News Group Posts

sendmail setup guide

Subject: MMDF to Sendmail + Sendmail Webmin Setup guide
From: dowagiac_2000@yahoo.com (Matt Lewis)
Date: Wed, Feb 12, 2003 2:55 PM

** Installing Sendmail 8.11.x on SCO OpenServer 5.0.x **
                                                Feb 10, 2002

key::
Commands are surrounded by ( )
Examples are quoted " "  



** Introduction **
To thwart the ever-growing problem of junk and spam
email, which in many cases cripples systems and daily,
business operations it will be necessary to convert
a growing number of systems to newer and more secure
methods of mail deliver.  Methods to implement include
the blocking of mail relaying through systems.  Checks of
who is sending mail and who is authorized to do so.
Creation of blacklisted senders from which mail will
always be rejected.  Creation of white lists specifying
each individual who is allowed mail access while denying
all others. Using new techniques of identifying sources of
spam email such as real time black hole lists and content
filtering such as spamassassin.
** Advantages of Sendmail over MMDF **

a_ Better Relay checking
b_ Better DNS failure rejection
c_ Hosts, user, and network access restrictions applicable
d_ Better industry support, documentation and ongoing development over
MMDF or similar mailers.
e_ Graphical Administration tools available for most environments
including SCO OpenServer 5.0.x through Webmin
f_ Ability to add custom features like blocking incoming mail with
listed words in subject.
g_ Support for new techniques for mail filtering or rejection such as
content filters of distributed database through dns.

** Preparing for Upgrade **

1. Backup the usr mail files in /usr/spool/mail/ 
   ( cp -rp /usr/spool/mail  /tmp/ ) 
   using -rp flags to preserve permissions on mail spool files.
Uninstalling mmdf or sendmail will remove all files in /usr/spool/mail
   Backup the mmdf aliases file. This will later be appended to
/usr/lib/mail/aliases for sendmail
   ( cp /usr/mmdf/table/aliases /tmp/ )
   Backup the mmdftailor config for reference
   ( cp /usr/mmdf/mmdftailor /tmp/ )

2. To uninstall mmdf issue
   custom -p SCO:odtes -d SCO:MMDF

3. By default Openserver 5.0.5 has Sendmail 8.8.8b
installed.  You should not use this as many known exploits
exist for this version of Sendmail.  Also many of the
anti-spam features of Sendmail are not fully implemented in
this version The newest complete Sendmail package available
from SCO is part of supplement rs506a meant for Openserver
5.0.6.  Included is Sendmail 8.11.0.  This supplement will
work on Openserver 5.0.5 and Openserver 5.0.4.

** Note: On Openserver 5.0.6b if you have Sendmail already installed
you will get an error saying you are trying to install an older
version of Sendmail.

This is not the case.  You must first uninstall your current version
of sendmail with the following # custom -p SCO:ODTES -d SCO:SendMail. 
Then install

sendmail 8.11.0 from rs506a 

** Downloading the Software **

1. Download rs506a.tar at ftp.sco.com
/pub/openserver5/rs506a/rs506a.tar
2. Extract the media images into the /tmp directory
   (tar xvf /tmp/rs506a.tar)
3. Issue ( scoadmin software) 
   Select Install new from Media Images.  This will list
   several different components, which can be installed.
   Only select Sendmail and install. The installation
   procedure will have an error.  Ignore this error with
   'i' and continue the Sendmail installation.
4. Now download the sendmail.8.11.0.tar.Z from ftp.sendmail.org
/pub/sendmail/past-releases/sendmail.8.11.0.tar.Z

5. Uncompress and untar sendmail.8.11.0.tar.Z in /usr/local/
   ( cd /usr/local/sendmail.8.11.0/cf/cf )
   (cp sco-generic.mc /usr/local/sendmail.8.11.0/cf/cf ) 
   Note: sco-generic.mc is a Sco OpenServer specific
   config file for Sendmail that is attached at the end
   of this documentation.  Cut and paste into a an editor
   and name this sco-generic.mc
 
** Creating the config file sendmail.cf **

1. Use the sco-generic.mc file for specific use with SCO Openserver.
   The only item in most configurations that will need changing in
sco-generic.mc is the name of the domain you would like to

MASQUERADE_AS(`testdomain.com)dnl    Change this
to the domain you are setting sendmail up for.
Once saved issue ( m4 sco-generic.mc > test.cf )
in the /usr/local/sendmail.8.11.0/cf/cf directory. This
will process the configuration directives and create our
initial configuration.

