not normally use this configuration, they ignore the Line2 field, but it must still contain a hyphen (-) or the word null as a place holder. A place holder is necessary for most modems. 136 Supporting Databases The Class Field The keyword used in the Class field of the Devices file is matched against the fourth field of Systems file entries: Devices: ACU ttyf5 null D9600 212 x telebit Systems: eagle Any ACU D9600 14155551212 login:nuucp password:Oakgrass Some devices can be used at any speed, so the keyword ‘‘Any’’ can be used in the Class field. If Any is used, the line will match any speed requested in a Systems file entry. If this field is Any and the Systems file Class field is Any, the speed defaults to 9600 bps. If the keyword ACU or Direct is used in the Type field, the Class field might contain only the speed of the device. However, the speed can also be preceded by a letter (for example, C9600, D9600) to differentiate between classes of dialers (Centrex or Dimension PBX). Including the dialer class is necessary in larger offices that have more than one type of telephone network: One network may be dedicated to serving only internal communications while another handles external. In such a case, it becomes necessary to distinguish which line(s) should be used for internal and which for external. The Dialer-Token-Pairs Field This field contains pairs of dialers and tokens. The Dialer portion may be the name of an automatic-dial modem, or ‘‘Direct’’ for a direct-link device. You can have any number of Dialer-Token-Pair (DTP) fields. The Token portion may be supplied immediately following the Dialer portion; if not present, the Token portion will be taken from a related entry in the Systems file. This field has the format: dialer token dialer token The last pair may or may not be present, depending on the associated device (dialer). In most cases, the last pair contains only a Dialer portion and the Token portion is retrieved from the Phone field of the Systems file entry. A valid entry in the Dialer portion may be defined in the Dialers file. The DTP field can be structured in different ways, depending on the device associated with the entry. If an automatic-dial modem is connected directly to a port on your computer, the DTP field of the associated Devices file entry will have only one pair. This pair is normally the name of the modem. This name is used to match the particular Devices file entry with an 137 Chapter 7: UUCP entry in the Dialers file. Therefore, the Dialer field must match the first field of a Dialers file entry: Devices: ACU ttyf2 null 9600 212 x telebit Dialers: telebit =&-% "" \r\p\r\c $ \c ONLINE! Notice that only the Dialer portion (telebit) is present in the DTP field of the Devices file entry. This means that the token to be passed on to the dialer (in this case the phone number) is taken from the Phone field of a Systems file entry. (\T is implied) If a direct link is established to a particular computer, the DTP field of the associated entry contains the keyword Direct. This is true for both types of direct-link entries, Direct and System-Name. If an automatic-dial modem is connected to a switch, your computer must first access the switch; the switch then makes the connection to the modem. This type of entry requires two Dialer-Token-Pairs. The Dialer portion of each pair (fifth and seventh fields of entry) is used to match entries in the Dialers file: Devices: ACU ttyf2 null 9600 212 x t2500 telebit T25 Dialers: telebit "" "" \pr\ps\c est:\007 \E\D\e \007 Dialers: T25 =&-% "" \r\p\r\c $ \c ONLINE! In the first pair, t2500 is the Dialer and telebit is the token that is passed to the Develcon switch to tell it which device (telebit modem) to connect to your computer. This token is unique for each modem switch since each switch may be set up differently. Once the telebit modem has been connected, the second pair is accessed, where T25 is the dialer and the token (the telephone number) is retrieved from the Systems file. (See the discussion of the Systems file’s Phone field in “The Systems File” on page 142.) Two escape characters can appear in a DTP field: 138 \T Indicates that the Phone (Token) field should be translated by means of the Dialcodes file. \D Indicates that the Phone (Token) field should not be translated by means of the Dialcodes file. If no escape character is specified at the end of a Devices entry, the \D is assumed (default). Supporting Databases Device Protocols You can define the protocol to use with each device. In most cases it is not needed since you can use the default or define the protocol with the particular station you are calling. (See the discussion of the Systems file, specifically the Type field.) If you do specify the protocol, you must do it in the form Type, Protocol. Available protocols are g This protocol is slower and more reliable than e. It is good for transmission over noisy telephone lines. This is the default protocol. e This protocol is faster than g, but it assumes error-free transmission, such as over a TCP/IP network connection. t This protocol, like e, is for use in an error-free environment, such as a TCP/IP network connection. The t protocol is used by systems running BSD UNIX operating systems. The Dialers File The Dialers file (/etc/uucp/Dialers) specifies the initial conversation that must take place on a line before it can be made available for transferring data. This conversation is usually a sequence of ASCII strings that is transmitted and expected, and it is often used to dial a phone number with an ASCII dialer (such as an automatic-dial modem). As shown in the preceding section, the fifth field in a Devices file entry is an index into the Dialers file or a special dialer type. An attempt is made to match the fifth field in the Devices file with the first field of each Dialers file entry. In addition, each odd-numbered Devices field, starting with the seventh position, is used as an index into the Dialers file. If the match succeeds, the Dialers entry is interpreted to perform the dialer negotiations. Each entry in the Dialers file has the following format: dialer substitutions expect-send ... The Dialer field matches the fifth and additional odd-numbered fields in the Devices file. The substitutions field is a translate string: The first of each pair of characters is mapped to the second character in the pair. This technique is usually used to translate the equal sign (=) and the hyphen (-) characters into whatever the dialer requires for “wait for dial tone” and “pause.” The expect-send fields are character strings. 139 Chapter 7: UUCP The following list describes some of the escape characters used in the Dialers file. Table 7-2 lists escape sequences used by UUCP. Table 7-2 140 UUCP Escape Sequences Escape sequence Meaning \N Send or expect a null character (ASCII NUL). \b Send or expect a backspace character. \c If at the end of a string, suppress the newline that is normally sent. Ignored otherwise. \d Delay two seconds before sending or reading more characters. \p Pause for approximately 1/4 to 1/2 second. \E Start echo checking. (From this point on, whenever a character is transmitted, login processing will wait for the character to be received before proceeding.) \e Turn off echo checking. \n Send a newline character. \r Send or expect a carriage return. \s Send or expect a space character. \t Send or expect a tab character. \\ Send or expect a backslash (\) character. EOT Send or expect EOT newline twice. BREAK Send or expect a break character. \K Same as BREAK. \ddd Send or expect the character represented by the octal digits ddd. Supporting Databases Here is a sample line from the Dialers file: penril =W-P \E\TP > 9\c OK "" \d > Q\c : \d- > s\p9\c )-W\p\r\ds\p9\c-) y\c : The penril entry in the Dialers file is executed as follows. First, the phone number argument is translated, replacing any equal sign with a W (wait for dial tone) and replacing any hyphen with a P (pause). The handshake given by the remainder of the line works as follows: "" Wait for nothing; in other words, proceed to the next step. \d Delay for two seconds. > Wait for a “greater than” sign (>). Q\c Send a Q with no terminating new line. : Wait for a colon (:). \d- Delay for two seconds. > Wait for a “greater than” sign (>). s\p9\c Send an s, pause for 1/2 second, send a 9, send no terminating new line. )-W\p\r\ds\p9\c-) Wait for a closing parenthesis [)]; if it is not received, process the string between the hyphens as follows: Send a W, pause, send a carriage return, delay, send an s, pause, send a 9 without a new line, and then wait for the closing parenthesis. y\c Send a y without a new line. : Wait for a colon (:) \E\TP Enable echo checking. (From this point on, whenever a character is transmitted, handshake processing waits for the character to be received before proceeding.) Then send the phone number. The \T instructs the program to take the phone number passed as an argument, apply the Dialcodes translation and the modem function translation specified by field two of this entry, then send a P. 9\c Send a 9 without a new line. OK Wait for the string OK. 141 Chapter 7: UUCP The Systems File The Systems file (/etc/uucp/Systems) contains the information needed by the uucico daemon to establish a communications link to a remote computer. Each entry in the file represents a computer that can call or be called by your computer. In addition, UUCP software by default is configured to prevent any computer that does not appear in this file from logging in to your computer. (Refer to “Other UUCP Files” on page 154 for a description of the remote.unknown file.) More than one entry may be present for a particular computer. The additional entries represent alternative communications paths that are tried in sequential order. Using the Sysfiles file, you can define several files to be used as Systems files. See “The Sysfiles File” on page 154 for details. Each entry in the Systems file has the following format: System-name Time Type Class Phone Login These fields are defined in the following sections. The System-name Field This field contains the node name of the remote computer. The Time Field This field is a string that indicates the day-of-week and time-of-day when the remote computer can be called. The format of the Time field is day[time][;retry] The day portion is a list of one or more day specifiers. These specifiers are listed below. Su, Mo, Tu, We, Th, Fr, Sa These abreviations stand for individual days of the week: Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday. 142 Wk Specifies any weekday, Monday through Friday. Any Specifies any day. Supporting Databases Never Specifies that this station never initiates calls to the remote computer.If the Time field is Never, your computer will never initiate a call to the remote computer. The call must be initiated by the remote computer. In other words, your computer is in a passive mode with respect to the remote computer. (For more information on permissions, see “The Permissions File” on page 146.) Here is an example of a Time field: Wk1700-0800,Sa,Su This example allows calls from 5:00 p.m. to 8:00 a.m., Monday through Friday, and any time Saturday and Sunday. The example would be an effective way to call only when phone rates are low, if immediate transfer is not critical. The time portion should be a range of times such as 0800–1230. If no time portion is specified, any time of day is assumed to be allowed for the call. A time range that spans 0000 is permitted. For example, 0800-0600 means all times are allowed other than at times between 6 a.m. and 8 a.m. An optional subfield, retry, is available to specify the minimum time (in minutes) before a retry, following a failed attempt. The default wait is 5 minutes after the first failure, 10 after the second, and so on until a delay of about 24 hours. If the retry subfield is present, that wait is used after every failure. The subfield separator is a semicolon (;). For example, “Any;9” is interpreted as “call any time, but wait at least 9 minutes before retrying after a failure occurs.” The Type Field This field contains the device type that should be used to establish the communications link to the remote computer. The keyword used in this field is matched against the first field of Devices file entries: Systems: eagle Any ACU,g D1200 3251 login:nuucp password: Oakgrass Devices: ACU ttym2 - D1200 penril You can define the protocol used to contact the station by adding it on to the Type field. The example just given shows how to attach the protocol g to the device type ACU. For direct connects, use the name of the station to which you are connecting. See “Device Protocols” on page 139. 143 Chapter 7: UUCP The Class Field This field is used to indicate the transfer speed of the device used to establish the communications link. It may contain a letter and speed (for example, C1200, D1200) to differentiate between classes of dialers. (See the discussion of the Class field in “The Devices File” on page 135.) Some devices can be used at any speed, so the keyword Any may be used. This field must match the Class field in the associated Devices file entry as shown here: Systems: eagle Any ACU D1200 NY3251 login:nuucp password:Oakgrass Devices: ACU ttym2 - D1200 penril If information is not required for this field, use a hyphen as a place holder for the field. The Phone Field This field is used to provide the phone number (token) of the remote computer for automatic dialers. The phone number is made up of an optional alphabetic abbreviation and a numeric part. If an abbreviation is used, it must be one that is listed in the Dialcodes file. For example: Systems: eagle Any ACU D1200 NY3251 login:nuucp password: Oakgrass Dialcodes: NY 9=1212555 In this string, an equal sign (=) tells the ACU to wait for a secondary dial tone before dialing the remaining digits. A hyphen (-) in the string instructs the ACU to pause four seconds before dialing the next digit. If your computer is connected to a modem switch, you may access other computers that are connected to that switch. The Systems file entries for these computers does not have a phone number in the Phone field. Instead, this field contains the token that must be passed on to the switch so it will know which computer your computer wishes to communicate with. This token is usually just the station name. The associated Devices file entry should have a \D at the end of the entry to ensure that this field is not translated by means of the Dialcodes file. The Login Field This field contains login information given as a series of fields and subfields of the format: expect send 144 Supporting Databases The send string is sent when the expect string is received. The expect field may be made up of subfields of the form: expect[-send-expect]... The send field is sent if the prior expect is not successfully read and the expect following the send is the next expected string. For example, with “login--login,” UUCP expects the string “login.” If UUCP receives that string, it goes on to the next field. If it does not receive the string, it sends nothing, followed by a new line, then looks for “login” again. If no characters are initially expected from the remote computer, the characters " " (null string) should be used in the first expect field. Note that all send fields are sent followed by a newline unless the send string is terminated with a \c. Here is an example of a Systems file entry that uses an expect-send string: owl Any ACU 1200 NY6013 "" \r login:-BREAK-login: uucpx word: xyzzy This example means causes UUCP to send a carriage return and wait for the string “login:” If it doesn’t receive the string, it sends a break character and waits for “login:” again. When it does receive the string “login,” it sends the login name uucpx; waits to receive the string “word:” (the last part of “Password:”); and sends the password xyzzy. Several escape sequences cause specific actions when they are a part of a string sent during the login sequence. These are the same escape sequences used in the Dialers file, listed in Table 7-2. The Dialcodes File The Dialcodes file (/etc/uucp/Dialcodes) contains the dial-code abbreviations that can be used in the Phone field of the Systems file. Each entry has the following format: abb dial-seq abb is the abbreviation used in the Systems file Phone field and dial-seq is the dial sequence that is passed to the dialer when that Systems file entry is accessed. For example, the following entry would work with a Phone field in the Systems file such as jt7867: jt 9=555- When the entry containing jt7867 was encountered, the sequence 9=555-7867 would be sent to the dialer if the token in the dialer-token-pair was \T. 145 Chapter 7: UUCP The Permissions File The Permissions file (/etc/uucp/Permissions) specifies the permissions that remote computers have with respect to login, file access, and command execution. There are options that restrict the remote computer’s ability to request files and its ability to receive files queued by the local site. Another option specifies the commands that a remote site can execute on the local computer. The program /etc/uucp/genperm is recommended for creating a sample or default Permissions file from the Systems file. How Permissions File Entries Are Structured Each entry is a logical line with physical lines terminated by a backslash (\) to indicate continuation. (Note that such continuations are not possible in most other UUCP files.) Entries are made up of options delimited by white space. Each option is a name/value pair in the following format: name=value Note that no white space is allowed within an option assignment. Comment lines begin with a number sign (#) and occupy the entire line up to a newline character. Blank lines are ignored (even within multi-line entries). There are two types of Permissions file entries: LOGNAME Specifies the permissions that take effect when a remote computer logs in to (calls) your computer. MACHINE Specifies the permissions that take effect when your computer logs in to (calls) a remote computer. LOGNAME entries begin with a LOGNAME option and MACHINE entries begin with a MACHINE option. Permissions File Considerations Keep these rules in mind when using the Permissions file to restrict the level of access granted to remote computers: • 146 Any login ID used by a remote computer to log in for UUCP communications must appear in one and only one LOGNAME entry. Supporting Databases • Any site that is called whose name does not appear in a MACHINE entry will have the following default permissions/restrictions: – Local send and receive requests will be executed. – The remote computer will be able to send files to your computer’s /var/spool/uucppublic directory. – The command sent by the remote computer for execution on your computer must be one of the default commands, usually rmail. Permissions File Options This section describes each option, specifies how it is used, and lists its default value. REQUEST When a remote computer calls your computer and requests to receive a file, this request can be granted or denied. The REQUEST option specifies whether the remote computer can request to set up file transfers from your computer. The string that follows specifies that the remote computer can request to transfer files from your computer: REQUEST=yes The following string specifies that the remote computer cannot request to receive files from your computer: REQUEST=no This is the default value. It will be used if the REQUEST option is not specified. The REQUEST option can appear in either a LOGNAME (remote calls you) entry or a MACHINE (you call remote) entry. A note on security: When a remote computer calls you, you cannot verify its identity unless you have a unique login and password for that computer. SENDFILES When a remote computer calls your computer and completes its work, it may attempt to take work your computer has queued for it. The SENDFILES option specifies whether your computer can send the work queued for the remote computer. The string shown here specifies that your computer may send the work that is queued for the remote computer as long as it logged in as one of the names in the LOGNAME option: SENDFILES=yes 147 Chapter 7: UUCP This string is mandatory if your computer is in a “passive mode” with respect to the remote computer. The string that follows specifies that files queued in your computer will be sent only when your computer calls the remote computer: SENDFILES=call The call value is the default for the SENDFILE option. This option is significant only in LOGNAME entries, because MACHINE entries apply when calls are made to remote computers. If the option is used with a MACHINE entry, it will be ignored. READ and WRITE These options specify the various parts of the filesystem that uucico can read from or write to. The READ and WRITE options can be used with either MACHINE or LOGNAME entries. The default for both the READ and WRITE options is the uucppublic directory, as shown in the following strings: READ=/var/spool/uucppublic WRITE=/var/spool/uucppublic These strings specify permission to access any file that can be accessed by a local user with “other” permissions: READ=/ WRITE=/ Because this suggestion may compromise security, use it only if required. The value of these entries is a colon-separated list of pathnames. The READ option is for requesting files, and the WRITE option for depositing files. One of the values must be the prefix of any full pathname of a file coming in or going out. To grant permission to deposit files in /usr/news as well as in the public directory, the following values would be used with the WRITE option: WRITE=/var/spool/uucppublic:/usr/news Note that if you use the READ and WRITE options, you must specify all pathnames because the pathnames are not added to the default list. For instance, if the /usr/news pathname were the only one specified in a WRITE option, permission to deposit files in the public directory would be denied. 148 Supporting Databases You should be careful which directories you make accessible for reading and writing by remote stations. For example, you probably wouldn’t want remote computers to be able to write over your /etc/passwd file, so /etc shouldn’t be open to writes. NOREAD and NOWRITE The NOREAD and NOWRITE options specify exceptions to the READ and WRITE options or defaults. The strings shown here would permit one remote computer to read any file except those in the /etc directory (and its subdirectories—remember, these are prefixes) and to write only to the default /var/spool/uucppublic directory: READ=/ NOR EAD=/etc WRITE=/var/spool/uucppublic NOWRITE works in the same manner as the NOREAD option. NOREAD and NOWRITE can be used in both LOGNAME and MACHINE entries. CALLBACK The CALLBACK option is used in LOGNAME entries to specify that no transaction will take place until the calling station is called back. You would use CALLBACK for two reasons: From a security standpoint, if you call back a station you can be sure it is the station it says it is. If you are doing long data transmissions, you can choose the station that will be billed for the longer call. The string that follows specifies that your computer must call the remote computer back before any file transfers will take place: CALLBACK=yes The default for the CALLBACK option is CALLBACK=no The CALLBACK option is very rarely used. Note that if two sites have this option set for each other, a conversation cannot be started. COMMANDS The COMMANDS option can be hazardous to the security of your station. Use it with extreme care. The uux program generates remote execution requests and queues them to be transferred to the remote computer. Files and a command are sent to the target computer for remote execution. 149 Chapter 7: UUCP The COMMANDS option can be used in MACHINE entries to specify the commands that a remote computer can execute on your computer. Note that COMMANDS is not used in a LOGNAME entry; COMMANDS in MACHINE entries defines command permissions, whether you call the remote station or it calls you. This string indicates the default commands that a remote computer can execute on your computer: COMMANDS=rmail If a command string is used in a MACHINE entry, the default commands are overridden. For instance, in the following example, the entry overrides the COMMANDS default so that the computers eagle, owl, and hawk can now execute rmail and rnews on your computer: MACHINE=eagle:owl:hawk REQUEST=yes COMMANDS=rmail:/usr/bin/rnews READ=/ WRITE=/ In addition to the names as specified above, there can be full pathnames of commands. For example, this line specifies that command rmail use the default path: COMMANDS=rmail:/usr/bin/rnews:/usr/local/lp The default paths for your computer are /bin /usr/sbin, /usr/bsd, and /usr/bin. When the remote computer specifies rnews or /usr/bin/rnews for the command to be executed, /usr/bin/rnews is executed, regardless of the default path. Likewise, /usr/local/lp is the lp command that is executed. Note: Including the ALL value in the list means that any command from the remote computer(s) specified in the entry is executed. If you use this value, you give the remote computer full access to your computer. Be careful. This value allows far more access than normal users have. This string illustrates the greater access: COMMANDS=/usr/bin/rnews:ALL:/usr/local/lp Two points about this string should be noted. The ALL value can appear anywhere in the string, and the pathnames specified for rnews and lp will be used (instead of the default) if the requested command does not contain the full pathnames for rnews or lp. 150 Supporting Databases The VALIDATE option should be used with the COMMANDS option whenever potentially dangerous commands like cat and uucp are specified with the COMMANDS option. Any command that reads or writes files is potentially dangerous to local security when executed by the UUCP remote execution daemon (uuxqt). VALIDATE The VALIDATE option is used in conjunction with the COMMANDS option when specifying commands that are potentially dangerous to your computer’s security. It is used to provide a certain degree of verification of the caller’s identity. The use of the VALIDATE option requires that privileged computers have a unique login and password for UUCP transactions. An important aspect of this validation is that the login and password associated with this entry be protected. If an outsider gets that information, that particular VALIDATE option can no longer be considered secure. (VALIDATE is merely an added level of security on top of the COMMANDS option, though it is a more secure way to open command access than ALL.) Give careful consideration to providing a remote system with a privileged login and password for UUCP transactions. Giving another system these privileges is like giving anyone on that computer a normal login and password on your computer. Therefore, if you cannot trust everyone at the remote site, do not provide that system with a privileged login and password. LOGNAME The LOGNAME option ensures that remote stations attempting to log in to your computer have login privileges. The following LOGNAME entry specifies that if one of the remote computers that claims to be eagle, owl, or hawk logs in to your computer, it must have used the login uucpfriend: LOGNAME=uucpfriend VALIDATE=eagle:owl:hawk As can be seen, if an outsider gets the uucpfriend login and password, marauding is trivial. But what does this have to do with the COMMANDS option, which appears only in MACHINE entries? It links the MACHINE entry (and COMMANDS option) with a LOGNAME entry associated with a privileged login. This link is needed because the execution daemon is not running while the remote computer is logged in. In fact, it is an asynchronous process with no knowledge of what computer sent the execution request. Therefore, the real question is, how does your computer know where the execution files came from? 151 Chapter 7: UUCP Each remote computer has its own “spool” directory on your computer. These spool directories have write permission given only to the UUCP programs. The execution files from the remote computer are put in its spool directory after being transferred to your computer. When the uuxqt daemon runs, it can use the spool directory name to find the MACHINE entry in the Permissions file and get the COMMANDS list or, if the computer name does not appear in the Permissions file, the default list is used. The following example shows the relationship between the MACHINE and LOGNAME entries: MACHINE=eagle:owl:hawk REQUEST=yes \ COMMANDS=rmail:/usr/bin/rnews \ READ=/ WRITE=/ LOGNAME=uucpz VALIDATE=eagle:owl:hawk \ REQUEST=yes SENDFILES=yes \ READ=/ WRITE=/ The value in the COMMANDS option means that remote mail and /usr/bin/rnews can be executed by remote users. In the first entry, you must make the assumption that when you want to call one of the computers listed, you are really calling either eagle, owl, or hawk. Therefore, any files put into one of the eagle, owl, or hawk spool directories is put there by one of those computers. If a remote computer logs in and says that it is one of these three computers, its execution files will also be put in the privileged spool directory. You therefore have to validate that the computer has the privileged login uucpz. MACHINE Entry for “Other” Systems You may want to specify different option values for computers your computer calls that are not mentioned in specific MACHINE entries. This situation may occur when there are many computers calling in, and the command set changes from time to time. The name “OTHER” for the computer name is used for this entry: MACHINE=OTHER \ COMMANDS=rmail:rnews:/usr/bin/Photo:/usr/bin/xp All other options available for the MACHINE entry may also be set for the computers that are not mentioned in other MACHINE entries. 152 Supporting Databases Combining MACHINE and LOGNAME Entries It is possible to combine MACHINE and LOGNAME entries into a single entry where the common options are the same. For example, the two entries that follow share the same REQUEST, READ, and WRITE options: MACHINE=eagle:owl:hawk REQUEST=yes \ READ=/ WRITE=/ LOGNAME=uucpz REQUEST=yes SENDFILES=yes \ READ=/ WRITE=/ These two entries can be merged: MACHINE=eagle:owl:hawk REQUEST=yes \ LOGNAME=uucpz SENDFILES=yes \ READ=/ WRITE=/ MYNAME The MYNAME option is used to override the name of the local computer, when the local computer identifies itself to the remote computer. This facility is useful when a computer is replaced or renamed, and its neighbors need to process old traffic to the old name. The Poll File The Poll file (/etc/uucp/Poll) contains information for polling remote computers. Each entry in the Poll file contains the name of a remote computer to call, followed by a character (a space won’t work), and finally the hours at which the computer should be called. The format of entries in the Poll file is sys-name hour ... For example, the following entry provides polling of computer eagle every four hours: eagle 0 4 8 12 16 20 The uudemon.poll script does not actually perform the poll. It merely sets up a polling work file (always named C.file) in the spool directory that will be seen by the scheduler, which is started by uudemon.hour. 153 Chapter 7: UUCP The Sysfiles File The /etc/uucp/Sysfiles file lets you assign different files to be used by uucp and cu as Systems, Devices, and Dialers files. Here are some cases where this optional file may be useful: • You may want to use different Systems files so requests for login services can be made to phone numbers different from those used for requests for uucp services. • You may want to use Dialers files that have different handshaking for cu and uucp. • You may want to have multiple Systems, Dialers, and Devices files. The Systems file in particular may become large, making it more convenient to split it into several smaller files. The format of the Sysfiles file is: service=w systems=x:x dialers=y:y devices=z:z The w parameter is replaced by uucico, cu, or both separated by a colon; x is one or more files to be used as the Systems file, with each filename separated by a colon and read in the order presented; y is one or more files to be used as the Dialers file; and z is one or more files to be used as the Devices file. Each file is assumed to be relative to the /etc/uucp directory, unless a full path is given. A backslash-carriage return (\ ) can be used to continue an entry to the next line. Here is an example using a local Systems file in addition to the usual Systems file: service=uucico:cu systems=Systems:Local_Systems If this line is in /etc/uucp/Sysfiles, then both uucico and cu will first look in /etc/uucp/Systems. If the station they’re trying to call doesn’t have an entry in that file, or if the entries in the file fail, then they’ll look in /etc/uucp/Local_Systems. When different Systems files are defined for uucico and cu services, your station will store two different lists of stations. You can print the uucico list by using the uuname command, or the cu list by using the uuname -c command. Other UUCP Files Three files, in addition to those described in the preceding subsections, have an impact on the use of basic networking facilities. In most cases, the default values are fine and no changes are needed. If you want to change the default values, however, use any standard IRIX text editor (ed, vi, or jot). 154 UUCP Administrative Files Maxuuxqts This file defines the maximum number of uuxqt programs that can run at once. The default number is two. Maxuuscheds This file defines the maximum number of uusched programs that can run at once. The default number is two. unknown This file is a program that executes when a station that is not in any of the Systems files starts a conversation. The program logs the conversation attempt and refuses the connection. If you change the permissions of this file so it cannot execute (chmod 000 unknown), your station will accept any conversation requests. UUCP Administrative Files The UUCP administrative files are created in spool directories to lock devices, hold temporary data, or keep information about remote transfers or executions. TM (temporary data file) These data files are created by UUCP processes under the spool directory (for example, /var/spool/uucp/X) when a file is received from another computer. The directory X has the same name as the remote computer that is sending the file. The names of the temporary data files have the following format: TM.pid.ddd pid is a process-ID and ddd is a sequential, three-digit number starting at 0. When the entire file is received, the TM.pid.ddd file is moved to the pathname specified in the C.sysnxxxx file (discussed later in this section) that caused the transmission. If processing is abnormally terminated, the TM.pid.ddd file may remain in the X directory. These files should be automatically removed by uucleanup. LCK (lock file) Lock files are created in the /var/spool/locks directory for each device in use. Lock files prevent duplicate conversations and multiple attempts to use the same calling device. The names of lock files have this format: LCK..str 155 Chapter 7: UUCP str is either a device or computer name. These files may remain in the spool directory if the communications link is unexpectedly dropped (usually because of a computer crash). Lock files are ignored (removed) after the parent process is no longer active. Each lock file contains the process ID of the process that created the lock. C. (work file) Work files are created in a spool directory when work (file transfers or remote command executions) has been queued for a remote computer. The names of work files have the following format: C.sysnxxxx sys is the name of the remote computer, n is the ASCII character representing the grade (priority) of the work, and xxxx is the four-digit job sequence number assigned by UUCP. Work files contain the following information: D. (data file) • full pathname of the file to be sent or requested • full pathname of the destination or user or filename • user login name • list of options • name of associated data file in the spool directory. If the uucp -c or uuto -p option was specified, a dummy name (D.0) is used • mode bits of the source file • login name of the remote user to be notified upon completion of the transfer Data files are created when the command line specifies that the source file should be copied to the spool directory. The names of data files have the following format: D.systmxxxxyyy systm is the first five characters in the name of the remote computer and xxxx is a four-digit job sequence number assigned by UUCP. The four-digit job sequence number may be followed by a subsequence number, yyy, used when several D. files are created for a work (C.) file. X. (execute file) Execute files are created in the spool directory prior to remote command executions. The names of execute files have the following format: X.sysnxxxx 156 Setting Up UUCP sys is the name of the remote computer, n is the character representing the grade (priority) of the work, and xxxx is a four-digit sequence number assigned by UUCP. Execute files contain the following information: • requester’s login and computer name • name of file(s) required for execution • input to be used as the standard input to the command string • filename for a file to receive standard output from the command execution, together with the hostname of the computer on which the file resides • command string • option lines for return status requests Setting Up UUCP Setting up UUCP involves five steps: 1. Determine the remote and local stations. 2. Make the physical connection 3. Configure the local (calling) station 4. Configure the remote (called) station 5. Test the UUCP connection Determining the Remote and Local Stations Typically, the local station is the station that initiates the UUCP connection. The remote station is the station that responds to UUCP connection requests. However, with the arrival of uugetty (a program that allows bi-directional line usage), the distinction between the local and remote station is usually only the station name. For our example, japan is the local station and us is the remote station. 157 Chapter 7: UUCP Making the Physical Connection UUCP supports physical connections for TCP/IP local area network connections, direct links, or telephone lines. This example assumes a direct link. The procedure for running UUCP over telephone line or local area networks is similar, requiring minor adjustments to the various configuration files. A direct link constitutes a connection between two Data Terminal Equipment (DTE) devices. The devices must be fooled into thinking they are communicating with a Data Communication Equipment (DCE) device. The way to get around this is with a null modem. The minimum pinning configuration shown in Table 7-3. Table 7-3 Three-Wire Null-Modem Pinning Configuration IRIS A IRIS B 2 Transmit Data 3 Receive Data 3 Receive Data 2 Transmit Data 7 Signal Ground 7 Signal Ground Attach the null modem cable to serial port two (ttyf2) on the local and remote workstations. Note: For more information on cables and modems, see IRIX Admin: Peripheral Devices, Chapter 1, “Terminals and Modems.” Configuring the Local Station The remote station name in our example is us, and the local station name is japan. There are two steps in configuring the local station: 1. Update standard system files. 2. Modify the UUCP configuration files. 158 Setting Up UUCP Updating Standard System Files The three system files that you need to be concerned with are • /etc/passwd • /etc/group • /etc/inittab /etc/passwd To ensure proper security and access, you need to ensure that the user entries for uucp and nuucp are both present and correct. The uucp entry in the passwd file is for ownership purposes, and the nuucp entry is for remote UUCP access. Ensure that your password file has both entries and that they are the same as the following example. If the uucp and nuucp entries don’t match the following, edit those accounts so they do match. uucp:*:3:5:UUCP Owner:/usr/lib/uucp:/bin/csh nuucp::10:10:Remote UUCP User:/var/spool/uucppublic:/usr/lib/uucp/uucico In the above example, the passwd entry for nuucp is split across two lines due to formatting constraints. In the actual file, the entry appears on a single line. On a newly installed station, neither uucp nor nuucp has a password. It is a good idea to put a “*” in the password field for uucp, since no one should log in as uucp. You need to assign nuucp a valid password that matches the password you assign for nuucp in the Systems file. (See “The Systems File” on page 142. For example, assign nuucp the password “secret.”) New password: secret Re-enter new password: secret /etc/group Check this file to ensure that there are valid groups for both uucp and nuucp. Compare your uucp and nuucp group entries with the following. If there is a discrepancy, correct it now. uucp::5:uucp nuucp::10:nuucp 159 Chapter 7: UUCP /etc/inittab This sample entry is for the local station. It allows calls to be initiated on port two, but does not allow incoming calls on the port. Edit your /etc/inittab entry for “t2” as follows: t2:23:off:/usr/lib/uucp/uugetty -Nt 60 ttyf2 co_9600 # port 2 For complete information on the uugetty command, see the uugetty(1M) reference page. As usual, any time you make a change to the /etc/inittab, you must tell init to read the file again with the telinit q command. Issue the following command: /etc/telinit q Modifying the UUCP Configuration Files The UUCP configuration files to be modified are: • /etc/uucp/Systems • /etc/uucp/Devices • /etc/uucp/Dialers • /etc/uucp/Permissions /etc/uucp/Systems The Systems file contains information describing the station(s) that the local station knows about. Add the following line to the bottom of the file: us Any systemx 9600 unused ogin:--ogin: nuucp ssword: \ secret Note: The Systems file is read only, so if you are using vi you must force this change to be written out by exiting vi with the :wq! option. The first field specifies the name of the station that can call (the remote station). The second field indicates that the specified station can call at any time. The third field tells uucp the name of the device to use (systemx). The third field must match one of the first field entries found in /etc/uucp/Devices. The forth field specifies the transfer speed (9600). The fifth field is normally used for a phone number, but unused for direct links. The rest of the line handles the login sequence; it is the chat script negotiated between the local station and the remote station. This chat script is very important for a successful uucp connection. 160 Setting Up UUCP /etc/uucp/Devices The Devices file contains information about the physical connection between the two stations. Remove the pound sign from the systemx device entry so it looks like the following: # ---A direct connection to a system systemx ttyf2 - Any direct Note: If you have another direct connection to a station on another port, copy the systemx device entry and modify the port number accordingly. The first field in the Devices file links the device to the Systems file (third field entry). The second field tells uucp which port to access. The third field is used with an Automatic Call Unit (ACU). Direct links use a dash in the third field. The fourth field specifies the line speed. The “Any” entry allows the speed to be determined by the /etc/inittab file for that particular device. The fifth field contains the dialer name. It must be a valid entry in the /etc/uucp/Dialers file. /etc/uucp/Dialers This file contains the chat script for the uucp device. Because this is a direct connection, the chat script is picked up from the Systems file. However, there still has to be a valid dialers entry for the direct connection. Verify that the Dialers file has an entry for the “direct” dialer. Enter the following command: grep direct /etc/uucp/Dialers The system responds with direct # The following entry is for use with direct connections uudirect "" "" \r\d in:--in: 161 Chapter 7: UUCP /etc/uucp/Permissions The Permissions file controls remote uucp access with regard to remote users and stations. See “The Permissions File” on page 146 for descriptions of all options. For this example, edit the Permissions file to look like the following: #dent"@(#)uucp:Permissions2.2" # This entry for public login. # It provides the default permissions. # See the Basic Networking Utilities Guide for more information. LOGNAME=nuucp MACHINE=us READ=/var/spool/uucp/uucppublic \ WRITE=/var/spool/uucppublic REQUEST=yes SENDFILES=yes \ COMMANDS=rmail Note: This entry must be interpreted as a single line, even if it expands more than one physical line. This entry specifies that the user, nuucp, is allowed to log in from the remote station (us). The nuucp user on us may read any files that reside in /var/spool/uucp/uucppublic directory and write to the general public directory /var/spool/uucppublic. The users on us may make requests. Users on japan can send files. Configuring the Remote Station The remote station name in our example is japan. The local station name in our example is us. There are two steps in configuring the remote station: 1. Update standard system files. 2. Modify the UUCP configuration files. Updating Standard System Files The three system files that you need to be concerned with are 162 • /etc/passwd • /etc/group • /etc/inittab Setting Up UUCP /etc/passwd To ensure proper security and access, you need to ensure that the user entries for uucp and nuucp are both present and correct. The uucp entry in the passwd file is for ownership purposes and the nuucp entry is for remote UUCP access. Ensure that your password file has both entries and that they are the same as the following example. If the uucp and nuucp entries don’t match the following, edit them so they do match. uucp:*:3:5:UUCP Owner:/usr/lib/uucp:/bin/csh nuucp::10:10:Remote UUCP User:/var/spool/uucppublic:/usr/lib/uucp/uucico On a newly installed station, neither uucp nor nuucp has a password. It is a good idea to put an asterisk (*) in the password field for uucp, since no one should log in as uucp. You need to assign nuucp a valid password that matches the password you assign for nuucp in the Systems file. (See “The Systems File” on page 142.) Assign nuucp the password “secret” with the command: passwd nuucp New password: secret Re-enter new password: secret /etc/group Check this file to ensure that there are valid groups for both uucp and nuucp. Compare your uucp and nuucp group entries with the following example. If there is a discrepancy, correct it now. uucp::5:uucp nuucp::10:nuucp /etc/inittab This sample entry is for the remote station. It allows calls to be received on serial port 2, but does not allow outgoing calls on the port. Edit your /etc/inittab entry for “t2” as follows: t2:23:respawn:/usr/lib/uucp/uugetty -Nt 60 ttyf2 co_9600#pt 2 For complete information on the uugetty command, see the uugetty(1M) reference page. As usual, any time you make a change to the /etc/inittab, you must use the telinit q command to tell init to read the file again. Issue the following command: /etc/telinit q 163 Chapter 7: UUCP Modifying the UUCP Configuration Files The UUCP configuration files to be modified are • /etc/uucp/Systems • /etc/uucp/Permissions /etc/uucp/Systems The Systems file contains information describing the station(s) that the remote station knows about. Add this line to the bottom of the Systems file: japan Never Note: The permission of the Systems file is read-only. If you edit this file, you may have to use a forced write in order to save your changes. Consult the jot or vi reference page for more information. The first field specifies the name of a station that can call the local station. The second field indicates the times this station can make the call. The value Never in this field indicates that this station that this station may receive calls, but never initiate them. /etc/uucp/Permissions The Permissions file controls remote uucp access with regard to remote users and stations. See “The Permissions File” on page 146 for descriptions on all options. For this example, edit the Permissions file to look like the following: #ident"@(#)uucp:Permissions2.2" # This entry for public login. # It provides the default permissions. # See the Basic Networking Utilities Guide for more information. LOGNAME=nuucp MACHINE=japan READ=/var/spool/uucp/uucppublic\ WRITE=/var/spool/uucppublic REQUEST=yes SENDFILES=yes \ COMMANDS=rmail Note: This entry must be interpreted as a single line, even if it expands to more than one physical line. This entry specifies that the user, nuucp, is allowed to log in from the local station (japan). The nuucp user on japan may read any files that reside in /var/spool/uucp/uucppublic directory and write to the general public directory /var/spool/uucppublic. The users on japan may request files. The users on us can send files. 164 Setting Up UUCP Setting Up UUCP on a TCP/IP Connection In many cases, you may decide to use the UUCP tools over conventional TCP/IP network connections. There are entries in the Devices file provided for this, but you must make some changes in the /usr/etc/inetd.conf and /etc/uucp/Systems files. Follow these steps: 1. Edit the /usr/etc/inetd.conf file on the remote host and find this line: #uucp stream tcp nowait root /usr/lib/uucp/uucpd uucpd Remove the leading hashmark (#) to uncomment the line, and use these commands to make the change take effect: /etc/init.d/network stop /etc/init.d/network start This change tells the remote system to run the uucpd daemon when a request comes in for UUCP transfer. 2. Add a line similar to the following to your local /etc/uucp/Systems file: remotehost Any TCP Any The name remotehost should be replaced with the name of the remote host you will be calling. 3. Run the /etc/uucp/genperm command as root on the local host to generate the UUCP Permissions file. 4. Enter the following command to check that everything is set up correctly: /usr/lib/uucp/uucheck -v 165 Chapter 7: UUCP There is a great deal of output. You should see output similar to the following for the specific entry you made: When we call system(s): (remotehost) We DO allow them to request files. They can send files to /var/spool/uucppublic (DEFAULT) They can request files from /var/spool/uucppublic /usr/lib/mail /usr/people/ftp Myname for the conversation will be MyName. PUBDIR for the conversation will be /var/spool/uucppublic. Machine(s): (remotehost) CAN execute the following commands: command (rmail), fullname (/bin/rmail) command (rnews), fullname (/usr/bin/rnews) command (cunbatch), fullname (/usr/lib/news/cunbatch) The cu command does not work for UUCP over a TCP connection. Use the /usr/lib/uucp/Uutry command instead. Uutry is documented completely in the Uutry(1M) reference page and in “Testing With Uutry” on page 168. Testing the UUCP Connection There are two basic tools for testing a UUCP connection: • the cu program • the Uutry program Testing With cu The cu program is used to test the basic functionality of the UUCP connection. When you use cu directly, you are performing the login process as if you were the uucp programs. The cu command is also used for direct modem connections for terminal emulation. The -d option to cu is used for diagnostics and causes traces of information to be printed out to the standard output (your shell window). You should always use this mode when testing a UUCP connection. 166 Setting Up UUCP The following command tests the physical connection to the remote station, UUCP configuration files, operating system files, and the uucico daemon on the remote station. Note: The default permissions on devices (/dev/ttyf2) are set to 622. For cu to access your device, you need to change the permissions to 666. 1. The cu command must be run from the local (calling) station. Execute the cu command from the local station (japan) as follows: /usr/bin/cu -d us You get output similar to the following: conn(us) Device Type us wanted mlock ttyf2 succeeded filelock: ok fixline(5, 9600) processdev: calling setdevcfg(cu, us) gdial(direct) called getto ret 5 device status for fd=5 F_GETFL=2,iflag=‘12045’,oflag=‘0’,cflag=‘6275’,lflag=‘0’,line=‘1’ cc[0]=‘177’,[1]=‘34’,[2]=‘10’,[3]=‘25’,[4]=‘1’,[5]=‘0’,[6]=‘0’,[7]=‘ 0’, call _mode(1) Connected _receive started transmit started 2. When the system pauses, press . 3. When you see the login prompt, log in as nuucp and supply the password for nuucp. (In this case, the password is secret): Break your connection with a tilde(~) dot(.) and a carriage return ( ). us login: nuucp Password: secret IRIX Release 6.2 IP22 us Copyright (c) 1987-1996 Silicon Graphics, Inc. All Rights Reserved. Last login: Thu Aug 8 09:14:29 MDT 1996 on ttyf2 here=japan~[us]. call tilda(.) 