2. ( cp test.cf /usr/lib/sendmail.cf )

3. Now create the files referenced in sco-generic.mc

4. ( touch /usr/lib/mail/access ):: Access database crucial for Anti-Spam 
( touch /usr/lib/mail/relay-domains )  :: List of hosts we will relay mail for 
( touch /usr/lib/mail/local-host-names ) :: List of names the local host is known by 
( touch /usr/lib/mail/blocked_subjects ) :: List of words
or phrases that will be rejected in subject.  Note:  In
the blocked_subjects file phrases such as this is it must
have the spaces replaces with dots.  Exa.  "this is it"
becomes "this.is.it" Note: After entries have been made
to /usr/lib/mail/blocked_subjects you  must stop and start
sendmail for entries to be updated using.
( /etc/init.d/sendmail stop; /etc/init.d/sendmail start) or issue a kill -HUP "process id of sendmail" 
( touch /usr/lib/mail/local-host-names ) :: List of names the mail server is know as 
( touch /usr/lib/mail/statistics ):: Will keep track of statistics.  Use mailstats command to view statistics from this file.  Create directory /var/adm/sendmail :: This directory will save sendmail stats and status to files.  Use the hoststat command to view this information.  
( mkdir /var/adm/sendmail )  
( cd /usr/lib/mail/ ) 
( makemap hash access < access )
 makemap hash relay-domains < relay-domains )
   local-host-names : is a plain text file and needs no
   special processing.  blocked_subjects : is a plain text
   file and needs no special processing statistics file  :
   needs no special processing

5. Now append the saved aliases file from the MMDF setup to
/usr/lib/mail/aliases
   ( cat aliases >> /usr/lib/mail/aliases )
   Edit aliases removing MMDF specific text, leaving the aliases behind
   Issue 
   ( newaliases ); builds the aliases database. 
   Add to /usr/lib/mail/local-host-names ; names which the mail server
is known by  exa.
   test-domain.com
   test.test-domain.com
   test

6. For Anti-Spam to have a chance we must have reverse DNS
   Make the following entries in /etc/resolv.conf
   exa. (replace 66.66.66.x with your sites nameserver ip addresses)
   nameserver 66.66.66.6
   nameserver 66.66.66.7
   hostresorder local bind nis
   The nameserver entries will be the nameserver/dns servers that your
internet service provider has specified to you.

6a. Replace the erased spool files /usr/spool/mail from /tmp  
   ( cp -rp /tmp/mail/* /usr/spool/mail/ )  

6c. Restart /etc/inetd service by finding the pid of inetd using 
   ( ps -ef |grep inetd ) Then to force inetd to re-read its
configuration issue
   ( kill -HUP "process id of inetd" )

6d. Any special processing files used with mmdf such
as .maildelivery will have to be migrated to sendmail.
For example mmdf can use .maildelivery to forward mail.
Sendmail uses the .forward file in each users home
directory to accomplish this.

6e. Another potential pitfall is that even after
switching from MMDF to Sendmail the mail user agents
on OpenServer such as scomail still look to the file
/usr/mmdf/mmdftailor.  To get the host.domainname to
put into the headers of all outbound messages.  A dummy
mmdftailor file is created for automatically by installing
Sendmail but be sure to check this file to make that the
hostname and domain are correct.

7. Now issue
   ( /etc/init.d/sendmail start )
   If lucky everything is fine.
   To test issue swaping username@domain.com for your own
   ( /usr/lib/sendmail -v username@domain.com  < /dev/null )
   If this delivers, sendmail should be properly configured.
   To check remote access: exa
--
telnet test.test-domain.com 25 
Trying 209.131.73.132...
Connected to test.test-domain.com.
Escape character is '^]'.
220 test.test-domain.com ESMTP Sendmail 8.11.0/8.11.0; Mon, 17 Jun
2002 19:
59:34 GMT
mail from:<test@testdomain.com>
250 2.1.0 <test@testdomain.com>... Sender ok
rcpt to:<test@test-domain.com>
250 2.1.5 <test@test-domain.com>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
.
250 2.0.0 g5HJxks13843 Message accepted for delivery
quit
221 2.0.0 test.test-domain.com closing connection
Connection closed by foreign host.
--
8. Check /usr/adm/syslog for sendmail errors. 

9. Once you are done with this configuration you should
have a standalone mail server.  That is mail will not be
relayed to or sent by any other mail server but will be
sent directly out by your domain.  No DNS or nameserver
setup is needed beyond entries in /etc/resolv.conf which
will allow the system to query the domain name servers of
your internet service provider to determine the routing
of mail.

10.  Addittionally you will have a number of features enabled to
prevent abuse of and spam email to your mail server.  Including
real-time black hole lists

etc..