167 Chapter 7: UUCP Testing With Uutry Uutry is the program that tests the copy-in/copy-out program (uucico). uucico must be functioning properly before you can actually transfer data. Issue the Uutry command from the local station (japan) to the remote station (us): /usr/lib/uucp/Uutry us You should see output similar to the following: /usr/lib/uucp/uucico -r1 -sus -x5 >/tmp/us 2>&1& tmp=/tmp/us mchFind called (us) conn(us) Device Type us wanted mlock ttyf2 succeeded processdev: calling setdevcfg(uucico, us) gdial(direct) called getto ret 5 expect: (ogin:) Note: The system may pause here for several minutes. sendthem (^M) expect: (ogin:) ^M^M^J^M^J^Jus login:got it sendthem (nuucp^M) expect: (ssword:) nuucp^M^JPassword:got it sendthem (secret^M) Login Successful: System=us msg-ROK Rmtname us, Role MASTER, Ifn - 5, Loginuser - root rmesg - ’P’ got Pg wmesg ’U’g Proto started g *** TOP *** - role=1, setline - X wmesg ’H’ rmesg - ’H’ got HY PROCESS: msg - HY HUP: wmesg ’H’Y cntrl - 0 send OO 0,exit code 0 Conversation Complete: Status SUCCEEDED 168 UUCP Error Messages When you see “Status SUCCEEDED,” Uutry has successfully tested uucico. Press to break out of Uutry. UUCP Error Messages This section describes common error messages associated with the UUCP environment. UUCP error messages can be divided into two categories: ASSERT Error Messages and STATUS Error Messages. ASSERT Error Messages When a process is aborted, the station records ASSERT error messages in /var/spool/uucp/.Admin/errors. These messages include the filename, the sccsid, the line number, and the text listed in Table 7-4. In most cases, these errors are the result of file system problems. Table 7-4 Assert Error Messages Error Message Description/Action CAN’T OPEN An open() or fopen() failed. CAN’T WRITE A write(), fwrite(), fprint(), or other call failed. CAN’T READ A read(), fgets(), or other call failed. CAN’T CREATE A create() call failed. CAN’T ALLOCATE A dynamic allocation failed. CAN’T LOCK An attempt to make an LCK (lock) file failed. In some cases, this is a fatal error. CAN’T STAT A stat() call failed. CAN’T CHMOD A chmod() call failed. CAN’T LINK A link() call failed. CAN’T CHDIR A chdir() call failed. CAN’T UNLINK An unlink() call failed. 169 Chapter 7: UUCP Table 7-4 (continued) 170 Assert Error Messages Error Message Description/Action WRONG ROLE This is an internal logic problem. CAN’T MOVE TO CORRUPT DIR An attempt to move some bad C. or X. files to the /var/spool/uucp/.Corrupt directory failed. The directory is probably missing or has wrong modes or owner. CAN’T CLOSE A close() or fclose() call failed. FILE EXISTS The creation of a C. or D. file was attempted, but the file already exists. This situation occurs when there is a problem with the sequence-file access. This usually indicates a software error. NO UUCP SERVER A TCP/IP call was attempted, but there is no server for UUCP. BAD UID The uid cannot be found in the /etc/passwd file. The filesystem is in trouble, or the /etc/passwd file is inconsistent. BAD LOGIN_UID The uid cannot be found in the /etc/passwd file. The filesystem is in trouble, or the /etc/passwd file is inconsistent. ULIMIT TOO SMALL The ulimit for the current user process is too small. File transfers may fail, so transfer will not be attempted. BAD LINE There is a bad line in the Devices file; there are not enough arguments on one or more lines. FSTAT FAILED IN EWRDATA There is something wrong with the Ethernet media. SYSLST OVERFLOW An internal table in gename.c overflowed. A big or strange request was attempted. TOO MANY SAVED C FILES An internal table in gename.c overflowed. A big or strange request was attempted. UUCP Error Messages Table 7-4 (continued) Assert Error Messages Error Message Description/Action RETURN FROM FIXLINE IOCTL An ioctl, which should never fail, failed. There is likely a system driver problem. PERMISSIONS file: BAD OPTION There is a bad line or option in the Permissions file. Fix it immediately. BAD SPEED A bad line-speed appears in the Devices or Systems file (Class field). PKCGET READ The remote station probably hung up. No action is required. PKXSTART The remote station aborted in a nonrecoverable way. This message can generally be ignored. SYSTAT OPENFAIL There is a problem with the modes of /var/spool/uucp/.Status, or there is a file with bad modes in the directory. TOO MANY LOCKS There is an internal problem. XMV ERROR There is a problem with some file or directory. The problem is likely caused by the spool directory, since the modes of the destinations should have been checked before this process was attempted. CAN’T FORK An attempt to fork and execute failed. The current job should not be lost, but will be attempted later (uuxqt). No action need be taken. STATUS Error Messages Status error messages are stored in the /var/spool/uucp/.Status directory. This directory contains a separate file for each remote station that your station attempts to communicate with. These files contain status information on the attempted communication, indicating whether it was successful or not. Table 7-5 lists the most common error messages that can appear in these files. 171 Chapter 7: UUCP Table 7-5 172 STATUS Error Messages Error Message Description/Action OK System status is normal NO DEVICES AVAILABLE There is currently no device available for the call. Make sure that there is a valid device in the Devices file for the particular station. Check the Systems file for the device to be used to call the station. WRONG TIME TO CALL A call was placed to the station at a time other than that specified in the Systems file. TALKING Self-explanatory. LOGIN FAILED The login for the given station failed. The problem could be a wrong login and password, wrong number, a very slow station, or failure in getting through the Dialer-Token-Pairs script. CONVERSATION FAILED The conversation failed after successful startup. This situation usually means that one side went down, the program aborted, or the line (link) was dropped. DIAL FAILED The remote station never answered. The problem could be a bad dialer or the wrong phone number. BAD LOGIN/MACHINE COMBINATION The station called you with a login or station name that does not agree with the Permissions file. This could be an attempt to breach system security. DEVICE LOCKED The calling device to be used is currently locked and in use by another process. ASSERT ERROR An ASSERT error occurred. Check the /var/spool/uucp/.Admin/errors file for the error message and refer to “Other UUCP Files” on page 154. UUCP Error Messages Table 7-5 (continued) STATUS Error Messages Error Message Description/Action SYSTEM NOT IN Systems The station is not in the Systems file. CAN’T ACCESS DEVICE Typically, this message means that the permissions on the device file (/dev/tty*) are not set correctly. Some programs set these permissions, and if terminated abnormally, do not reset them to correct states. Also, check the appropriate entries in the Systems and Devices files. DEVICE FAILED The attempt to open the device failed. WRONG MACHINE NAME The called station is reporting a name different from the one expected. CALLBACK REQUIRED The called station requires that it call your computer back to start a connection. REMOTE HAS A LCK FILE FOR ME The remote site has a LCK file for your computer. The remote station could be trying to call your computer. If they have an older version of UUCP, the process that was talking to your station may have failed earlier, leaving the LCK file. If the remote site has the new version of UUCP and they are not communicating with your computer, then the process that has a LCK file is hung. REMOTE DOES NOT KNOW ME The remote computer does not have the node name of your computer in its Systems file. REMOTE REJECT AFTER LOGIN The ID used by your computer to log in does not agree with what the remote computer was expecting. REMOTE REJECT, UNKNOWN MESSAGE The remote computer rejected the communication with your computer for an unknown reason. The remote computer may not be running a standard version of UUCP. 173 Table 7-5 (continued) STATUS Error Messages Error Message Description/Action STARTUP FAILED Login succeeded, but initial handshake failed. CALLER SCRIPT FAILED The problem indicated by this message is usually the same as that indicated by DIAL FAILED. However, if it occurs often, suspect the caller script in the Dialers file. Use uutry to check the caller script. Chapter 8 8. IRIX sendmail This chapter describes IRIX sendmail, a facility for routing mail across an internetwork. This chapter is for system administrators who set up and maintain the mail system on a station or network. It provides the information necessary for a straightforward implementation of sendmail. The following topics are covered: • “The Mail System” on page 176 • “An Overview of sendmail” on page 177 • “How sendmail Works” on page 179 • “Aliases Database” on page 185 • “sendmail Network Configurations” on page 188 • “User-Configurable Macros and Classes” on page 190 • “sendmail Planning Checklist” on page 192 • “Configuring sendmail” on page 193 • “Managing sendmail” on page 205 • “sendmail Questions, Problems, and Troubleshooting” on page 210 • “Notes to Current sendmail Users” on page 211 For sites already using sendmail, refer directly to “Notes to Current sendmail Users” on page 211. For additional reference material on IRIX sendmail, see Appendix B, “IRIX sendmail Reference.” 175 Chapter 8: IRIX sendmail The Mail System The mail system is a group of programs that you can use to send messages to and receive messages from other users on the network. You can send mail through either UUCP or TCP/IP. The IRIX operating system uses MediaMail, System V /bin/mail, 4.3BSD /usr/sbin/Mail, and sendmail for its mail implementation. The process of delivering mail involves four elements: User Interface The user interface creates new messages and reads, removes, and archives received messages. MediaMail, System V /bin/mail, and 4.3BSD /usr/sbin/Mail are the user interfaces provided with IRIX. Reference pages are available to fully describe the features of these interfaces, and MediaMail has an extensive online help system. Mail Routing A mail router examines each message and routes it through the network to the appropriate station. The sendmail program not only routes messages, but also formats them appropriately for their recipient stations. Mail Transfer A mail transfer program transmits messages from one station to another. sendmail implements the Simple Mail Transfer Protocol (SMTP) over TCP/IP. For TCP/IP mail, sendmail acts as an integrated routing and transfer program. In all cases, mail transfer has a counterpart: mail reception. In most cases, a single program provides both functions. UUCP is a mail transfer program that uses its own protocols and runs over serial lines. Mail Delivery A mail delivery program deposits mail into a data file for later perusal by a user or another program. The /bin/mail -d program delivers local mail. After you compose a message by using MediaMail, /bin/mail, or /usr/sbin/Mail, the message is sent to sendmail, which attempts to determine the destination of the message. sendmail either calls /bin/mail (for mail to a user on the local station) or passes the message to the appropriate mail transfer program (for mail to a user on a remote station). When sendmail receives a message from another station, it analyzes the recipient address; then, it either calls /bin/mail to complete the delivery if the local station is acting as a relay, or passes the message to the mail transfer program. For TCP/IP SMTP, sendmail also performs the mail transfer. 176 An Overview of sendmail When you send a mail message on a network that uses TCP/IP, several layers of network software are involved. Figure 8-1 shows the layers of TCP/IP mail network software. SMTP/sendmail TCP IP network Figure 8-1 Layers of TCP/IP Mail Software An Overview of sendmail The Transmission Control Protocol (TCP) layer supports SMTP, which sendmail uses to transfer mail to other TCP/IP stations. sendmail is responsible for calling local delivery programs, mail routing, and TCP/IP mail transfer; it may also call other mail transfer programs. For example, sendmail uses the UUCP transmission program to handle messages sent to UUCP stations. sendmail’s implementation features aliasing, forwarding, automatic routing to network gateways, and flexible configuration. In a simple network, each node has an address, and resources can be identified with a host-resource pair. For example, a mail system can refer to users with a host–user-name pair. Station names and numbers must be administered by a central authority, but user names can be assigned locally to each station. In an internetwork, multiple networks with different characteristics and management must communicate. In particular, the syntax and semantics of resource identification change. You can handle certain simple cases by using improvised techniques, such as providing network names that appear local to stations on other networks. However, the general case is extremely complex. For example, some networks require point-to-point routing, which simplifies the database update problem, because only adjacent stations are entered into the system tables; others use end-to-end addressing. Some networks use a left-associative syntax; others use a right-associative syntax, causing ambiguity in mixed addresses. 177 Chapter 8: IRIX sendmail Internetwork standards seek to eliminate these problems. Initially, these standards proposed expanding the address pairs to address triples, consisting of network, station, resource. Network numbers must be universally agreed upon; stations can be assigned locally on each network. The user-level presentation was quickly expanded to address domains, composed of a local resource identification and a hierarchical domain specification with a common static root, as defined in RFC 1034. The domain technique separates the issue of physical versus logical addressing. For example, an address of the form “jane@iris1.company.com” describes only the logical organization of the address space. sendmail bridges the gap between the world of totally isolated networks that know nothing of each other and the clean, tightly coupled world of unique network numbers. sendmail can accept old arbitrary address syntaxes, resolving ambiguities by using heuristics specified by the network administrator, as well as domain-based addressing. sendmail helps guide the conversion of message formats between disparate networks. In short, sendmail is designed to assist a graceful transition to consistent internetwork addressing schemes. System Organization The design goals for sendmail included the following: 1. Message delivery should be reliable, guaranteeing that every message is correctly delivered or at least brought to the attention of a human for correct disposal; no message should ever be completely lost. 2. Existing software should be used to do actual message delivery whenever possible. 3. sendmail should be easy to expand to fairly complex environments. 4. Configuration should not be compiled into the code. 5. sendmail should let various groups maintain their own mailing lists, and let individuals specify their own forwarding, without modifying the station’s alias file. 6. Each user should be able to specify the mailer to execute to process mail being delivered. This feature allows users with specialized mailers that use a different format to build their environments without changing the system, and facilitates specialized functions (such as returning an “I am on vacation” message). 7. To minimize network traffic, addresses should be batched to a single station where possible, without assistance from the user. 178 How sendmail Works Figure 8-2 illustrates the sendmail system structure that is based on the original design goals for sendmail. user agent1 user agent2 user agent3 sendmail mailer1 Figure 8-2 mailer2 mailer3 sendmail System Structure sendmail neither interfaces with the user nor does actual mail delivery. Rather, it collects a message generated by a user agent program such as Berkeley Mail, edits the message as required by the destination network, and calls appropriate mailers to do mail delivery or queueing for network transmission. The exception is mail sent to a file; in this case, sendmail delivers the mail directly. This discipline allows the insertion of new mailers at minimum cost. Because some of the senders may be network servers and some of the mailers may be network clients, sendmail can be used as an internetwork mail gateway. How sendmail Works Understanding the sendmail programs requires understanding a variety of components. Some of these components are daemons, scripts, files, and commands. This section describes the various sendmail components. 179 Chapter 8: IRIX sendmail The sendmail Daemon For sendmail to process incoming mail, a daemon must be running. The sendmail daemon is the sendmail program with specific flags. (Appendix B describes the sendmail command-line flags in detail.) The daemon is automatically started by the /etc/init.d/mail script at station startup. The default command for the sendmail daemon is /usr/lib/sendmail -bd -q15m The -bd flag causes sendmail to run in daemon mode. The -q15m flag causes sendmail to fork a subdaemon for queue processing every fifteen minutes. The -bd and -q flags can be combined in one call. sendmail Scripts There are two scripts provided with your system that perform common functions in sendmail. Use these scripts whenever possible, as they have been tested and are known to perform the task correctly. /etc/init.d/mail Under rare circumstances, a user may need to stop or start the sendmail daemon manually. For example, to implement changes to the configuration file, you must stop all running sendmail processes, “refreeze” the configuration file, and restart the sendmail daemon before the new configuration will take effect. To simplify the task of starting and stopping sendmail, IRIX provides a shell script called /etc/init.d/mail. This script takes a single argument, either start or stop, which starts or stops the sendmail daemon respectively. You must be superuser (root) to use this script. For example, to stop sendmail, use the following command: /etc/init.d/mail stop When /etc/init.d/mail is called with the start argument, it verifies the existence and permissions of various sendmail related files and directories (see “sendmail Related Files and Directories” on page 181). If a required component such as the /var/spool/mqueue directory is missing, the script creates it. For more complex components, such as /etc/aliases, the script exits with a message. When the /etc/init.d/mail script is called with the stop argument, it kills all running sendmail processes with a SIGTERM signal. 180 How sendmail Works Note: Station start-up includes an automatic call to the /etc/init.d/mail script with the start argument. If station start-up runs in verbose mode (that is, /etc/chkconfig verbose on), the following message displays, verifying that sendmail has been started: Mailer daemons: sendmail For more information, examine the /etc/init.d/mail script. /usr/etc/configmail The /usr/etc/configmail script provides an interface between command line input and the sendmail.cf file. For more information, see “sendmail Related Files and Directories.” It pipes the macro and class definitions into the sendmail.params file. This script simplifies the sendmail configuration process. The configmail script allows the user to interact with several sendmail parameters. These parameters are equivalent to sendmail.cf macros and classes. You can verify the current parameter settings, set specific parameters, issue a quick setup command, and get some basic online help. configmail stores your changes in the sendmail.params file, which is read by sendmail at startup time. sendmail Related Files and Directories The sendmail configuration files and directories are • /etc/sendmail.cf • /etc/sendmail.fc • /etc/sendmail.hf • /etc/sendmail.st • /etc/aliases • /var/spool/mqueue • /var/mail 181 Chapter 8: IRIX sendmail /etc/sendmail.cf At the heart of the sendmail program is the sendmail configuration file /etc/sendmail.cf. The sendmail.cf file is an ASCII file that contains most of the configuration information and is read at run time. This file encodes options, header declarations, mailer declarations, trusted user declarations, message precedences, address-rewriting rules, macro definitions, and class definitions. As the mail administrator and in order for you to successfully set up sendmail, you must know which sendmail.cf macros and variables to change. The sendmail.cf file takes advantage of sendmail’s ability to read macro and class definitions from pipes, thereby simplifying and automating the sendmail configuration process. This file takes command line input from the sendmail.params file and the /usr/etc/configmail script and incorporates the input into the appropriate macros and classes. /etc/sendmail.fc The sendmail.fc file is a frozen configuration file. A frozen configuration file is an image of the data space that belongs to sendmail when the configuration file is read. The sendmail.fc file is not present by default. You can create the sendmail.fc file using the touch command. After the sendmail.fc file is created, it is used in place of /etc/sendmail.cf. This process improves start-up speed. Note: All modifications to sendmail macros and classes should be made to sendmail.cf. However, if the /etc/sendmail.fc file exists, changes to it are not honored until you rebuild /etc/sendmail.fc. The mail script /etc/init.d/mail automatically rebuilds the frozen configuration file if the sendmail.cf file exists. Always use the mail script because it automatically rebuilds the sendmail.fc file. If you need to rebuild the frozen configuration file manually, the command is /usr/lib/sendmail -bz /etc/sendmail.hf The sendmail.hf file is the Simple Mail Transfer Protocol (SMTP) help file. It contains some brief information about the various SMTP commands. 182 How sendmail Works /etc/sendmail.st The sendmail.st file collects statistics related to sendmail. By default, the file is not present. You can create the file using the touch command. If the file is present, sendmail automatically updates the file with relevant sendmail statistics. /etc/aliases The aliases file contains the text form of the alias database used by the sendmail program. The alias database contains aliases for local mail recipients. For example, the following alias delivers mail addressed to jd on the local station to johndoe@company.com: jd:johndoe@company.com When sendmail starts up, it automatically processes the aliases file into the files /etc/aliases.dir and /etc/aliases.pag. The aliases.dir and aliases.pag are DBM versions of the aliases database. The DBM format improves sendmail performance. Note: The newaliases program must be run after modifying the alias database file. See “Building the Aliases Database” on page 185 for more information about building the alias database. /var/spool/mqueue The mail queue, /var/spool/mqueue, is the directory where the mail queue and temporary files reside. The messages are stored in various queue files that exist under the /var/spool/mqueue directory. Queue files take these forms: • qf*—control (queue) files for messages • df*—data files • tf*—temporary files • nf*—a file used when a unique ID is created • xf*—transcript file of the current session Normally, a sendmail subdaemon processes the messages in this queue periodically, attempting to deliver each message. (The /etc/init.d/mail script starts the sendmail daemon so that it forks a subdaemon every 15 minutes to process the mail queue.) Each time sendmail processes the queue, it reads and sorts the queue, then attempts to run all jobs in order. 183 Chapter 8: IRIX sendmail /var/mail /var/mail is the directory that houses all incoming mail. Each user on a local station receives his or her mail in a file in the directory /var/mail. For example, the user guest receives mail in the file /var/mail/guest. sendmail Commands These section describes some of the related sendmail programs and commands. The programs and commands discussed in this section are • sendmail • newaliases • mailq sendmail sendmail is the program that implements sendmail’s routing and transfer service. As a program, it has many flags that can be set on the command line to tailor the sendmail environment. Appendix B, “IRIX sendmail Reference,” provides complete descriptions of the various command line flags and options. /usr/bsd/newaliases newaliases is the program used to rebuild the DBM version of the aliases database. This program must be run any time the text version of the aliases file is modified. If newaliases is not run after making changes to the aliases file, the changes are not incorporated into the DBM alias database and are not seen by the sendmail program. See “Aliases Database” on page 185 for more details about the alias database. /usr/bin/mailq The mailq command prints a current listing of the mail queue. 184 Aliases Database Aliases Database The aliases database is an ndbm database that contains mail aliases that are used by the sendmail program. The text form of the database is maintained in the file /etc/aliases. The aliases are of this form: name: name1 [, name2, ...] For example, the following command delivers mail addressed to jd to johndoe@company.com: jd:johndoe@company.com Note: Only the local part of an address can be aliased. For example, the following command is wrong and does not have the desired effect: jd@big.university.edu:jd@company.com sendmail consults the alias database only after deciding that the message (as originally addressed) should be delivered locally, and after it has rewritten the address to contain only the local part. An alias continuation line must start with a space or a tab. Blank lines and lines beginning with the number sign (#) are treated as comments. If you are running NIS, sendmail can use the contents of the NIS alias database with the local aliases database by adding the following special alias to the /etc/aliases file: +:+ This special alias tells sendmail to consult the NIS alias database if the alias cannot be found in the local alias database. When the same alias is specified in both the local and NIS aliases file, the local alias supersedes the NIS alias. Building the Aliases Database At startup, sendmail automatically uses the ndbm library to process the /etc/aliases file into the files /etc/aliases.dir and /etc/aliases.pag. Using these files to resolve aliases improves performance. 185 Chapter 8: IRIX sendmail To rebuild the DBM version of the database without restarting sendmail, execute this command: newaliases Executing this command is equivalent to giving sendmail the -bi flag: /usr/lib/sendmail -bi When building the DBM version of the database, sendmail checks the left-hand side of each entry to make sure that it is a local address. sendmail issues a warning for each entry in /etc/aliases with a non-local left-hand side. Such entries are not entered into the DBM version of the database. If the NIS alias database is used with the local usr/lib/aliases database, the special “+:+” alias is entered into the DBM version of the database. If sendmail cannot find an alias in the DBM version of the database, it looks for the special “+:+” alias. If it finds the special alias, sendmail then queries the NIS alias database. This query permits you to change the global NIS alias database without having to rebuild the local alias database. However, the left-hand sides of the NIS alias are not checked by sendmail to ensure that they contain only local addresses. If the configuration or the command line specifies the D option, sendmail automatically tries to rebuild the alias database when it is out of date. sendmail rebuilds the alias database if either of the following conditions exists: • The DBM version of the database is mode 666. • sendmail is running setuid to root. Note: Auto-rebuild can be dangerous on heavily loaded stations with large alias files. If it takes more than five minutes to rebuild the database, there is a chance that several processes will start the rebuild process simultaneously. Testing the Aliases Database You can test the alias database with the -bv flag of the sendmail program. See “sendmail Command-Line Flags” on page 205 for more details. 186 Aliases Database Alias Database Problems Problems can occur with the alias database, especially if a sendmail process accesses the DBM version before it is completely rebuilt. Two circumstances can cause this problem: • One process accesses the database while another process is rebuilding it. • The process rebuilding the database dies because it has been killed, or a station crash has occurred before completing the rebuild. sendmail has two techniques for trying to relieve these problems. First, to avoid the problem of a partially rebuilt database, sendmail ignores interrupts while rebuilding the database. Second, at the end of the rebuild it adds an alias of the following form (which is not normally legal): @: @ Before sendmail accesses the database, it ensures that this entry exists. For this action to occur, the configuration file must contain the -a option. If the @:@ entry does not exist, sendmail waits for it to appear. After the specified waiting period elapses, sendmail itself forces a rebuild. For this action to occur, the configuration file must include the D option. If the D option is not specified, a warning message is generated and sendmail continues. Another alias problem can arise for stations incorporating the NIS alias database in /etc/aliases through the use of the +:+ alias. If the NIS alias server goes down or is otherwise nonresponsive to NIS queries, sendmail will not see the aliases normally obtained from the NIS server. This situation may result in mail being returned, marked User unknown. List Owners If an error occurs when mail is sent to a certain address (x, for example), sendmail looks for an alias of the following form to receive the errors: owner-x This scheme is typically useful for a mailing list where a user mailing to the list has no control over the maintenance of the list itself; in this case the list maintainer would be the owner of the list. For example, the following would cause jd@1company.com to get the 187 Chapter 8: IRIX sendmail error that occurs when someone sends mail to unix-hackers, and sendmail finds the phony user nosuchuser on the list. unix-hackers: jd@company1.com, ed@big.university.edu,nosuchuser, jane@company2.com owner-unix-hackers: jd@company1.com sendmail Network Configurations This section explains the functions of domains, forwarders, and relays in a mail network. It also explains how each of these components is designated in the /usr/etc/configmail script and in the sendmail.cf file. It is important to understand these designations, since you will be expected to enter this information in the working copy of these files for your station. Mail Domains Within the sendmail environment, a domain is an administratively-defined area of control with logical rather than physical boundaries. You can configure three general types of domains: • root: top-level domain of the local domain space. For example, horses.com is the top level domain for the domain pintos.horses.com. • direct: the domain(s) a station can send mail to directly (no forwarders or relays involved). • local: the domain to which a station belongs. The following parameters designate domains in the /usr/etc/configmail script and the /etc/sendmail.cf file: 188 • configmail parameters: rootdomain, directdomain, and localdomain • sendmail.cf macros and classes: – root domain: T macro – direct domain: D class – local domain: D macro sendmail Network Configurations Mail Forwarders A forwarder station is a station that acts as a mail gateway into another network. Typically, stations on either side of a gateway cannot connect directly to each other, making the forwarder station a physical (not just administrative) necessity. Forwarder stations are not necessarily “smarter” about mail routing than other stations in the network, but they are “better connected.” Forwarder stations deliver mail to “all points beyond” some point in the domain name space. The designation of the forwarder station is primarily determined by the physical topology of the network; the default sendmail.cf file can designate only a single forwarder, and the name of that station must be hard-coded in the configuration file. The following parameters designate a mail forwarder in the /usr/etc/configmail script and the /etc/sendmail.cf file: • configmail parameter: forwarder • sendmail.cf macro and class: F Mail Relays A relay station is a station that acts as a collection point for mail destined for a specified domain or group of domains. In the absence of MX records and mail exchangers, relay stations provide a mechanism whereby mail can be concentrated onto centralized locations prior to actual delivery. For more information about MX records and mail exchangers, see Appendix B, “IRIX sendmail Reference.” Relay stations are not necessarily “better connected” than other stations in the network, but they are “smarter” about mail routing. They deliver mail to “all points within” some point in the domain name space. For example, a company with a domain company.com has configured sendmail to treat alpha.company.com as the forwarder station and omega.company.com as the relay station. sendmail assumes that alpha.company.com is ultimately responsible for all mail to domains other than company.com and that station omega.company.com is ultimately responsible for all mail to the company.com domain itself. Note that there is nothing to prevent the relay and forwarder functions from residing on the same station.The designation of a relay station is primarily determined by administrative decision. sendmail can recognize a number of relay stations. 189 Chapter 8: IRIX sendmail The relay station name is a special name used to identify relay stations in the network. This special name is defined by means of the R macro and is typically the name “relay.” A relay station is so designated by being aliased to the name “relay.” The default sendmail.cf file probes for a station named or aliased to the special relay station name and delivers mail to any such station in preference to the actual destination station. Mail is also sent to relay stations whenever the local station cannot determine the proper routing. The following parameters designate a mail relay in the /usr/etc/configmail script and the /etc/sendmail.cf file: • configmail parameter: relayname • sendmail.cf macro: R User-Configurable Macros and Classes The sendmail.cf file defines your mail network by assigning each element in the network a macro or class value. The default values in your distribution sendmail.cf file will not work without some modification. Instead of modifying your sendmail.cf file directly, you can use the /usr/etc/configmail script. It takes your input, saves it in sendmail.params, and configures the appropriate macros and classes according to your sendmail environment. Domain Name Macro and Class (D) The D macro defines the local domain name. Be sure that the macro contains the name of the domain in which this station resides. If domains are not used, you can leave this macro empty or comment it out. 190 • The D class explicitly lists all domains for which this station should send mail directly by means of the local area network mailer. • Mail for domains listed in the D class is sent directly to the destination station, if possible. No attempt is made to send the mail by means of a relay station. • Mail for domains not listed in the D class is sent by means of a relay station associated with the destination station, if possible, rather than directly to the recipient station. User-Configurable Macros and Classes • If this station is a relay for a particular domain, you must enter that domain name in the D class. It is recommended that you always enter the domain name, regardless of whether the station is a relay or not. Forwarder Station Name Macro and Class (F) The F macro defines the station name or alias of the station to which this station forwards mail for unknown stations or domains. • The F class contains all known names for the station defined in the F macro. • Mail is sent to the forwarder as a last resort only if one of these conditions exists: – This station cannot make the destination station name canonical or determine an appropriate relay or mail exchanger for the mail. – The appropriate station, relay, or exchanger for the mail exists outside the top-level domain. (See the description of the T macro later in this section.) • If either condition for sending mail to this forwarder station exists, this station puts messages to unknown stations or domains “on the wire” and hopes for the best. • If no such station exists in your environment, leave the F macro and class empty. If this station is the forwarder station, put this station’s name in the F macro. Put all known names for the station in the F class. Relay Station Name Macro (R) The R macro defines the station name (or an alias) used by all stations that act as relay stations. Relay stations are forwarders to known internal domains and are defined by the use of this relay station name as their station name or alias. This macro comes preconfigured as “relay,” a name that is strongly suggested. • Do not leave this macro blank, even if your network has no relay stations configured. • Mail relay stations provide an alternative to an MX scheme, and can also be useful as an emergency backup to the use of MX records for internal mail routing. 191 Chapter 8: IRIX sendmail Top-Level Domain Macro (T) The T macro defines the name of the top level of the local domain space. For example, if this station resides in a subdomain named bar.foo.com under the foo.com domain, and if all stations under the foo.com domain or any subdomain under the foo.com domain are considered to be internal stations, the T macro containsfoo.com. The top-level domain is used with the forwarder station (F) macro and class described earlier in this section. All mail sent to stations outside the top level domain is sent by means of the forwarder station. Killed Stations Class (K) The K class is a list of all known “killed” or “dead” stations in the local domain. This is defined only on mail forwarders, to detect mail to stations that no longer exist. Any mail directed to a “dead” station is automatically sent to the mail forwarder. Pathalias Database Macro (P) The P macro defines the location of the pathalias database that is used by sendmail for UUCP mail routing. sendmail Planning Checklist Here is a list of items to consider before configuring your sendmail environment. 192 • What is the layout of your sendmail network (domains, forwarders, relays)? • If you are using the /usr/etc/configmail script, do you have the values for the parameters you need to modify? • If you are manually modifying the /etc/sendmail.cf file, do you have the values for the macros and classes you need to modify? • Are you setting up any custom sendmail aliases? If you are, have aliases ready for the aliases database file. Configuring sendmail • Are the /etc/hosts and /etc/passwd files up to date? The files should include the special relay station name for the mail forwarder, station aliases, user accounts for mail users, and so on. If you use domain names, the /etc/hosts file should use the following format: ip_address fully_qualified_domain_name alias1, alias2, ... A common problem with sendmail is that administrators place the aliases before the fully qualified domain name in the /etc/hosts file. Note: It is recommended that you do not make the first hostname entry a fully qualified domain name when setting up an isolated or solitaire configuration. • If you are using the Network Information Service (NIS) or BIND, are the sendmail-related files configured correctly (aliases, hosts, passwd)? Configuring sendmail This section provides examples for configuring a fictitious sendmail environment. The environment includes: • a stand-alone station where users can send mail locally (solitaire) • a simple isolated sendmail network with one domain • a hierarchical sendmail network with relays and one domain (eng.fictitious.com) • a hierarchical sendmail network with relays and multiple domains (corp.fictitious.com and fin.fictitious.com) • a complex hierarchical sendmail network with forwarders, relays, and multiple domains (corp.fictitious.com and eng.fictitious.com) • a UUCP sendmail connection (uk.com) Note: In the following examples, an empty macro or class has no values assigned to it. The macro or class is left blank. Figure 8-3 illustrates the fictitious sendmail environment used in the following examples for configuring sendmail. 193 Chapter 8: IRIX sendmail fictitious.com corp.fictitious.com corp1 engr.fictitious.com corp2 engr1 corp3 engr3 Simple Isolated Network lab1 lab2 fin.corp.fictitious.com fin1 engr2 fin2 lab3 fin3 uk.com uk1 uk2 solitaire uk3 Figure 8-3 Example sendmail Configuration Environment Customizing the sendmail.cf File The configuration file describes mailers, tells sendmail how to parse addresses and rewrite message headers, and sets various sendmail options. The standard configuration file shipped with IRIX supports a wide variety of mail configurations and does not work “out of the box.” All examples are based on the default sendmail.cf configuration file as it is shipped with IRIX. Note that sendmail macros and classes are both case-sensitive. See “User-Configurable Macros and Classes” on page 190. 194 Configuring sendmail Standalone Station (Solitaire) In the example configuration in Figure 8-3, there is a single, isolated station named solitaire. Mail is sent only from one user on the station to another user on the same station. No mail is sent to any other station, and no mail is received from any other station. Using the configmail script, set up mail like this: /usr/etc/configmail /usr/etc/configmail /usr/etc/configmail /usr/etc/configmail set set set set directdomains NULL localdomain NULL forwarder NULL rootdomain NULL If you are configuring the sendmail.cf file by hand, make the required adjustments to the following macros and classes: The D macro and class: Make sure that both the D macro and class are empty. The F macro and class: Make sure that both the F macro and class are empty. The T macro: Make sure that the T macro is empty. With a text editor, create a file named /usr/etc/resolv.conf and add the line: hostresorder local bind For more information about the resolv.conf file, see the resolv.conf(4) reference page. Note: If this is the only station you are configuring for sendmail, proceed to “Modifying the Aliases Database” on page 202. Simple Isolated Network An isolated network is the simplest network mail environment: a number of stations reside on a private network and send mail to each other on a peer-to-peer basis. All stations exist in the same domain; no subdomains exist. There is no connection or gateway between this private network and the outside world. No station in the network has greater responsibility for mail delivery than any other station. No relay or forwarder stations exist. The stations in the example network are named lab1, lab2, and lab3. Each station in the network uses the same configuration and can be set up as in the “Standalone Station (Solitaire),” described above, or, as an alternative, you can use 195 Chapter 8: IRIX sendmail configmail to perform an automatic setup. For the automatic setup procedure, refer to the section "Automatically Configuring sendmail" in the Personal System Administration Guide. Hierarchical (Relay) Network With a Single Domain In this example, all stations do not bear the same responsibility for mail delivery. One or more stations are designated as mail relay stations, where mail is concentrated for further processing or queueing before delivery. This scheme has particular advantages if some stations frequently are powered off or are otherwise unable to communicate. In such a situation, one or more relay stations are more reliable; they are never or infrequently out of communication with the network and are designated as mail concentration points. When mail is sent to a station that is down, the mail travels to the relay station, where it is queued for later delivery, rather than being queued on the originating station. When the destination station returns to operation, it is more likely that the relay station will be up than the originating station. Therefore, the mail will be delivered to the destination station in a timely manner. This hierarchical scheme also offers administrative advantages. For example, if a single station goes down for an extended period of time, or is simply failing to accept mail, the situation is easier to detect when there is a central mail queue. An administrator can check the mail queue on the relay station to see which stations are not accepting mail. If there were no relay station, mail to the down station would be queued on stations throughout the network, and the problem could be harder to spot. All stations exist under the engr.fictitious.com domain. The stations in the network are named engr1, engr2, and engr3. The mail relay station is engr1. The other stations in the network are expected to send mail through engr1 rather than delivering it directly. Each of the non-relay stations runs the same sendmail.cf configuration file. The sendmail.cf file on relay station engr1 has a slightly different D class definition. For example, using the configmail script, configure mail on the relay station engr1: /usr/etc/configmail /usr/etc/configmail /usr/etc/configmail /usr/etc/configmail 196 set set set set directdomains engr.fictitious.com localdomain engr.fictitious.com forwarder NULL rootdomain engr.fictitious.com Configuring sendmail Using the configmail script, set up mail on the remaining stations in the engr.fictitious.com domain. Note that the directdomains parameter is set to NULL on all stations except the relay station engr1. /usr/etc/configmail /usr/etc/configmail /usr/etc/configmail /usr/etc/configmail set set set set directdomains NULL localdomain engr.fictitious.com forwarder NULL rootdomain engr.fictitious.com If you are configuring the sendmail.cf file by hand, make the required adjustments to the following macros and classes: The D macro and class On all stations, change the D macro to contain the engr.fictitious.com domain name. On the relay station engr1, make sure that the D class contains the engr.fictitious.com domain name so that engr1 sends mail directly to all stations in the engr.fictitious.com domain. On the remaining stations, make sure that the D class is empty so that they do not send mail directly to other stations. (They are to send the mail to engr1.) The F macro and class Make sure that the F macro and class are empty. The T macro On all stations, change the T macro to contain the engr.fictitious.com domain name. For engr1 to be recognized as the mail relay station, the special relay station name “relay” (as defined by the R macro) must be one of the station aliases that belongs to engr1. Include the station name “relay” in the entry for engr1 in /etc/hosts or the DNS or NIS equivalent. When you have completed this exercise, proceed to “Modifying the Aliases Database” on page 202. Hierarchical (Relay) Network With Multiple Domains In this example, the hierarchical model is extended to multiple subdomains. This type of environment is a logical extension of the preceding one and is probably the easiest model to expand as the number of stations on the network increases. The environment requires that domain names be used for proper mail addressing. 197 Chapter 8: IRIX sendmail The entire local domain is named corp.fictitious.com. There is one subdomain under the corp.fictitious.com domain: fin.corp.fictitious.com. The stations in the corp.fictitious.com domain are corp1, corp2, and corp3. The stations in the fin.corp.fictitious.com domain are fin1, fin2, and fin3. corp3 is the relay for the corp.fictitious.com domain; fin3 is the relay for the fin.corp.fictitious.com domain. The stations in each of the two domains (corp.fictitious.com and fin.corp.fictitious.com) are configured much like those described in the preceding subsections. Using the configmail script, set up mail on the relay station corp3: /usr/etc/configmail set directdomains corp.fictitious.com /usr/etc/configmail set localdomain corp.fictitious.com /usr/etc/configmail set forwarder NULL /usr/etc/configmail set rootdomain corp.fictitious.com Using the configmail script, set up mail on the relay station fin3: /usr/etc/configmail set directdomains fin.corp.fictitious.com /usr/etc/configmail set localdomain fin.corp.fictitious.com /usr/etc/configmail set forwarder NULL /usr/etc/configmail set rootdomain corp.fictitious.com Using the configmail script, set up mail on the remaining non-relay stations in the corp.fictitious.com domain. Note that the directdomains parameter is set to NULL on non-relay stations. /usr/etc/configmail set directdomains NULL /usr/etc/configmail set localdomain corp.fictitious.com /usr/etc/configmail set forwarder NULL /usr/etc/configmail set rootdomain corp.fictitious.com Using the configmail script, set up mail on the remaining non-relay stations in the fin.corp.fictitious.com domain. Note that the directdomains parameter is set to NULL on non-relay stations. /usr/etc/configmail set directdomains NULL /usr/etc/configmail set localdomain fin.corp.fictitious.com /usr/etc/configmail set forwarder NULL /usr/etc/configmail set rootdomain corp.fictitious.com 198 Configuring sendmail If you are configuring the sendmail.cf file by hand, make the required adjustments to the following macros and classes: The D macro For all stations in the corp.fictitious.com domain, change the D macro to contain the corp.fictitious.com domain name. For all stations in the fin.corp.fictitious.com domain, change the D macro to contain the fin.corp.fictitious.com domain name. The D class: On the relay station corp3, make sure that the D class contains the corp.fictitious.com domain name so that corp3 will send mail directly to all stations in the corp.fictitious.com domain. On the relay station fin3, make sure that the D class contains the fin.corp.fictitious.com domain name so that fin3 will send mail directly to all stations in the fin.corp.fictitious.com domain. On the remaining stations in the network, make sure that the D class is empty so that they do not send mail directly to other stations. The F macro and class: Make sure that the F macro and class are empty. The T macro: On each of the stations, change the T macro to contain the corp.fictitious.com domain name. For the relay stations corp3 and fin3 to be recognized as such, the special relay station name “relay” (as defined by the R macro) must be an alias for each of them. There can be only one relay alias in the /etc/hosts file. Here is how to set up each alias: • For corp3, the alias relay.corp.fictitious.com (and optionally “relay”) should be included in its entry in /etc/hosts or the DNS or NIS equivalent. • For fin3, the alias relay.fin.corp.fictitious.com should be included in its entry in /etc/hosts or the DNS or NIS equivalent. When you have completed this procedure, proceed to “Modifying the Aliases Database” on page 202. Complex (Forwarder) Hierarchical (Relay) Network With Domains This section explains how to configure a station to act as the forwarder station; a forwarder station can be added to any of the scenarios described in the preceding subsections. Please see “sendmail Network Configurations” on page 188 for an explanation of the forwarder station concept as used by IRIX sendmail. 199 Chapter 8: IRIX sendmail This discussion applies to mail environments of all types. Whatever the form of your internal mail environment, whenever you want to use a mail gateway station between your internal mail network and the external world, a forwarder station is required. The sendmail configuration for using this forwarder station is exactly the same for all stations on the internal side of the gateway. The internal mail environment consists of the domain corp.fictitious.com and any or all domains under corp.fictitious.com (fin.corp.fictitious.com). All stations within the corp.fictitious.com domain are capable of communicating with each other. For example, there is no physical restriction to prevent station fin1.fin.corp.fictitious.com from sending mail to corp1.corp.fictitious.com. Station corp2.corp.fictitious.com can connect to all stations within the corp.fictitious.com domain and can also connect to stations in other domains, such as engr.fictitious.com. Station corp2.corp.fictitious.com is therefore the forwarder station to all domains beyond the corp.fictitious.com domain. In this example, station corp2.corp.fictitious.com is aliased to corp2 for ease of addressing in the internal mail environment. In addition to the changes to sendmail.cf required for the internal mail environment, make the following changes to the sendmail.cf file on all stations within the corp.fictitious.com domain. Using the configmail script, change the appropriate parameter: /usr/etc/configmail set forwarder corp2.corp.fictitious.com corp2 If configuring the sendmail.cf file by hand, make the required adjustments to the following macros and classes: The F macro: Make sure that the F macro contains the station name corp2.corp.fictitious.com. The F class: Make sure that the F class contains the two names corp2 and corp2.corp.fictitious.com, by which the forwarder station is known. When you have completed the procedure, proceed to “Modifying the Aliases Database” on page 202. UUCP Mail The default sendmail.cf file shipped with IRIX includes support for sending mail through UUCP. This section discusses these capabilities and explains how to integrate UUCP mail into the local mail environment. UUCP support can be added to any of the scenarios described in the preceding subsections. 200 Configuring sendmail The sendmail.cf file directs sendmail to read the /etc/uucp/Systems file on startup. All UUCP station names are read from this file, and stations marked “domain-machine” are noted. If a UUCP pathalias database is maintained on the station, the location of the database is set with the P macro. If the /etc/uucp/Systems file indicates that there are stations connected to the local station through UUCP, sendmail sends mail received on the local station, and addressed to one of the stations described in the /etc/uucp/Systems file, on to the proper place. If the P macro is set and points to a valid UUCP pathalias database, sendmail will attempt to find a UUCP path to a station for which it cannot find an address or MX record. If the database returns a good UUCP path to the destination station, sendmail attempts to send the mail to the left-most station on the path. Depending upon the network environment, UUCP mail may range from the only form of network mail to one part of a much larger network mail environment. The following sections describe a common technique for adding UUCP to an existing local area mail network. Sample Environment The local domain is named uk.com. Station uk1.uk.com is the forwarder station, as described in “Complex (Forwarder) Hierarchical (Relay) Network With Domains” on page 199 in “Customizing the sendmail.cf File” on page 194. To avoid forwarder loops, the default sendmail.cf file permits only one forwarder station to be configured. Therefore, station uk1.uk.com is also the UUCP forwarder station. Changes to sendmail.cf No changes to sendmail.cf are necessary beyond those required to configure station uk1.uk.com as the forwarder station. (See “Complex (Forwarder) Hierarchical (Relay) Network With Domains” on page 199.) If station uk1.uk.com maintains a pathalias database, the P macro should be set to the pathname of the pathalias database. Other Changes The /etc/uucp/Systems file must also be configured before sendmail will see any of the UUCP-connected stations. For more information see Chapter 7, “UUCP.” When you have completed this procedure, look ahead to “Modifying the Aliases Database” on page 202. 201 Chapter 8: IRIX sendmail Modifying the Aliases Database After modifying a station’s sendmail.cf file (see “Customizing the sendmail.cf File” on page 194), the alias database file should also be modified to reflect your sendmail environment. If you don’t have any “private” company aliases, you still need to modify the aliases file to provide it with a valid postmaster alias. Creating the Aliases File Continuing with the fictitious example used in “Customizing the sendmail.cf File” on page 194, assume that the administrator for the domain corp.fictitious.com has derived a list of aliases for the corp.fictitious.com domain. The list of aliases is shown in Table 8-1. Table 8-1 202 Sample aliases File Entries Alias Name Member Station Name finance john fin1 finance paul fin2 finance mary fin3 corp sharon corp1 corp pam corp2 corp peter corp3 all finance and corp N/A postmaster mailmgr corp1 Configuring sendmail The /etc/aliases file entries based on the list of aliases generated by the administrator would look like this: ############################################################# # Aliases in this file will NOT be expanded in the header # from Mail, but WILL be visible over networks or from # /bin/mail. # >>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. ############################################################# start of common aliases--do not remove this line # Add the following alias to enable Yellow Page aliases. If # enabled, the YP database defines anything not defined in # this file. #+:+ # Alias for mailer daemon MAILER-DAEMON:postmaster # send mail likely to be lost to the mail server rootcsh:postmaster rootsh:postmaster . . . games:postmaster # Following alias is required by RFC 822 # You should change ’root’ in the first line below to # the administrator of this machine, and un-comment the # following line. postmaster:root root:mailmgr@corp1 # aliases to handle mail to msgs and news nobody: /dev/null # end of common aliases--do not remove this line # corp.fictitious.com aliases finance:john@fin1,paul@fin2,mary@fin3 corp:sharon@corp1,pam@corp2,peter@corp3 all:finance,corp 203 Chapter 8: IRIX sendmail Updating the aliases Database After you modify the /etc/aliases text database file, run the newaliases program to incorporate the text changes into the DBM files, /etc/aliases.dir and /etc/aliases.pag. Update the aliases database: /usr/bsd/newaliases If there is nothing wrong with your aliases database, newaliases lists the number of aliases and then return your prompt. If you see any other message, most likely there is a problem with your aliases file. See “Debugging Flags” on page 207 for hints on troubleshooting the alias file. Starting the sendmail Daemon After customizing the sendmail.cf files and modifying the aliases database, you are ready to start sendmail. By default, IRIX automatically starts sendmail at station start-up by using the shell script /etc/init.d/mail. However, if you are configuring and testing sendmail and don’t want to reboot the station, you can run the /etc/init.d/mail script manually. You should always use the mail script to stop and start sendmail. It processes and checks sendmail related files and programs and in the correct order. Start the sendmail daemon: /etc/init.d/mail start If you need to stop sendmail, enter the following command: /etc/init.d/mail stop 204 Managing sendmail Managing sendmail This section describes some of the tasks related to managing the sendmail environment. sendmail Command-Line Flags You can include one or more flags on the command line to tailor a sendmail session. This section describes some of the more frequently used flags. For a complete description of command-line flags, see Appendix B, “IRIX sendmail Reference.” Changing the Values of Configuration Options The -o flag overrides an option in the configuration file. The override is for the current session only. In the following example, the T (timeout) option becomes two minutes for this session only: /usr/lib/sendmail -oT2m For a complete discussion of configuration options, see Appendix B, “IRIX sendmail Reference.” Delivery Mode One configuration option frequently overridden on the command line is the d option, which specifies the sendmail delivery mode. The delivery mode determines how quickly mail is delivered: i deliver interactively (synchronously) b deliver in background (asynchronously) q queue only (don’t deliver) There are trade-offs. Mode i passes the maximum amount of information to the sender, but is rarely necessary. Mode q puts the minimum load on your station, but if you use it, delivery may be delayed for up to the queue interval. 205 Chapter 8: IRIX sendmail Mode b is probably a good compromise. However, in this mode, sendmail may initiate a large number of processes if you have a mailer that takes a long time to deliver a message. Queue Mode The -q flag causes sendmail to process the mail queue at regular intervals. The syntax is as follows, where time defines the interval between instances of queue processing: -q [time] Time is expressed in number of minutes: 15m sets the interval to 15 minutes. If time is omitted, sendmail processes the queue once and returns. The -q flag is often used in conjunction with daemon mode, described in the next subsection. Daemon Mode To process incoming mail over sockets, a daemon must be running. The -bd flag causes sendmail to run in daemon mode. The -bd and -q flags can be combined in one call, as in the following example: /usr/lib/sendmail -bd -q30m This command causes sendmail to run in daemon mode and to fork a subdaemon for queue processing every half hour. The script for starting sendmail that is provided with IRIX includes the following command line: /usr/lib/sendmail -bd -q15m Verify Mode Using the -bv flag directs sendmail to validate addresses, aliases, and mailing lists. In this mode, sendmail performs verification only. It does not try to collect or deliver a message. sendmail expands all aliases, suppresses duplicates, and displays the expanded list of names. For each name, sendmail indicates if it knows how to deliver a message to that destination. 206 Managing sendmail Test Mode The -bt flag places sendmail in test mode so that it describes how the current configuration rewrites addresses. Test mode is extremely useful for debugging modifications to the /etc/sendmail.cf configuration file. For more information, see Appendix B, “IRIX sendmail Reference.” Debugging Flags Several debugging flags are built into sendmail. Each flag includes a number and a level. The number identifies the debugging flag. The level, which defaults to 1, dictates how much information is printed. A low level causes minimal information to print; a high level causes more comprehensive information to print. By convention, levels greater than 9 are not recommended, since so much information prints that it is of limited value. Debugging flags use the following syntax: -d debug-list • Set flag 13 to level 1. -d13 • Set flag 13 to level 3. -d13.3 • Set flags 5 though 18 to level 1. -d5-18 • Set flags 5 through 18 to level 4. -d5-18.4 Many debugging flags are of little use to the average sendmail user. Some are occasionally useful for helping to track down obscure problems. Appendix B, “IRIX sendmail Reference,” includes a complete list of debugging flags. Using a Different Configuration File The -C flag directs sendmail to use an alternate configuration file. For example, the following line directs sendmail to use the test.cf file instead of the default /etc/sendmail.cf file: /usr/lib/sendmail -Ctest.cf 207 Chapter 8: IRIX sendmail If the -C flag appears without a filename, sendmail uses the file sendmail.cf in the current directory. Thus, the -C flag directs sendmail to ignore any /etc/sendmail.fc (“frozen”) file that may be present. The Mail Queue This section discusses how to print and force the mail queue. Listing the Queue You can list the contents of the queue by using the mailq command or by specifying the -bp flag to sendmail. The list includes a listing of the queue IDs, the size of each message, the date the message entered the queue, and the sender and recipients. Forcing the Queue The -q flag (with no value) forces sendmail to process the queue. It is sometimes useful to use the -v flag (verbose) also when running the queue manually, as follows: /usr/lib/sendmail -q -v In verbose mode, sendmail displays the SMTP chatter with other stations as well as messages indicating any delivery errors and final message disposition. Because of the locking algorithm, it is impossible for one job to freeze the queue. However, an uncooperative recipient station or a program recipient that never returns can consume many station resources. Unfortunately, there is no way to resolve this situation without violating the SMTP protocol used by sendmail. In some cases, if a major station goes down for a couple of days, a prohibitively large queue may be created. As a result, sendmail spends an inordinate amount of time sorting the queue. You can remedy this situation by moving the queue to a temporary location and creating a new queue. The old queue can be run later when the offending station returns to service. 208 Managing sendmail Use the following commands to move the entire queue directory. The mail queue should be owned by root and belong to the mail group. cd /var/spool mv mqueue omqueue mkdir mqueue chmod 755 mqueue Then kill the existing sendmail daemon (because it will still be processing in the old queue directory) and create a new daemon: /etc/init.d/mail stop /etc/init.d/mail start To run the old mail queue, use the following command: /usr/lib/sendmail -oQ/var/spool/omqueue -q The -oQ flag specifies an alternate queue directory, and the -q flag causes sendmail to run every job in the queue once and then return. Use the -v (verbose) flag to watch what is going on. It may be necessary to run the old mail queue a number of times before all of the messages can be delivered. When the queue is finally emptied, the directory can be removed: rmdir /var/spool/omqueue The .forward File As an alternative to the alias database, users can put a file with the name .forward in their home directories. If the .forward file exists, in a user’s home directory sendmail redirects mail for that user to the list of recipients in the file. The recipients are separated by commas or new lines. For example, if the home directory for user jane has a .forward file with the following contents, any mail arriving for jane is redirected to the specified accounts: zippy@state.edu bongo@widgets.com 209 Chapter 8: IRIX sendmail The .forward file also allows the user to redirect mail to files or programs. A .forward file with the following contents redirects any incoming messages to jd@company.com, appends a copy of the message to the file /var/tmp/mail.log, and pipes a copy of the message to stdin of the /usr/bin/mymailer program: jd@company.com /var/tmp/mail.log | /usr/bin/mymailer In general, file-type recipients must be writable by everyone. However, if sendmail is running as root and the file has setuid or setgid bits set, then the message will be written to the file. Users can redirect mail to themselves in addition to sending it to other recipients. This feature is particularly useful if the users want to continue to receive mail in their own mailboxes while passing copies of each incoming message to some alternative destination. For example, say that the home directory for user john contains a .forward file with the following contents: \john, |/usr/sbin/vacation sendmail behaves as follows: • It sends each incoming message to john’s regular mailbox; the backslash (\) preceding the name indicates that no further aliasing is to occur. • It pipes a copy of each message to stdin of the /usr/sbin/vacation program. (The vertical bar [|] is the standard UNIX pipe symbol.) sendmail Questions, Problems, and Troubleshooting 1. What are MX records? MX records are resource records in the BIND database. Each record contains the name of a target station, a preference level, and the name of an exchanger station that handles mail for the target station. (The exchanger station may be the target station itself.) The BIND database can contain several MX records for each target station; the record with the lowest preference level is tried first. MX records provide a way to direct mail to alternative stations. Using MX records lets you eliminate static routes from your sendmail configuration file. For more details about setting up MX records, see Appendix B, “IRIX sendmail Reference.” 210 Notes to Current sendmail Users 2. sendmail doesn’t seem to see my changes to sendmail.cf. Remember to save your changes to the configuration file by issuing the following commands: /etc/init.d/mail stop /etc/init.d/mail start The stopping and starting of the daemon forces sendmail to reconfigure the file. Otherwise, sendmail runs using the old, “frozen” version of the configuration file, thus ignoring your changes. For more information on “frozen” configuration files, see Appendix B, “IRIX sendmail Reference.” 3. Can I put comments in macro definitions? Do not include comments on macro or class definition lines in the sendmail.cf file. For example, DDfoo.com # my domain name would define the D macro as: "foo.com # my domain name" Likewise, CD foo.com bar.com # my local domains would define the D class as containing “foo.com,” “bar.com,” “#,” “my,” “local,” and “domains.” 4. Where can I find information to help me troubleshoot my sendmail installation? See Appendix B, “IRIX sendmail Reference.” Notes to Current sendmail Users In general, the current version of sendmail should be backward-compatible with previous versions. Most users should be able to replace their existing sendmail with the new IRIX 4.0 sendmail and run as before without any changes. However, there are certain differences between this and previous versions of sendmail that may cause compatibility problems. These differences are described in the subsections that follow. 211 Chapter 8: IRIX sendmail MX Record Support For each destination station contacted by means of an IPC-type mailer (P=[IPC] in the mailer definition line), sendmail queries the DNS database for MX records associated with the destination station. If the MX query succeeds, mail will be routed through the appropriate exchanger station found among the returned MX records as described in RFC 974 and required by RFC 1123. The result is that this version of sendmail and previous versions may use different methods to route mail to stations for which MX records are available. See Appendix B, “IRIX sendmail Reference,” for information regarding mailer definitions. With the advent of MX records, you may want to edit your sendmail.cf file to remove previously required static routes. Multi-Token Class Match Some sendmail.cf implementations inadvertently rely on the inability of sendmail to do multi-token class-matching. One such implementation is the standard sendmail.cf file distributed with IRIX Releases 3.2 and 3.3. If your sendmail.cf file is based upon one of those standard sendmail.cf files, you should read this section. If your sendmail.cf file is not based on one of those standard files, this section may serve as an example if you encounter odd behavior with class-matching while running the new sendmail. The standard IRIX Release 3.2 and 3.3 sendmail.cf files define an S class that is scanned in from the /etc/hosts file. This class is used to detect single-token station names that appear in the local /etc/hosts file. With the advent of multi-token class-matching, the S class no longer operates as intended. The problem is that station names appearing in the /etc/hosts file are scanned into the S class whether they are single- or multi-token station names (that is, whether or not they contain dots). The S class still worked as intended with previous versions of sendmail, because if an attempt was made to match a multi-token station name in the class, the match would always fail. With the new sendmail, that same match will (incorrectly) succeed. This problem is observed when rules such as this one began matching qualified station names such as foo.bar.sgi.com: # Assume that unqualified names are local. R$*<@$=S>$* $1<@$2.$D>$3 212 Notes to Current sendmail Users The result was that stations such as foo.bar.sgi.com that appeared on the LHS of the rewrite rule shown here were being rewritten to foo.bar.sgi.com.bar.sgi.com, which is obviously wrong. The problem was not the use of the S class, but rather the practice of scanning multi-token station names from the /etc/hosts file into the class in the first place. An examination of the sendmail.cf file shows that the S class is being scanned in by the following scan sets: # Directly-connected SMTP hosts FS/etc/hosts %*[.0-99] %[-_.a-zzA-ZZ0-99] FS/etc/hosts %*[.0-99] %*[-._a-zzA-ZZ0-99] %[-_.a-zzA-Z0-99] These scan sets read in the two left-most station names from /etc/hosts regardless of whether they contain dots. To correct the situation, modify the scan sets to read in only the station names from /etc/hosts in their single-token, unqualified form, as follows: # Directly-connected SMTP hosts FS/etc/hosts %*[.0-99] %[-_a-zzA-ZZ0-99] FS/etc/hosts %*[.0-99] %*[-._a-zzA-ZZ0-99] %[-_a-zzA-ZZ0-99] Note the removal of the dots from the right-most patterns. Depending on your use of class-matching, this incompatibility may not affect you. If you suspect there might be a problem, you should examine your use of classes and your class definitions. If you are currently using a sendmail.cf file supplied by Silicon Graphics, you should examine the S class scan sets and make the corrections indicated here. If you use the default sendmail.cf as supplied in this release, you should be free from any such problems. 213 Appendix A A. BIND Standard Resource Record Format The Berkeley Internet Name Domain (BIND) server uses a specific record format for the name server data files. This appendix details BIND’s standard resource record format by resource record type. Standard Resource Record Format The records in the name server data files are called resource records. The Standard Resource Record (RR) Format is specified in RFC 1035. The standard format of resource records is: {name} {ttl} addr-class Record Type Record-specific data • The first field is the name of the domain record. It must always start in column 1. For some RRs the name may be left blank, in which case it becomes the name of the previous RR. • The second field is an optional time-to-live field, which specifies how long this data will be stored in the database. When this field is blank, the default time-to-live value is specified in the Start of Authority (SOA) resource record (described later in this section). • The third field is the address class. Currently only the IN class (for Internet hosts and addresses) is recognized. • The fourth field identifies the type of resource record. • Subsequent fields depend on the type of RR. Case is preserved in names and data fields when they are loaded into the name server. Comparisons and lookups in the name server database are not case sensitive. If you specify TTLs for resource records, it is important that you set them to appropriate values. The TTL is the amount of time (in seconds) that a resolver will use the data from your server before it asks your server again. If you set the value too low, your server will 215 Appendix A: BIND Standard Resource Record Format become loaded down with repeat requests. If you set it too high, information you change will not be distributed in a reasonable amount of time. Most host information does not change much over time. A good way to set up your TTLs is to set them at a high value, and lower the value if you know a change is coming soon. You might set most TTLs between a day (86400) and a week (604800). When you know some data is changing soon, set the TTL for that RR to a low value, between an hour (3600) and a day, until the change takes place. Then reset it to its previous value. All resource records with the same name, class, and type should have the same TTL value. The following characters have special meanings in resource records: (blank) A blank or tab character in the name field denotes the current domain. @ A free-standing “at” sign (@) in the name field denotes the current origin. . A free-standing period in the name field represents the root domain name. \x The backslash designates that the special meaning of the character x does not apply. The x represents any character other than a digit (0–9). For example, use \.to place a dot character in a label. \DDD Each D is a digit; the complete string is the octet corresponding to the decimal number described by DDD. The octet is assumed to be text and is not checked for special meaning. () Parentheses enclose group data that crosses a line. In effect, newlines are not recognized within parentheses. This notation is useful with SOA and WKS records. ; A semicolon precedes a comment; the remainder of the line is ignored. * An asterisk is a wildcard character. Usually a resource record has the current origin appended to the name if the name is not terminated by a period (.). This scheme is useful for appending the current domain name to the data, such as workstation names, but can cause problems if you do not want the name to be appended. If the name is not in the domain for which you are creating the data file, end the name with a period. However, do not append the period to Internet addresses. 216 Standard Resource Record Format $INCLUDE An include line has $INCLUDE starting in column 1 and is followed by a filename. This feature helps you use multiple files for different types of data. For example: $INCLUDE /usr/etc/named.d/mailboxes This line is a request to load the file /usr/etc/named.d/mailboxes. The $INCLUDE command does not cause data to be loaded into a different zone or tree. It allows data for a given zone to be organized in separate files. For example, you might keep mailbox data separate from host data by using this mechanism. $ORIGIN $ORIGIN changes the origin in a data file. The line starts in column 1 and is followed by a domain origin. This feature is useful for putting more than one domain in a data file. $ORIGIN Berkeley.EDU. SOA—Start of Authority name {ttl} addr-class SOA Source @ IN SOA ucbvax.Berkeley.EDU ( 1994021501;Serial 10800 ;Refresh 3600 ;Retry 3600000 ;Expire 86400 ;Minimum ) Person-in-charge kjd.ucbvax.Berkeley.EDU. The Start of Authority record, SOA, designates the start of a zone. There should be only one SOA record per zone. The name is the name of the zone. It can be a complete domain name like “Berkeley.EDU.” or a name relative to the current $ORIGIN. The “at” sign (@) indicates the current zone name, taken from the “primary” line in the named.boot file or from a previous $ORIGIN line. Source is the name of the host on which the master data file resides, typically the primary master server. 217 Appendix A: BIND Standard Resource Record Format Person-in-charge is the mailing address for the person responsible for the name server. The mailing address is encoded in the form of a domain name where the “at” sign (@) separating the user name from the hostname is replaced with a period. In the example above, kjd.ucbvax.berkeley.edu is the encoded form of kjd@ucbvax.berkeley.edu. Serial is the version number of this data file, and should be incremented whenever data are changed. Do not use floating point numbers (numbers with a decimal point, such as 1.1). A useful convention is to encode the current date in the serial number. For example, 25 April 1994 edit #1 is encoded as: 1994042501 Increment the edit number if you modify the file more than once on a given day. Refresh indicates how often, in seconds, a secondary name server is to check with the primary name server to see if an update is needed. Retry indicates how long, in seconds, a secondary server is to retry after a failure to check for a refresh. Expire is the maximum number of seconds that a secondary name server has to use the data before they expire for lack of getting a refresh. Minimum is the default number of seconds to be used for the time-to-live field on resource records with no explicit time-to-live value. NS—Name Server {name} {ttl} addr-class IN NS NS Name server’s_name ucbarpa.Berkeley.EDU. The Name Server record, NS, lists the name of a machine that provides domain service for a particular domain. The name associated with the RR is the domain name, and the data portion is the name of a host that provides the service. Workstations providing name service need not be located in the named domain. There should be one NS record for each master server (primary or secondary) for the domain. If you use more than approximately 10 to 15 NS records for a zone, you may exceed DNS datagram size limits. NS records for a domain must exist in both the zone that delegates the domain and in the domain itself. If the name server host for a particular domain is itself inside the domain, then a glue record is needed. A glue record is an Address (A) record that specifies the 218 Standard Resource Record Format address of the server. Glue records are needed only in the server delegating the domain, not in the domain itself. For example, if the name server for domain SRI.COM is KL.SRI.COM, then the NS and glue A records on the delegating server look like this: SRI.COM. IN KL.SRI.COM. IN NS A KL.SRI.COM. 10.1.0.2 The administrators of the delegating and delegated domains should ensure that the NS and glue A records are consistent and remain so. A—Address {name} ucbvax {ttl} addr-class IN IN A A A address 128.32.133.1 128.32.130.12 The Address record, A, lists the address for a given workstation The name field is the workstation name, and the address is the network address. There should be one A record for each address of the workstation. HINFO—Host Information {name} {ttl} addr-class HINFO IN HINFO Hardware SGI-IRIS-INDY OS IRIX The Host Information resource record, HINFO, is for host-specific data. This record lists the hardware and operating system running at the listed host. Only a single space separates the hardware information and the operating-system information. To include a space in the workstation name, you must place quotation marks around the name. There should be one HINFO record for each host. See the file /usr/etc/named.d/README for the current list of names for IRIS4D Series workstations and servers. To learn the names for other types of hardware and operating systems, refer to the most current “Assigned Numbers” RFC (RFC 1340 as of this writing). WKS—Well-Known Services {name} {ttl} addr-class WKS address IN WKS 192.12.6.16 IN protocol services list UDP (who route timed domain) WKS 192.12.63.16 TCP (echo telnet chargen ftp 219 Appendix A: BIND Standard Resource Record Format smtp time domain bootp finger sunrpc) The Well-Known Services record, WKS, describes well-known services supported by a particular protocol at a specified address. The list of services and port numbers comes from the list of services specified in /etc/services. There should be only one WKS record per protocol per address. CNAME—Canonical Name aliases {ttl} ucbmonet addr-class IN CNAME CNAME Canonical name monet The Canonical Name resource record, CNAME, specifies an alias for the official, or canonical, hostname. This record should be the only one associated with the alias name. All other resource records should be associated with the canonical name, not with the alias. Any resource records that include a domain name as their value (such as NS or MX) should list the canonical name, not the alias. Aliases are also useful when a host changes its name. In that case, it is usually a good idea to have a CNAME record so that people still using the old name get to the right place. PTR – Domain Name Pointer name {ttl} 6.130 addr-class IN PTR PTR real name monet.Berkeley.EDU. A Domain Name Pointer record, PTR, allows special names to point to some other location in the domain. The example of a PTR record given here is used to set up reverse pointers for the special IN-ADDR.ARPA domain. PTR names should be unique to the zone. Note the period (.) appended to the real name to prevent named from appending the current domain name. MB—Mailbox name ben 220 {ttl} addr-class IN MB MB Machine franklin.Berkeley.EDU. Standard Resource Record Format The Mailbox record, MB, lists the workstation where a user receives mail. The name field is the user’s login. The machine field lists the workstation to which mail is to be delivered. Mailbox names should be unique to the zone. MR—Mail Rename Name name {ttl} addr-class MR Postmaster IN MR corresponding_MB ben The Mail Rename Name record, MR, lists aliases for a user. The name field lists the alias for the name listed in the last field, which should have a corresponding MB record. MINFO—Mail Information name BIND {ttl} addr-class MINFO IN MINFO requests BIND-REQUEST maintainer kjd.Berkeley.EDU The Mail Information record, MINFO, creates a mail group for a mailing list. This resource record is usually associated with a Mail Group (MG) record, but can be used with a Mailbox (MB) record. The name is the name of the mailbox. The requests field is where mail (such as requests to be added to a mail group) should be sent. The maintainer is a mailbox that should receive error messages. This arrangement is appropriate for mailing lists when errors in members’ names should be reported to someone other than the sender. MG—Mail Group Member {mail group name} {ttl} addr-class IN MG MG member name Bloom The Mail Group record, MG, lists members of a mail group. Here is an example for setting up a mailing list: Bind IN IN IN MINFO MG MG Bind-Request kjd.Berkeley.EDU. Ralph.Berkeley.EDU. Zhou.Berkeley.EDU. MX—Mail Exchanger preference mail 221 Appendix A: BIND Standard Resource Record Format name {ttl} addr-class MX Munnari.OZ.AU. IN MX *.IL. IN MX value 10 10 exchanger Seismo.CSS.GOV. CUNYVM.CUNY.EDU. The Mail Exchanger record, MX, specifies a workstation that can deliver mail to a workstation not directly connected to the network. In the first example given here, Seismo.CSS.GOV. is a mail gateway that can deliver mail to Munnari.OZ.AU. Other systems on the network cannot deliver mail directly to Munnari. The two systems, Seismo and Munnari, can have a private connection or use a different transport medium. The preference value is the order that a mailer should follow when there is more then one way to deliver mail to a single workstation. See RFC 974 for more detailed information. You can use a wildcard name containing an asterisk (*) for mail routing with an MX record. Servers on the network can state that any mail to a given domain is to be routed through a relay. In the second example given here, all mail to hosts in the domain IL is routed through CUNYVM.CUNY.EDU. This routing is done by means of a wildcard MX resource record, which states that *.IL has an MX of CUNYVM.CUNY.EDU. RP—Responsible Person owner {ttl} addr RP mbox_domain_name franklin IN RP franklin.berkeley.edu TXT_domain_name admin.berkeley.edu. The Responsible Person record, RP, identifies the name or group name of the responsible person for a host. Often it is desirable to be able to identify the responsible entity for a particular host. Otherwise, when that host is down or malfunctioning, it is difficult to contact someone who can resolve the problem or repair the host. The mbox domain name field is a domain name that specifies the mailbox for the responsible person. Its format in master files uses the DNS convention for mailbox encoding, identical to that used for the Person-in-charge mailbox field in the SOA record. In the example given here, the mbox domain name shows the encoding for ben@franklin.berkeley.edu. You can specify the root domain name (just “.”) to indicate that no mailbox is available. The last field is a domain name for which TXT RRs exist. You can perform a subsequent query to retrieve the associated TXT resource records at the TXT domain name. Retrieving the TXT records provides a level of indirection so that the entity can be referred to from multiple places in the DNS. You can specify the root domain name (just “.”) for the TXT domain name to indicate that no associated TXT RR exists. In the 222 Standard Resource Record Format example, “sysadmins.berkeley.edu.” is the name of a TXT record that could contain some text with names and phone numbers. The format of the RP record is class insensitive. Multiple RP records at a single name may be present in the database. They should have identical TTLs. The RP record is experimental; not all DNS servers implement or recognize it. TXT—Text text-name location {ttl} addr-class IN TXT TXT text-data "Berkeley, CA" The Text record, TXT, is used to hold descriptive text. The semantics of the text depend on the domain where it is found. 223 Appendix B B. IRIX sendmail Reference This appendix provides reference material on sendmail. It is divided into the following sections: • “sendmail Command-Line Flags” on page 225 • “Tuning” on page 228 • “The Configuration File” on page 233 • “Flags, Options, and Files” on page 251 sendmail Command-Line Flags You can include one or more flags on the command line to tailor a sendmail session. This section describes some of the more frequently used flags. For a complete description of command-line flags, see “Flags, Options, and Files” on page 251. Changing the Values of Configuration Options The -o flag overrides an option in the configuration file. The override is for the current session only. In the following example, the T (timeout) option becomes two minutes for this session only: /usr/lib/sendmail -oT2m For a complete discussion of configuration options, see “Flags, Options, and Files” on page 251. 225 Appendix B: IRIX sendmail Reference Delivery Mode One configuration option frequently overridden on the command line is the d option, which specifies the sendmail delivery mode. The delivery mode determines how quickly mail is delivered: i deliver interactively (synchronously) b deliver in background (asynchronously) q queue only (don’t deliver) There are trade-offs. Mode i passes the maximum amount of information to the sender, but is rarely necessary. Mode q puts the minimum load on your system, but if you use it, delivery may be delayed for up to the queue interval. Mode b is probably a good compromise. However, in this mode, sendmail may initiate a large number of processes if you have a mailer that takes a long time to deliver a message. Queue Mode The -q flag causes sendmail to process the mail queue at regular intervals. The syntax is as follows, where time defines the interval between instances of queue processing: -q [time] Time is expressed in number of minutes: 15m sets the interval to 15 minutes. If time is omitted, sendmail processes the queue once and returns. The -q flag is often used in conjunction with daemon mode, described in the next subsection. See “Timeouts and Intervals” on page 229 for a discussion of time-interval specifications and formats. Daemon Mode To process incoming mail over sockets, a daemon must be running. The -bd flag causes sendmail to run in daemon mode. The -bd and -q flags can be combined in one call, as in the following example: 226 sendmail Command-Line Flags /usr/lib/sendmail -bd -q30m This command causes sendmail to run in daemon mode and to fork a subdaemon for queue processing every half hour. The script for starting sendmail that is provided with IRIX includes the following command line: /usr/lib/sendmail -bd -q15m Verify Mode Using the -bv flag directs sendmail to validate addresses, aliases, and mailing lists. In this mode, sendmail performs verification only. It does not try to collect or deliver a message. sendmail expands all aliases, suppresses duplicates, and displays the expanded list of names. For each name, sendmail indicates if it knows how to deliver a message to that destination. Test Mode The -bt flag places sendmail in test mode so that it describes how the current configuration rewrites addresses. Test mode is extremely useful for debugging modifications to the /usr/lib/sendmail.cf configuration file. For more information, see “Test Mode” on page 247. Debugging Flags Several debugging flags are built into sendmail. Each flag includes a number and a level. The number identifies the debugging flag. The level, which defaults to 1, dictates how much information prints. A low level causes minimal information to print; a high level causes more comprehensive information to print. In general, levels greater than 9 cause so much information to print that it is of limited value. Debugging flags use the following syntax: -d debug-list A debug list includes the flag number and the flag level, as shown in the following examples. • Set flag 13 to level 1. 227 Appendix B: IRIX sendmail Reference -d13 • Set flag 13 to level 3. -d13.3 • Set flags 5 though 18 to level 1. -d5-18 • Set flags 5 through 18 to level 4. -d5-18.4 Many debugging flags are of little use to the average sendmail user. Some are occasionally useful for helping to track down obscure problems. “Flags, Options, and Files” on page 251 includes a complete list of debugging flags. Using a Different Configuration File The -C flag directs sendmail to use an alternate configuration file. For example, the following line directs sendmail to use the test.cf file instead of the default /usr/lib/sendmail.cf file: /usr/lib/sendmail -Ctest.cf If the -C flag appears without a filename, sendmail uses the file sendmail.cf in the current directory. Thus, the -C flag directs sendmail to ignore any /usr/lib/sendmail.fc (“frozen”) file that may be present. Tuning A number of configuration parameters are available for fine-tuning sendmail to the requirements of a specific site. Options in the configuration file set these parameters. For example, the string “T3d” sets the T (timeout) option to “3d” (three days). Most options have default values that are appropriate for many sites. However, sites having very high mail loads may need to tune these parameters to fit the mail load. In particular, sites with a large volume of small messages that are delivered to multiple recipients may need to adjust the parameters for queue priorities. 228 Tuning The rest of this section describes the configuration parameters for the following tuning areas: • timeouts and intervals • forking during queue runs • queue priorities • load limiting • delivery mode • log level Timeouts and Intervals Time intervals use the following abbreviations: s seconds m minutes h hours d days w weeks For example, “10m” represents 10 minutes, and “2h30m” represents two hours and 30 minutes. Queue Interval The argument to the -q flag specifies how often to process the mail queue. When the sendmail daemon is started with the /etc/init.d/mail script, the queue interval is set to 15 minutes. If sendmail runs in delivery mode b, messages are written to the queue only when they cannot be delivered (for example, when a recipient host is down). Therefore, the need to process the queue is limited and the queue interval value may be set quite high. The value is relevant only when a host that was down comes back up. If sendmail runs in delivery mode q, the queue interval should be set to a low value, as it defines the longest time that a message sits in the local queue before being processed. 229 Appendix B: IRIX sendmail Reference Read Timeouts sendmail can time out when reading the standard input or when reading from a remote SMTP server. Technically, a timeout is not acceptable within the published protocols. However, setting the read timeout option to a high value (such as an hour) reduces the chance that a large number of idle daemons will pile up on a system. The read timeout option is r. Message Timeouts sendmail causes a queued message to time out after a specified time period. This feature ensures that the sender knows the message cannot be delivered. This default message timeout value is one week (seven days). The value is set with the T option. The queue records the time of submission, rather than the time remaining until timeout. This approach enables sendmail to flush messages that have been hanging for a short period by running the queue with a short message timeout. The following example illustrates how to process the queue and flush any message that is one day old: /usr/lib/sendmail -oT1d -q Forking During Queue Runs Setting the Y option causes sendmail to fork before each individual message when processing the queue. This technique prevents sendmail from consuming large amounts of memory, and may be useful in memory-poor environments. However, if the Y option is not set, sendmail keeps track of hosts that are down during a queue run, which can improve performance dramatically. Queue Priorities sendmail assigns a priority to every message when it is first instantiated. sendmail uses the priority and the message creation time (in seconds since January 1, 1970) to order the queue. The message with the lowest priority number is processed first. The algorithm that derives a message’s priority uses the following information: message size (in bytes) Small messages receive lower priorities than large messages, increasing the efficiency of the queue. 230 Tuning message class If the user includes a “Precedence:” field and value in a message, sendmail uses the value to select the message class from the configuration file. (Typical values might be “first-class” or “bulk.”) class work factor This factor is set in the configuration file with the z option; its default value is 1800. number of recipients The number of recipients affects the load a message presents to the system. A message with a single recipient has a lower priority than one with a long recipient list. recipient work factor This factor is set in the configuration file with the y option; its default value is 1000. The priority algorithm is as follows: priority=message_size-(message_class * z)+(num_recipients * y) After assigning message priorities, sendmail orders the queue by using the following formula: ordering = priority + creation_time A message’s priority can change each time an attempt is made to deliver it. The “work time factor” (set with the Z option) is a value that increments the priority, on the assumption that a message that has failed many times will tend to fail in the future. Load Limiting sendmail can queue (and not attempt to deliver) mail if the system load average exceeds a specified maximum. The x option defines this maximum limit. When the load average exceeds the maximum, sendmail tests each message’s priority by using the following algorithm, where q is the value associated with the q option, and x is the value associated with the x option: q / (load_average - x + 1) 231 Appendix B: IRIX sendmail Reference In IRIX sendmail, the algorithm is modified slightly. The number of child processes forked by the sendmail daemon is added to the load average. Thus, a host with a load average of 1 but with 6 forked sendmail processes has an effective load average of 7. After the final load average is calculated, sendmail compares it to the message priority for each message. If the priority is greater, sendmail sets the delivery mode to q (queue only). The default value for the q option is 10000; each point of load average is worth 10000 priority points. The X option defines the load average at which sendmail refuses to accept network connections. Locally generated mail (including incoming UUCP mail) is still accepted. Log Level sendmail provides a comprehensive error- and event-logging capability. The L (log level) option in the configuration file determines the level of detail written to the log. The default value for the log level is 1; valid levels are as follows: 232 0 no logging 1 major problems only 2 message collections and failed deliveries 3 successful deliveries 4 messages being deferred (because a host is down, for example) 5 normal message queue-ups 6 unusual but benign incidents, such as trying to process a locked queue file 9 log internal queue ID to external message ID mappings; useful for tracing a message as it travels among several hosts 12 several messages of interest when debugging 16 verbose information regarding the queue The Configuration File The Configuration File This section begins with an overview of the configuration file, describes its semantics in detail, and includes hints on writing a customized version. Admittedly, the file’s syntax is not easy to read or write. A more important design criterion is that the syntax be easy to parse, because it must be parsed each time sendmail starts up. The Syntax The configuration file is a series of lines, each of which begins with a character that defines the semantics for the rest of the line. A line beginning with a space or a tab is a continuation line (although the semantics are not well defined in many places). A blank line or a line beginning with the number symbol (#) is a comment. Rewriting Rules—The S and R Commands The rewriting rules are the core of address parsing. These rules form an ordered production system. During parsing, sendmail scans the set of rewriting rules, looking for a match on the left-hand side (ls) of the rule. When a rule matches, the address is replaced by the right-hand side (rhs) of the rule. The rewriting rules are grouped into sets of one or more rules. Each set has an integer identifier called a rule set number. Each rule set acts like a subroutine: When the set is called, each rule is scanned in sequence until all rules have been scanned or until the rule set returns to the caller. Some rule sets are used internally and have specific semantics. Others do not have specifically assigned semantics and can be referenced by mailer definitions or by other rule sets. Each rule set begins with an S command, with the syntax Sn where n is the rule set identifier, an integer between 0 and 99. If the same rule set identifier is used more than once in a configuration file, the last definition is the one used. Each line within the rule set begins with an R command and defines a rewrite rule. R commands have the syntax Rlhs rhs [comments] 233 Appendix B: IRIX sendmail Reference where the following conditions exist: • The fields are separated by at least one tab character; embedded spaces with a field are acceptable. • Any input matching the lhs pattern is rewritten according to the rhs pattern. • Comments, if any, are ignored. Define Macro—The D Command The D command names a macro and defines its content. A macro name is a single ASCII character. sendmail defines several internal macros of its own. To avoid conflicts, use uppercase letters for all user-defined macros. Lowercase letters and special characters are reserved for system use. (A list of sendmail’s internally defined macros appears under the topic “Special Macros and Conditionals” on page 239.) The Define Macro command takes one of the following forms: DxValue Dx|shell_command [arguments] where x is the name of the macro. The first form defines the macro to contain Value. The second form defines the macro as the first line seen on stdout of the specified shell command. The vertical bar must immediately follow the macro identifier; no white space is permitted. The remainder of the line is interpreted as arguments to the shell command. Macros can be interpolated in most places by means of the escape sequence $x. Caution: sendmail does not honor comments on macro definition lines. For example, the following line defines the D macro as “foo.com # my domain name”: DDfoo.com # my domain name Define Classes—The C and F Commands The C command defines classes of words to match on the left-hand side of rewriting rules, where a “word” is a sequence of characters. A class name is a single uppercase letter. A class might define a site’s local names and be used to eliminate attempts to send to oneself. Classes can be defined either directly in the configuration file or by being read in from a pipe or other file. The sequence cannot contain characters used as “operators” in addresses. (Operators are defined with the $o macro.) 234 The Configuration File The C command takes one of the following forms: CX word1 [word2 ...] CX $x [$y ...] where X is the class name. The first form defines the class to match any of the named words. The second form reads the elements of the class from the expansion of the listed macros. The macros to be expanded must be leftmost in each token. Only one macro can be expanded per token. Any remainder in a token following a macro expansion is added as a separate token. The F command defines a file from which to read the elements of a class, and takes either of the following forms: FX file [format] FX|shell_command [arguments] The first form reads the elements of the class from the named file. If an optional format argument is present, it is passed as the control string to an sscanf() call and applied to each input line read from the named file, thus: sscanf(const char *line, const char *format, char *new-element); There must be no white space to the left of the filename. The second form reads the elements of the class from stdout of the specified shell command. The entire contents of the line are taken to be a shell command followed by its arguments. It is permissible to split class definitions across multiple lines. For example, these two forms are equivalent: CHmonet picasso and CHmonet CHpicasso It is also permissible to define a class using both C and F commands. For example, the following commands define class H containing monet, picasso, the expansion of the $w macro, and all strings from the file /var/tmp/foofile appearing before the first number symbol (#) on each line: 235 Appendix B: IRIX sendmail Reference CHmonet picasso $w FH/var/tmp/foofile %[^#] Caution: sendmail does not honor comments that are not respected on class definition lines. For example, the following command defines the D class as containing “foo.com,” “bar.com,” “#,” “my,” “local,” and “domains”: CD foo.com bar.com # my local domains Define Mailer—The M Command The M command defines programs and interfaces to mailers. The format is as follows: Mname, {field=value}* where name is the name of the mailer (used internally only) and the field=value pairs define attributes of the mailer. The asterisk (*) indicates that the preceding bracketed structure may be repeated 0 or more times. That is, there may be multiple field=value pairs. The following list defines valid field names: Path The pathname of the mailer. Flags Special flags for this mailer; see “Flags, Options, and Files” on page 251 for a list of special flags. Sender A rewriting set for sender addresses. Recipient A rewriting set for recipient addresses. Argv An argument vector to pass to this mailer. Eol The end-of-line string for this mailer. Maxsize The maximum message length to this mailer. Only the first character of the field name is checked. Define Header–The H Command The H command defines the format of header lines that sendmail inserts into a message. The command format is as follows: H[?mflags?]hname: htemplate Continuation lines for an H command line appear in the outgoing message. sendmail macro-expands the htemplate before inserting it into the message. If mflags (which must 236 The Configuration File be surrounded by question marks) appear in the command line, at least one of the specified flags must also appear in the mailer definition or the header will not appear in the message. However, if a header appears in the input message, the header also appears in the output, regardless of these flags. Some headers have special semantics, which are described in “The Semantics” on page 239. Set Option—The O Command Several sendmail options can be set by a command line in the configuration file. Each option is identified by a single character. The format of the O command line is as follows: Oo value The command sets option o to value. Depending on the option, value is a string; an integer; a Boolean (with legal values “t,” “T,” “f,” or “F” and a default of TRUE); or a time interval. The K command is a new command available in IRIX sendmail. This command defines (K)eyed databases that are accessible by means of the lookup operators. See “Define Keyed Files—The K Command” on page 238 for a complete description of the K command. Define Trusted Users—The T Command Trusted users are permitted to override the sender address by using the -f flag. Typically, trusted users are limited to root, uucp, and network. On some systems it may be convenient to include other users. For example, there may be a separate uucp login for each host. Note, though, that the concept of trusted users in sendmail bears no relation to Trusted IRIX/B, or to the concept of trusted (secure) operating systems in general. The format of the T command is as follows: Tuser1 user2... A configuration file can contain multiple T lines. 237 Appendix B: IRIX sendmail Reference Define Precedence—The P Command The P command defines values for the Precedence field. The format of the command line is as follows: Pname=num When sendmail matches the value in a message’s Precedence field with the name in a P command line, sendmail sets the message’s class to num. A higher number indicates a higher precedence. Negative numbers indicate that error messages will not be returned to the sender. The default precedence is zero. For example, a list of precedences might be Pfirst-class=0 Pspecial-delivery=100 Pjunk=-100 Define Keyed Files—The K Command The K command defines a symbolic name for accessing a database. The format of the command line is as follows: Kname type file The name value is the name used to specify the database in a lookup command. The type defines the type of database file, which can be one of the following: dbm Support for the ndbm(3) library. nis Support for NIS (YP) maps. NIS+ is not supported in this version. host Support for DNS lookups (for hostname lookups only). dequote A “pseudo-map” (that is, one that does not have any external data) that allows a configuration file to break apart a quoted string in the address. This is primarily useful for DECnet addresses, which often have quoted addresses that need to be unwrapped on gateways. The file value specifies the filename of the database to be searched. For example, the command: Ksmpassword nis passwd.byname defines smpassword as a special NIS map for the database file passwd.byname. 238 The Configuration File The key lookup command uses the syntax: $(map key$) Continuing with the example, $(smpassword susant$) looks up the username susant in the smpassword map. If it finds a match, it replaces the input with the search results, in this case, the password string for susant. The Semantics This section describes the semantics of the configuration file, including special macros, conditionals, special classes, and the “error” mailer. Special Macros and Conditionals Macros are interpolated by means of the construct $x, where x is the name of the macro to be interpolated. Special macros are named with lowercase letters; they either have special semantics or pass information into or out of sendmail. Some special characters are also reserved, and are used to provide conditionals and other functions. The following syntax specifies a conditional: $?x text1 $| text2 $. This example interpolates text1 if the macro $x is set, and text2 otherwise. The “else” ($|) clause can be omitted. The following macros must be defined if information is to be transmitted into sendmail: e SMTP entry message, which prints out when STMP starts up j “official” domain name for this site; must be the first word of the $e macro l format of the UNIX “From” line; usually a constant n name of the daemon (for error messages); usually a constant 239 Appendix B: IRIX sendmail Reference o set of token operators in addresses q default format of sender address The $o macro consists of a list of characters that are treated as tokens themselves and serve to separate tokens during parsing. For example, if @ were in the $o macro, then the input string “a@b” would scan as three tokens: a, @, and b. Here are several examples of these macro definitions: De$j Sendmail $v/$Z ready at $b Dj$w DlFrom $g $d DnMAILER-DAEMON Do.:%@!^=/[] Dq$g$?x ($x)$. An acceptable alternative format for the $q macro is "$?x$x $.<$g>" . This syntax corresponds to the following two formats: jd@company.com (John Doe) John Doe Some macros are defined by sendmail for interpolation into arguments passed to mailers or for other contexts. These macros are: 240 a origination date in RFC 822 format b current date in RFC 822 format c hop count d date in UNIX (ctime) format f sender (“From”) address g sender address relative to the recipient h recipient host i queue ID p PID for sendmail r protocol used The Configuration File s sender’s hostname t a numeric representation of the current time u recipient user v version number of sendmail w hostname of this site x full name of the sender z home directory of the recipient Macros $a, $b, and $d specify three dates that can be used. The $a and $b macros are in RFC 822 format. $a is the time extracted from the “Date:” line of the message; $b is the current date and time (used for postmarks). If no “Date:” line appears in the incoming message, $a is also set to the current time. The $d macro is equivalent to the $a macro in UNIX format (as described on the ctime(3C) reference page). The $c macro is set to the “hop count,” the number of times this message has been processed. It can be determined by the -h flag on the command line or by counting the time stamps in the message. The $f macro is the ID of the sender as originally determined; when a message is sent to a specific host, the $g macro is set to the address of the sender relative to the recipient. For example, if jd sends to buddy@USomewhere.edu from the machine company.com, the $f macro will be jd and the $g macro will be jd@company.com. When a message is sent, the $h, $u, and $z macros are set to the host, user, and home directory (if local) of the recipient. The first two are set from the $@ and $: part of the rewriting rules, respectively. The $i macro is set to the queue ID on this host; when included in the time-stamp line, it can be extremely useful for tracking messages. The $p and $t macros are used to create unique strings (for example, for the Message-Id field). The $r and $s macros are set to the protocol used to communicate with sendmail and the name of the sending host; these macros are not supported in the current version. The $v macro is set to be the version number of sendmail, which normally appears in time stamps and is extremely useful for debugging. The $w macro is set to the name of this host, if it can be determined. The $x macro is set to the full name of the sender, derived from one of these sources (in this order): 241 Appendix B: IRIX sendmail Reference • a flag to sendmail • the value of the “Full-name:” line in the header if it exists • the comment field of a “From:” line • for messages originating locally, the value from the /etc/passwd file Special Classes The w class is the set of all names this host is known by, and can be used to match local hostnames. The Left-Hand Side The left-hand side of a rewriting rule contains a pattern. Words are simply matched directly. A dollar sign introduces the following meta-syntax: $* Match zero or more tokens. $+ Match one or more tokens. $- Match exactly one token. $=x Match any token in class x. $~x Match any token not in class x. If a match occurs, it is assigned to the symbol $n for replacement on the right-hand side, where n is the index in the lhs. For example, if the lhs $-@$+ is applied to the input jd@company.com the rule will match, and the values passed to the rhs will be 242 $1 jd $2 company.com The Configuration File The Right-Hand Side When the left-hand side of a rewriting rule matches, the input is deleted and replaced by the right-hand side. Right-hand-side tokens are inserted exactly as they appear unless they begin with a dollar sign. The meta-syntax is: $n Substitute indefinite token n from lhs; substitute the corresponding value from a $+, $-, $*, $=, or $~ match on the lhs; can be used anywhere. $[hostname$] Canonicalize hostname; a hostname enclosed between $[ and $] is looked up by the gethostbyname() routines and replaced by the canonical name. For example, $[frodo$] might become frodo.fantasy.com and $[[192.48.153.1]$] would become sgi.com. If gethostbyname() encounters an error, hostname will be returned unchanged. $[name$:default$] This is an extended version of the preceding construct, and provides a way to determine whether the canonicalization was successful. Using this syntax, the default is returned if the canonicalization step fails. For example, $[frodo$:FAIL$] becomes FAIL if gethostbyname() fails to canonicalize frodo. $(x key$@arg$:default$) Look up key in DBM or NIS database x. This is the database lookup syntax; x corresponds to a database previously declared using the K command (described in “Define Keyed Files—The K Command” on page 238) and key is the string that should be searched for in the database. The arg and default arguments are optional. The default is returned if the key was not found in the database. If neither the default nor a matching key is found, the whole expression expands to the value of key. However, if a result is found, it is used as the format string of a sprintf() expression, with the arg as extra argument. Thus, database values with “%s” strings embedded in them can be useful when rewriting expressions. These values could typically be used with the pathalias program to expand routes without leaving sendmail. ${x query$:default$} Look up query in DNS database x. This is the DNS database lookup syntax. The various values of x are internally defined and correspond to various DNS databases. The default argument is optional and will be returned if query cannot be found in the specified database. 243 Appendix B: IRIX sendmail Reference The values for x are listed below. @ Return MX record for query. . As above, but use domain search rules. : Return MR record for query. ? Return MB record for query. c Expand query to its canonical name following MX records. C As above, but use domain search rules. h Like ${c but for A records. H As above, but use domain search rules. When domain search rules are requested, sendmail sets the RES_DNSRCH flag when calling the resolver. See the resolver(4) reference page for further information. $>n Call rule set n; causes the remainder of the line to be substituted as usual and then passed as the argument to rule set n. The final value of rule set n becomes the substitution for this construct. Multiple calls can be embedded on the rhs. For example, $>32$>33$1 would make the substitution for $1 and pass the result to rule set 33. The result from rule set 33 would then be passed as the input to rule set 32. Finally, the entire construct would be replaced with the result from rule set 32. Only embedded rule set calls in the form outlined above are supported. Rule sets calls cannot be arbitrarily placed within the rhs. $#mailer$@host$:user Resolve to mailer; the $# syntax should be used only in rule set 0. The syntax causes evaluation of the rule set to terminate immediately and signals sendmail that the address has completely resolved. This process specifies the {mailer, host, user} triple necessary to direct the mailer. If the mailer is local, the host part may be omitted. The mailer and host must be a single word, but the user may be a multi-part value. An entire rhs may also be prefixed by a $@ or a $: to control evaluation. The $@ prefix causes the rule set to return with the remainder of the rhs as the value. The $: prefix causes the rule to terminate immediately, but the rule set to continue; this can be used to avoid continued application of a rule. The prefix is stripped before continuing. 244 The Configuration File The $@ and $: prefixes may precede a $> specification. For example, R$+ $:$>7$1 matches anything, passes that to rule set 7, and continues; the $: is necessary to avoid an infinite loop. Substitution occurs in the order described: Parameters from the lhs are substituted, host names are canonicalized, “subroutines” are called, and finally $#, $@, and $: are processed. Semantics of Rewriting Rule Sets There are five rewriting rule sets that have specific semantics. Figure B-1 shows the relationship among these rule sets. 0 resolved address 1 addr 3 4 D 2 Figure B-1 S msg R Semantics of Rewriting Rule Sets Rule set 3 should turn the address into canonical form. This form should have the following basic syntax: local-part@host-domain-spec If no “at” (@) sign is specified, then the host-domain-spec can be appended from the sender address (if the C flag is set in the mailer definition corresponding to the sending mailer). sendmail applies rule set 3 before doing anything with any address. 245 Appendix B: IRIX sendmail Reference Next, rule set 0 is applied to an address that actually specifies recipients. The address must resolve to a {mailer, host, user} triple. The mailer must be defined in the mailer definitions from the configuration file. The host is defined into the $h macro for use in the argv expansion of the specified mailer. Rule sets 1 and 2 are applied to all sender and recipient addresses, respectively. They are applied before any specification in the mailer definition. They must never resolve. Rule set 4 is applied to all addresses in the message. It is typically used to translate from internal to external form. The “error” Mailer The mailer with the special name “error” can be used to generate a user error. The (optional) host field is a numeric exit status to be returned, and the user field is a message to be printed. For example, the following entry on the rhs of a rule causes the specified error to be generated if the lhs match: $#error$:Host unknown in this domain This mailer is functional only in rule set 0. Relevant Issues This section discusses testing and debugging the rewrite rules and building mailer definitions. Testing and Debugging the Rewrite Rules As part of building or modifying a configuration file, you should test the new file. sendmail provides a number of built-in tools to assist in this task. The subsections that follow discuss tools and techniques for debugging the rewrite rules. Using Alternative Configuration Files Using the -C command-line flag causes sendmail to read an alternate configuration file. This feature is helpful during debugging because it permits modifications and testing on a separate copy of the configuration file from the one currently in use. This precaution eliminates the chance that a buggy configuration file will be used by an instance of sendmail that is trying to deliver real mail. This flag also provides a convenient way to test 246 The Configuration File any number of configuration files without fussy and potentially confusing renames. See “Using a Different Configuration File” on page 228 and “Command-Line Flags” on page 252 for more information. Test Mode Invoking sendmail with the -bt flag causes it to run in “test mode.” For example, the following command invokes sendmail in test mode and causes it to read configuration file test.cf: /usr/lib/sendmail -bt -Ctest.cf In this mode, sendmail processes lines of the form rwsets address where rwsets is the list of rewriting sets to use and address is an address to which you apply the sets. In test mode, sendmail shows the steps it takes as it proceeds, finally showing the final address. A comma-separated list of rule sets causes sequential application of rules to an input. For example, the following command first applies rule set 3 to the value monet@giverny. Rule set 1 is applied to the output of rule set 3, followed similarly by rule sets 21 and 4: 3,1,21,4 monet@giverny Note: Some versions of sendmail, including those provided with all versions of IRIX prior to IRIX 4.0, automatically apply rule set 3 to input before applying the requested rule set sequence. Versions of sendmail in IRIX 4.0 and later do not apply rule set 3; rule set 3 must be specifically requested. The input and output of each rule set is displayed. For example, input of 3,0 foo@bar might result in output that looks like this: rewrite: ruleset 3 input: foo @ bar rewrite: ruleset 3 returns: foo < @ bar > rewrite: ruleset 0 input: foo < @ bar > rewrite: ruleset 30 input: foo < @ bar . com > rewrite: ruleset 30 returns: foo < @ bar . com > rewrite: ruleset 0 returns: $# forgn $@ bar . com $: foo < @ bar . com > 247 Appendix B: IRIX sendmail Reference This output indicates that, given the address foo@bar, rule set 0 will select the forgn mailer and direct it to connect to host bar.com, which will be told to send the mail on to foo@bar.com. Furthermore, rule set 0 “called” rule set 30 at one point while processing the address. The -d21 Debugging Flag The -d21 debugging flag causes sendmail to display detailed information about the rewrite process. This flag is most useful when used with the test mode described in the preceding subsection. The most useful setting of this flag is -d21.12, which shows all rewrite steps. Higher levels of the -d21 flag are rarely needed and create enormous amounts of output. The Debugging Rewrite Rule The standard /usr/lib/sendmail.cf file supplied with IRIX includes a special “debugging” rewrite rule. This rule is defined as follows: # insert this handy debugging line wherever you have problems #R$* $:$>99$1 Note that rule set 99 is an empty rule set that does nothing. Placing one or more (uncommented) copies of this rule anywhere within a rule set forces sendmail to display an intermediate rewrite result without using the -d21 flag. The following test mode output illustrates the use of the debugging rewrite rule: rewrite: ruleset 3 input: foo @ bar rewrite: ruleset 3 returns: foo < @ bar > rewrite: ruleset 0 input: foo < @ bar > rewrite: ruleset 99 input: foo < @ bar . com > rewrite: ruleset 99 returns: foo < @ bar . com > rewrite: ruleset 99 input: foo < @ barcom > rewrite: ruleset 99 returns: foo < @ barcom > rewrite: ruleset 0 returns: $# ether $@ barcom $: foo < @ barcom > Note that somewhere between the first and second appearance of the debugging rewrite rule in rule set 0, the host name was mangled from bar.com to barcom. 248 The Configuration File Building Mailer Definitions To add an outgoing mailer to a mail system, you must define the characteristics of the mailer. Each mailer must have an internal name. This name can be arbitrary, except that the names “local” and “prog” must be defined. The pathname of the mailer must be given in the P field. If this mailer is accessed by means of an IPC connection (socket), use the string “[IPC]” instead. The F field defines the mailer flags. Specify an f or r flag to pass the name of the sender as an -f or -r flag respectively. These flags are passed only if they were passed to sendmail, so that mailers that give errors under some circumstances can be placated. If the mailer is not picky, just specify “-f $g” in the argv template. If the mailer must be called as root, use the S flag; this flag will not reset the user ID before calling the mailer. (sendmail must be running setuid to root for this technique to work.) If this mailer is local (that is, it will perform final delivery rather than another network hop), use the l flag. Quote characters (backslashes and quotation marks) can be stripped from addresses if the s flag is specified; if it is not, they are passed through. If the mailer is capable of sending to more than one user on the same host in a single transaction, use the m flag. If this flag is on, the argv template containing $u will be repeated for each unique user on a given host. The e flag marks the mailer as being expensive, causing sendmail to defer connection until a queue run. (For this technique to be effective, you must use the c configuration option.) An unusual case is the C flag: it applies to the mailer the message is received from, rather than the mailer being sent to. If this flag is set, the domain specification of the sender (that is, the @host.domain part) is saved and is appended to any addresses in the message that do not already contain a domain specification. For example, if the C flag is defined in the mailer corresponding to jd@company.com, a message of the form From: jd@company.com To: buddy@USomewhere.edu, jane will be modified to From: jd@company.com To: buddy@USomewhere.edu, jane@company.com Other flags are described in “Mailer Flags” on page 256. 249 Appendix B: IRIX sendmail Reference The S and R fields in the mailer description are per-mailer rewriting sets to be applied to sender and recipient addresses, respectively. These sets are applied after the sending domain is appended and the general rewriting sets (1 and 2) are applied, but before the output rewrite (rule set 4) is applied. A typical usage is to append the current domain to addresses that do not already have a domain. For example, depending on the domain it is being shipped into, a header of the form “From: jd” might be changed to “From: jd@company.com” or “From: company!jd.” These sets can also be used to do special-purpose output rewriting with rule set 4. The E field defines the string to use as an end-of-line indication. A string containing only a newline is the default. The usual backslash escapes (\r, \n, \f, \b) can be used. Finally, an argv template is given as the E field. It can have embedded spaces. If there is no argv with a $u macro in it, sendmail will speak SMTP to the mailer. If the pathname for this mailer is “[IPC],” the argv should be IPC $h [ port ] where port is the port number to connect to. This number is optional. For example, the following specification specifies a mailer to do local delivery and a mailer for Ethernet delivery: Mlocal, P=/bin/mail, F=EDFMlsmhu, S=10, R=20, A=mail -s -d $u Mether, P=[IPC], F=mDFMhuXC, S=11, R=21, M=1000000, E=\r\n, \ A=IPC $h The first mailer is called “local” and is located in the file /bin/mail. It has the following characteristics: 250 • It escapes lines beginning with “From” in the message with a “>” sign. • It expects “Date:”, “From:”, and “Message-Id:” header lines. • It does local delivery. • It strips quotation marks from addresses. • It sends to multiple users at once. • It expects uppercase to be preserved in both host and user names. Flags, Options, and Files Rule set 10 is to be applied to sender addresses in the message and rule set 20 is to be applied to recipient addresses. The argv to send to a message is the word mail, the word -s, the word -d, and words containing the name of the receiving user. The second mailer is called “ether” and is connected with an IPC connection. It has the following characteristics: • It handles multiple users at the same time. • It expects “Date:”, “From:”, and “Message-Id:” header lines. • It expects uppercase to be preserved in both host and user names. • It uses the hidden-dot algorithm of RFC 821. • It rewrites addresses so that any domain from the sender address is appended to any receiver name without a domain. Sender addresses are processed by rule set 11; recipient addresses, by rule set 21. There is a 1,000,000-byte limit on messages passed through this mailer. The EOL string for this mailer is "\r\n" and the argument passed to the mailer is the name of the recipient host. Flags, Options, and Files This section contains information on the following topics: • command-line flags • configuration options • mailer flags • summary of support files • debugging flags 251 Appendix B: IRIX sendmail Reference Command-Line Flags Flags must precede addresses. The flags are: -bx -Cfile Set operation mode to x. Operation modes are: a Run in ARPANET mode. The special processing for the ARPANET includes reading the “From:” and “Sender:” lines from the header to find the sender, printing ARPANET-style messages (preceded by three-digit reply codes for compatibility with the FTP protocol) and ending lines of error messages with . d Run as a daemon. i Initialize the alias database. m Deliver mail in the usual way (default). p Print the mail queue. s Speak SMTP on input side. t Run in test mode. v Just verify addresses, don’t collect or deliver. z Freeze the configuration file. Use a different configuration file. sendmail runs as the invoking user (rather than root) when this flag is specified. -dflag[-flag][.level] Set debugging flag (or range of flags) to the specified level. (The default is 1.) See “Debugging Flags” on page 259. 252 -Fname Set the full name of the sender to name. -fname Set the name of the “From” person (the sender of the mail). This flag is ignored unless the user appears in the list of “trusted” users, or name is the same as the user’s name. -hcnt Set the “hop count” to cnt. The hop count is incremented every time the mail is processed. When it reaches a limit, the mail is returned with an error message, the victim of an aliasing loop. -n Don’t do aliasing. Flags, Options, and Files -ox value Set configuration option x to the specified value. These options are described in section “Configuration Options” on page 253. -q[time] Process the queued mail. If the time is given, sendmail will run through the queue at the specified interval to deliver queued mail; otherwise, it runs only once. See “Queue Mode” on page 226. -r name An alternative and obsolete form of -f. -t Read the header for “To:”, “Cc:”, and “Bcc:” lines, and send the message to everyone listed in those lists. The “Bcc:” line is deleted before sending. Any addresses in the argument vector are deleted from the send list. -v Go into verbose mode: Alias expansions are announced, and so on. Configuration Options You can set the following options by using the -o flag on the command line or the O line in the configuration file. Many of these options cannot be specified unless the invoking user is trusted. Afile Use the named file as the alias file. If no file is specified, use alias in the current directory. aN If set, wait up to N minutes for an “@:@” entry to exist in the alias database before starting up. If the entry does not appear in N minutes, rebuild the database (if the D option is also set) or issue a warning. Bc Set the blank substitution character to c. Unquoted spaces in addresses are replaced by this character. c If an outgoing mailer is marked as being expensive, don’t connect immediately. This option requires queueing. dx Deliver in mode x. Legal modes are: i Deliver interactively (synchronously). b Deliver in background (asynchronously). q Just queue the message (deliver during queue run). D Rebuild the alias database if necessary and possible. If this option is not set, sendmail will not rebuild the alias database until you explicitly request it to do so (by using sendmail -bi). 253 Appendix B: IRIX sendmail Reference ex 254 Handle errors by using mode x. The values for x are: p Print error messages (default). q Print no messages; just give exit status. m Mail back errors. w Write back errors (mail the errors if user not logged in). e Mail back errors and always give zero exit status. Fmode Set the UNIX file mode to use when creating queue files and “frozen configuration” files. f Save UNIX style “From” lines at the front of headers. Normally these lines are assumed to be redundant and are discarded. gn Set the default group ID for running mailers to n. Hfile Specify the help file for SMTP. I Insist that the BIND name server be running to resolve hostnames and MX records. Treat ECONNREFUSED errors from the resolver as temporary failures. In general, you should set this option only if you are running the name server. Set this option if the /etc/hosts file does not include all known hosts or if you are using the MX (mail forwarding) feature of the BIND name server. The name server is still consulted even if this option is not set, but sendmail resorts to reading /etc/hosts if the name server is not available. i Do not interpret dots on a line by themselves as a message terminator. Ktimeout Define the maximum amount of time a cached connection is permitted to idle without activity. The timeout is given as a tagged number, with “s” for seconds, “m” minutes, “h” hours, “d” days, and “w” weeks. For example, “K1h30m” and “K90m” both set the timeout to one hour thirty minutes. Ln Set the log level to n. Mx value Set the macro x to value. This option can be used only from the command line. m Send to “me” (the sender) even if the sender is in an alias expansion. Flags, Options, and Files Nnetname Set the name of the home (local) network. If the name of a connecting host (determined by a call to gethostbyaddr()) is unqualified (contains no dots), a single dot and netname will be appended to sendmail’s idea of the name of the connecting host. Later, the argument of the SMTP “HELO” command from the connecting host will be checked against the name of the connecting host as determined above. If they do not match, “Received:” lines are augmented by the connecting hostname that sendmail has generated so that messages can be traced accurately. n Validate the right-hand side when building the alias database. o Assume that the headers may be in an old format, in which spaces delimit names. This option actually turns on an adaptive algorithm: If any recipient address contains a comma, parenthesis, or angle bracket, it will be assumed that commas already exist. If this flag is not on, only commas delimit names. Headers are always written with commas between the names. Paddr Add “postmaster” address addr to the “Cc:” list of all error messages. Qdir Use dir as the queue directory. qfactor Use factor as the multiplier in the function to decide when to queue messages rather than attempting to send them. This value is divided by the difference between the current load average and the load average limit (x option) to determine the maximum message priority that will be sent. This value defaults to 10000. rtime Cause a timeout on reads after time interval. Sfile Log statistics in the named file. s Be super-safe when running; that is, always instantiate the queue file, even if attempting immediate delivery. sendmail always instantiates the queue file before returning control to the client under any circumstances. Ttime Set the queue timeout to time. After this interval, messages that have not been successfully sent are returned to the sender. un Set the default user ID for mailers to n. Mailers without the S flag in the mailer definition run as this user. v Run in verbose mode. 255 Appendix B: IRIX sendmail Reference xLA Use LA as the system load average limit when deciding whether to queue messages rather than attempting to send them. XLA When the system load average exceeds LA, refuse incoming SMTP connections. yfactor This factor is multiplied by the number of recipients and added to the priority. Therefore, this value penalizes messages with large numbers of recipients. Y Deliver each job that is run from the queue in a separate process. Use this option if you are short of memory, since the default tends to consume considerable amounts of memory while the queue is being processed. zfactor This factor is multiplied by the message class (determined by the Precedence field in the user header and the precedence declaration lines in the configuration file) and subtracted from the priority. Therefore, messages with a higher class are favored. Zfactor This factor is added to the priority every time a message is processed. Therefore, this value penalizes messages that are processed frequently. Mailer Flags The following flags can be set in the F field of a mailer definition in the sendmail.cf file: B Don’t wait for SMTP responses. C If mail is received from a mailer with this flag set, any addresses in the header that do not have an “at” sign (@) after being rewritten by rule set 3 have the “@domain” clause from the sender appended. This flag allows mail with headers of the form From: usera@hosta To: userb@hostb, userc to be rewritten automatically as From: usera@hosta To: userb@hostb, userc@hosta 256 D This mailer expects a “Date:” header line. E Escape any lines beginning with “From” in the message with a “>” sign. Flags, Options, and Files e This mailer is expensive to connect to; usually, avoid connecting. Any necessary connection occurs during a queue run. F The mailer expects a “From:” header line. f The mailer expects a -f from flag, but only if this is a network forwarding operation. (That is, the mailer will give an error if the executing user does not have special permissions.) h Uppercase should be preserved in hostnames for this mailer. I This mailer can use certain special SMTP features when transferring mail to another system running sendmail. This option is not required; if it is omitted, the transmission still operates successfully, although perhaps not as efficiently as possible. L Limit the line lengths as specified in RFC 821. l This mailer is local; final delivery will be performed. M This mailer expects a “Message-Id:” header line. m This mailer can send to multiple users on the same host in one transaction. When a $u macro occurs in the argv part of the mailer definition, that field will be repeated as necessary for all qualifying users. n Do not insert a UNIX style “From” line on the front of the message. P This mailer expects a “Return-Path:” line. p Use the return path in the SMTP “MAIL FROM:” command rather than just the return address; although this usage is required in RFC 821, many hosts do not process return paths properly. r Same as f, but sends an -r flag. S Don’t reset the user ID before calling the mailer. Used in a secure environment where sendmail runs as root, this option could avoid forged addresses. This flag is suppressed if given from an “unsafe” environment (such as a user’s mail.cf file). s Strip quotation characters from the address before calling the mailer. U This mailer wants UNIX style “From” lines with the UUCP-style “remote from ” on the end. u Preserve uppercase characters in user names for this mailer. 257 Appendix B: IRIX sendmail Reference V Make all addresses UUCP !-relative to recipient or sender nodes. Addresses of the form recipient_host!foo!bar are rewritten as foo!bar. Addresses of the form mumble!grumble are rewritten as sender_host!mumble!grumble. X This mailer expects to use the hidden-dot algorithm as specified in RFC 821; basically, any line beginning with a dot has an extra dot prepended (to be stripped at the other end). This action ensures that a line containing a dot will not terminate the message prematurely. x This mailer expects a “Full-Name:” header line. Support Files This section provides a summary of the support files that sendmail creates or generates. /usr/lib/sendmail The sendmail program. /usr/lib/sendmail.cf The configuration file in textual form. /usr/bsd/newaliases A link to /usr/lib/sendmail; causes the alias database to be rebuilt. Running this program is equivalent to giving sendmail the -bi flag. /usr/lib/sendmail.fc The configuration file represented as a memory image (the “frozen configuration”). /usr/lib/sendmail.hf The SMTP help file. /usr/lib/sendmail.st A statistics file; need not be present. /usr/lib/sendmail.killed A text file that contains the names of all known “dead” hosts (hosts that no longer exist or cannot receive mail for some reason). /usr/lib/aliases The text version of the alias file. /usr/lib/aliases.{pag,dir} The alias file in ndbm format. 258 Flags, Options, and Files /var/spool/mqueue The directory in which the mail queue and temporary files reside. /var/spool/mqueue/qf* Control (queue) files for messages. /var/spool/mqueue/df* Data files. /var/spool/mqueue/tf* Temporary versions of the qf files, used during queue-file rebuild. /var/spool/mqueue/nf* A file used when a unique ID is created. /var/spool/mqueue/xf* A transcript of the current session. /usr/bin/mailq Prints a listing of the mail queue; using this file is equivalent to using the -bp flag to sendmail. /etc/init.d/mail Shell script for starting and stopping the sendmail daemon. /bin/mail Program that sendmail uses as the “local” mailer. Debugging Flags The following list includes all known debugging flags. Flags that are especially useful are marked with an asterisk (*). 0.1* Force daemon to run in foreground. 0.4* Show known names for local host. 0.15 Print configuration file. 0.44 Have printav() print addresses of elements. 1.1* Show mail “From” address for locally generated mail. 2.1* Print exit status and envelope flags. 5.4 Print arguments to tick() calls. 5.5 Print arguments to setevent() and clrevent() calls. 5.6 Print event queue on tick() call. 6.1 Indicate call to savemail() or returntosender() error processing. 259 Appendix B: IRIX sendmail Reference 260 6.5 Trace states in savemail() state machine. 7.1* Print information on envelope assigned to queue file. 7.2* Print selected queue-file name. 7.20* Print intermediate queue-file name selections. 8.1* Print various information about resolver calls. 9.1* Show results from gethostbyaddr() call. 10.1* Print message delivery information. 11.1 Indicate call to openmailer(). 12.1* Display remotename() input and output. 13.1 sendall()—print addresses being sent to 13.3 sendall()—print each address in loop looking for failure. 13.4 sendall()—print who gets the error. 14.2 Indicate commaize() calls. 15.1 Indicate port or socket number used by getrequests(). 15.2 Indicate when getrequests() forks or returns. 15.15 Set DEBUG socket option in getrequests(). 16.1* Indicate host, address, and socket being connected to in makeconnection(). 16.14 Set DEBUG socket option in makeconnection(). 18.1* Show SMTP chatter. 18.100 Suspend sendmail after reading each SMTP reply. 20.1* Display parseaddr() input and output. 21.2* Show rewrite rule-set subroutine calls/returns and input/output, and display run-time macro expansions. 21.3* Indicate rewrite subroutine call from inside rewrite rule. 21.4* Display rewrite results. 21.10* Indicate rule failures. 21.12* Indicate rule matches and display address-rewrite steps. Flags, Options, and Files 21.15* Show rewrite substitutions. 21.35 Display elements in pattern and subject. 22.36 Display prescan() processing. 22.45 Display more prescan() processing. 22.101 Display even more prescan() processing. 25.1* Show “To” list designations. 26.1* Show recipient designations/duplicate suppression. 26.6* Show recipient password-match processing. 27.1* Print alias and forward transformations and errors. 27.3 Print detailed aliaslookup() information. 30.1 Indicate end of headers when collecting a message. 30.2 Print arguments to eatfrom() calls. 30.3 Indicate when adding an “Apparently-To” header to the message. 31.6 Indicate call to chompheader() and header to be processed. 32.1 Display collected header. 33.1 Display crackaddr() input/output. 35.9* Display macro definitions. 35.24 Display macro expansions. 36.5 Show symbol table processing. 36.9 Show symbol table hash function result. 37.1* Display options as set. 37.2* Show rewrite class loading. 40.1* Indicate queueing of messages and display queue contents. 40.4* Display queue control file contents. 40.5* Display information about message-controlling user. 41.2 Indicate orderq() failure to open control file. 45.1 Indicate setsender() calls. 261 Appendix B: IRIX sendmail Reference 262 50.1 Indicate dropenvelope() calls. 51.4 Don’t remove transcript files (qxAAXXXXX files). 52.1 Indicate call to disconnect(); print I/O file descriptors. 52.5 Don’t perform disconnect. 60.1* Print information about alias database accesses. 61.1* Print information about MX record lookups. Index A adding stations (with BIND), 124 administration, system documentation, xvii-xviii aliases (mail), creating, 202 aliases database building, 185 format of, 185 modifying, 202 rebuilding, 184, 186 testing, 186 troubleshooting, 187 updating, 204 aliases file, 183 arp command, 72 ASSERT error messages (UUCP), 169 B BIND adding domains, 124 adding new stations, 124 and caching-only servers, 107 and forwarders, 111 and network planning, 25 and nslookup, 127 and the /etc/hosts file, 25, 36 boot file, 109 caching-only servers, 110 caching-only server setup, 120 client-server configurations, 105 database files, 108 database management, 123 debugging, 125 deleting stations, 124 /etc/config/named.options file, 112 forwarding servers, 107 forwarding server setup, 121 localhost.rev file, 112 management scripts, 125 master servers, 106 named.rev file, 111 organization of, 104 primary master server, 110 primary server setup, 115, 123 root.cache file, 112 secondary master server, 110 secondary server setup, 119 server configurations, 106 setup example, 114 slave mode, 111 slave servers, 107 SYSLOG messages, 126 BIND database and MX records, 210 BIND host lookup routines, 103 boot file, BIND, 109 bridge, definition of, 8 C caching-only server, BIND, 120 263 Index caching-only servers, 108, 110 chkconfig command, 51, 70 client setup, BIND, 123 configmail script, 181 configuring network controllers, 4 network routers, 38 connecting to the Ethernet, 32 controller boards, and network troubleshooting, 79 controller interface names, 3 controllers (network), configuring, 4 cu command (UUCP), 131 D database files, BIND, 108 database management, BIND, 123 DBM database, 184, 186 deleting staions (with BIND), 124 Devices database (UUCP), 134, 135 DHCP client configuration, 55 network configuration, 53 relay-agent configuration, 55 server configuration, 54 Dialcodes database (UUCP), 134, 145 Dialers database (UUCP), 134, 135, 139 domain name macros and classes (sendmail.cf file), 190 domains definition of, 104 top level, 105 domains (BIND), adding, 124 domain space, definition of, 104 264 E editing the /etc/hosts file, 36 electronic mail and network planning, 29 /etc/chkconfi file, 34 /etc/config/ifconfig.options file, 51 /etc/config/ipaliases file, 50 /etc/config/named.options file, 112 /etc/config/netif.options file, 46, 47 /etc/fstab file, 70 /etc/hosts file, 70 alternatives to, 24 editing, 36 host names in, 24, 35 router entries, 38 /etc/init.d/mail script, 180 /etc/init.d/network initialization script, 70 /etc/init.d/network.local script, 56 /etc/init.d/network script, 38, 56, 71 /etc/sys_id file, 36, 70 Ethernet, testing, 64-67 Ethernet connections to an IRIS system, 32 F forwarders and BIND, 111 forwarding, controlling on routers, 40 forwarding server, BIND, 121 .forward mail file, 209 G gateway, definition of, 8 genperm command (UUCP), 133 Index H K hardware options (network), 3 hardware requirements (network), 1 hosts database modifying, 35 router entries in, 38 hosts database alternatives, 24 kernel parameters and networking, 80 I ifconfig command, 50, 71 ifconfig-hy.options file, 70 ifconfig.options file, 51 inetd daemon, 70 initializing the network, 70 InSight, using NFS, 60 InSight servers, 60 Internet addresses and BIND, 13 and NIS, 13 and subnetworks, 26 classes of, 26 obtaining, 15 planning, 13 Internet Control Message Protocol (ICMP), 37 interpreting network statistics, 74 IPaliases.options file, 50 IP aliasing, 49 ipfiltered daemon, 70 IRIS Networker, 74 IRIX administration documentation, xvii-xviii L localhost entry in /etc/hosts file, 36 localhost.rev file, 112 local station (UUCP), configuring, 158 local stations (UUCP) identifying, 157 logging remote access, 56 M mail domains, 188 mail forwarders, 189 mailq command, 184 mail queue, 208 mail relays, 189 mail system components, 176 Maxuuscheds file (UUCP), 155 Maxuuxqts file (UUCP), 155 modem connections, 2 modifying the hosts database, 35 mqueue directory, 183 MTU Discovery, 77 multi-homed hosts, 51 MX records, 210, 212 N named.boot file, 109, 125 named daemon, 125 named.host file, 111 265 Index named.hosts file, 111 named.rev file, 111 named server, definition of, 103 naming stations, 37 netif.options file, 46, 47, 70 netmask, setting, 45 netmask option, 45 netstat command, 72, 76 NetVisualyzer, 73 network address masks, 45 network applications planning, 28 network configurations, sendmail, 188 network connections, testing, 37 network controllers, choosing, 10 network daemons, 34 network equipment, planning, 8 Network File System (NFS), 99 network hardware options, 3 network hardware requirements, 1 Network Information Center (NIC), 15, 105 networking, preparing an IRIS system for, 31 network initialization, 70 network interfaces modifying, 46 modifying addresses of, 48 modifying names of, 47 network management tools, 71 network master script, 69 network parameters changing, 51 network performance factors, 78 network planning BIND, 25 device number, 10 electronic mail, 29 Internet addresses, 13 266 media selection, 9 network applications, 28 NFS, 29 NIS, 25 PPP, 12 security, 28 size considerations, 7 SLIP, 11 subnetworks, 25 traffic, 10 UUCP, 12 network script, 69 network scripts, creating, 56 network shutdown, 69, 71 Network SLIP connections (NSLIP), 97 network software, IRIS standard distribution, 4 network software checkout, 34 network software options, 5 network statistics, interpreting, 74 network troubleshooting configurations, 79 hardware, 79 media, 79 packet size, 80 servers, 80 newaliases program, 184 NFS and network planning, 29 NIS and network planning, 25 and the /etc/hosts file, 25, 36 nslookup command, 127 P PC TCP/IP connections to an IRIX network, 81 performance factors (network), 78 Index Permissions database (UUCP), 135, 146 ping command, 37, 72, 74 planning for network traffic, 10 Internet addresses, 13 network controllers, 10 network devices, 10 network equipment, 8 network performance, 9 network size, 7 Point to Point Protocol (PPP), 83 dynamic addressing, 97 modem requirements, 86 routing, 94 Poll database (UUCP), 153 PPP and network planning, 12 PPP (Point to Point Protocol), 83 preparing for networking, 31 primary address, 50 primary master server, BIND, 110 primary server, BIND, 115 proclaim client configuration, 55 description, 53 network configuration, 53 relay-agent configuration, 55 server configuration, 54 Q queue, mail, 208 R rarpd daemon, 70 rebooting networked stations, 46 remote access logging, 56 remote stations (UUCP) identifying, 157 remote stations (UUCP), configuring, 162 removing stations (with BIND), 124 repeater, definition of, 8 resolv.conf file, 106 resolver routines, purpose of, 103 root.cache file, 112 route command, 73 router configuring, 38 controlling forwarding on, 40 dual interfaces on, 38 multiple interfaces on, 39 router, definition of, 8 rpcinfo command, 72 rtquery command, 72 rup command, 37, 73 rwhod daemon, 70 S secondary master server, BIND, 110 secondary server, BIND, 119 security and network planning, 28 selecting network media, 9 sendmail files and directories, 181 sendmail and multi-token class matching, 212 command-line flags, 205 design features, 178 functions of, 179 general description, 177 network configurations, 188 267 Index planning list, 192 software components, 179 sendmail.cf.auto file, 182 sendmail.cf file configurable elements, 190 customizing examples, 194 customizing for complex relay networks, 199 customizing for relay networks, 196 customizing for standalone stations, 195 forwarder name macros and class, 191 general description, 182 killed stations class, 192 pathalias database macro, 192 relay name macro, 191 top-level domain macro, 192 sendmail command configuration file flag, 207 daemon mode, 206 debugging flags, 207 delivery mode, 205 queue mode, 206 test mode, 207 verify mode, 206 sendmail commands, 184 sendmail daemon, 180, 183, 204 sendmail.fc file, 182 sendmail.hf file, 182 sendmail management, 205 sendmail script, 180 sendmail scripts, 180 sendmail.st file, 183 Serial Line Interface Protocol (SLIP) and bidirectional links, 98 and data compression, 83 and file transfers, 100 and NFS, 99 debugging, 100 modem requirements, 86 modems for, 86 268 modems settings for, 86 purpose of, 99 Serial Line Internet Protocol (SLIP) and network planning, 11 routing, 94 serial line networks, 2 setting network masks, 45 setup kernel, 80 shutting down the network, 69, 71 Signal Quality Error, 79 slave mode, BIND, 111 snmpd daemon, 70 SPECTRUM, 73 spray command, 72 standalone mode, 70 standard distribution network software, 4 starting the network, 69 station naming, 37 subnetworks and network masks, 45 and troubleshooting, 80 Internet addresses for, 26 planning, 25 Sysfiles database (UUCP), 154 system administration documentation, xvii-xviii Systems database (UUCP), 134, 142 T TCP/IP connectivity to personal computers, 81 TCP/IP tuning, 77 testing connectivity, 37 timed daemon, 70 timeslave daemon, 70 Index traceroute command, 73 transmitters, and network troubleshooting, 79 troubleshooting network hardware, 79 ttcp command, 73, 75 tunable parameters and networking, 80 tuning TCP/IP, 77 U UNIX to UNIX Copy Program, see UUCP unknown file (UUCP), 155 /usr/bin/mailq command, 184 /usr/bin/rup command, 73 /usr/bsd/newaliases program, 184 /usr/etc/arp command, 72 /usr/etc/configmail script, 181 /usr/etc/ifconfig command, 71 /usr/etc/named.d/named.boot file, 109 /usr/etc/named.reload script, 125 /usr/etc/named.restart script, 125 /usr/etc/netstat command, 72 /usr/etc/ping command, 72 /usr/etc/resolv.conf, 112 /usr/etc/route command, 73 /usr/etc/rpcinfo command, 72 /usr/etc/rtquery command, 72 /usr/etc/spray command, 72 /usr/etc/traceroute command, 73 /usr/etc/ttcp command, 73 /usr/lib/aliases database, 185 /usr/lib/aliases file, 183 /usr/lib/sendmail.cf.auto file, 182 /usr/lib/sendmail.cf file, 182 /usr/lib/sendmail.fc file, 182 /usr/lib/sendmail.hf file, 182 /usr/lib/sendmail program, 184 /usr/lib/sendmail.st file, 183 /usr/mail directory, 184 /usr/spool/mqueue directory, 183 uucheck command (UUCP), 133 uucico daemon (UUCP), 133, 134 uucleanup command (UUCP), 133 UUCP administrative commands, 132 administrative files for, 155 and direct links, 131 and modem setup, 131 and network planning, 12 and TCP/IP, 130, 165 and telephone lines, 131 configuring local stations, 158 configuring remote stations, 162 daemons, 133 definition of, 129 error messages for, 169 hardware requirements, 131 identifying local stations, 157 identifying remote stations, 157 mail, 201 physical connections for, 158 setting up, 157 supporting databases, 134 testing connections for, 166 user commands, 131 uucp command (UUCP), 132 uugetty program (UUCP), 134 uulog command (UUCP), 132 uupick command (UUCP), 132 uustat command (UUCP), 132 uuto command (UUCP), 132 Uutry command (UUCP), 133 uux command (UUCP), 132 uuxqt daemon (UUCP), 134 269 Index V /var/sysgen/master.d/bsd file, 80 Y y, 81 Z zones, definition of, 105 270 Tell Us About This Manual As a user of Silicon Graphics products, you can help us to better understand your needs and to improve the quality of our documentation. Any information that you provide will be useful. Here is a list of suggested topics: • General impression of the document • Omission of material that you expected to find • Technical errors • Relevance of the material to the job you had to do • Quality of the printing and binding Please send the title and part number of the document with your comments. The part number for this document is 007-2860-002. Thank you! Three Ways to Reach Us • To send your comments by electronic mail, use either of these addresses: – On the Internet: techpubs@sgi.com – For UUCP mail (through any backbone site): [your_site]!sgi!techpubs • To fax your comments (or annotated copies of manual pages), use this fax number: 415-965-0964 • To send your comments by traditional mail, use this address: Technical Publications Silicon Graphics, Inc. 2011 North Shoreline Boulevard, M/S 535 Mountain View, California 94043-1389
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.1 Linearized : No Page Count : 293 Create Date : 1999:01:07 18:09:09 Producer : Acrobat Distiller 3.02EXIF Metadata provided by EXIF.tools