Graphical Sendmail Administration

Webmin (www.webmin.com) is a web based interface for
configuring and maintaining many aspects of a system.
It is driven by perl scripting and thus very portable to
many platforms.  The currently available version 0.98 fully
supports SCO Openserver and is an especially good solution
for maintenance and admin of many less understood system
services such as Sendmail.

Installation

1. Download Perl package from 
ftp://ftp2.sco.com/pub/skunkware/osr5/vols/

2. Install as a package using 
( scoadmin ) software -> Install new

3. Download the newest version of Webmin
from www.webmin.com.  SCO does have a version
of Webmin in the Skunkware distribution at
ftp2.sco.com/pub/skunkware/osr5/vols/.  Installation of
Webmin from www.webmin.com is smoother for SCO Openserver
though

4. Untar webmin in /usr/local/
This will create a directory /usr/local/webmin-0.9x.x
( cd /usr/local/webmin-0.9x.x )
( ./setup.sh )

This script will prompt you for several items.  Leave everything at
default except the following items.

Config files
/usr/local/etc/webmin
Log files
/usr/local/log/webmin

Admin user is root not admin as the default

Once webmin is installed you can start and stop the server with the
following commands.

/usr/local/etc/webmin/start
/usr/local/etc/webmin/stop


5. Now open a browser and type in the hostname or ip address of the
host and the port that you installed Webmin the default being 10000. 
examples

http://test.test-domain.com:10000
http://100.100.0.0:10000


5a. So that webmin will be started automatically on bootup issue.
mv /etc/rc.d/K99webmin /etc/rc0.d/
mv /etc/rc.d/S99webmin /etc/rc2.d/

6. Login with root and root password

7. Configure Webmin users and modules.  Very good documentation on
Webmin and all modules it contains are available at www.webmin.com

8.      Sendmail will need its module configured for use with SCO
Openserver.  Primarily to tell the module where the files Sendmail
uses are located.



******************  Below is attached sco-generic.mc file
******************************
        
divert(-1)
# 
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
#       All rights reserved.
# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
# Copyright (c) 1988, 1993
#       The Regents of the University of California.  All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)dnl
dnl #################### Setup ##################################
include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4')
VERSIONID(`$Id: sco-generic.mc,v 1.00 2002/07/12 ML Exp $')dnl
OSTYPE(`sco3.2')dnl

dnl ################### Network Specific ########################
MASQUERADE_AS(`host.domain')dnl

dnl ################### Server Specific #########################
dnl # Commonly used Files
define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl
define(`confCR_FILE',`-o /usr/lib/mail/relay-domains')dnl
define(`confCW_FILE',`-o /usr/lib/mail/local-host-names')dnl
define(`STATUS_FILE',`-o /usr/lib/mail/statistics')dnl
define(`confHOST_STATUS_DIRECTORY',`/usr/adm/sendmail')dnl

dnl # SCO Openserver Specific variables and options  
dnl # Needed to fix error with /usr/lib/uucp/ permission on SCO
OpenServer
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl

dnl # Options to correct deficient bind setup under SCO Openserver.  
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl

dnl ################## Features ################################
FEATURE(`access_db',`hash -o /usr/lib/mail/access')dnl 
FEATURE(`use_cw_file')dnl
FEATURE(`masquerade_envelope')dnl

dnl ################## Anti-Spam / Security Features & Definitions
#########
dnl # Disable certain SMTP commands that lend themselves to spam
define(`confPRIVACY_FLAGS',authwarnings,novrfy,noexpn,noverb,restrictmailq,restrictqrun,needmailhelo')dnl

dnl # Real Time Black Hole Lists.  Currently the best
FEATURE(`dnsbl',`relays.ordb.org')dnl
FEATURE(`dnsbl',`relays.osirusoft.com')dnl
FEATURE(`dnsbl',`list.dsbl.org')dnl

dnl # Dont Let anyone know exactly what version or Mail Daemon you are
running
define(`confSMTP_LOGIN_MSG',`$j Mail Secure/Rabid; $b')dnl

dnl # Options to help cut down on dictionary attacks
define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl 

dnl # Options to limit the load on the mail server
define(`confMAX_DAEMON_CHILDREN',`25')dnl

dnl # Restricted Shell for security
FEATURE(`smrsh')


dnl ################# Parameters ###############################
EXPOSED_USER(`root')
define(`confMAX_MESSAGE_SIZE',`15000000')dnl

dnl # Sco Version does not correctly pick up the TIME_ZONE
define(`confTIME_ZONE',`USE_TZ')dnl

dnl ################# Mailer Definitions #######################
MAILER(`local')dnl
MAILER(`smtp')dnl

dnl ################ Local Rulesets ############################
dnl # Ruleset to block incoming mail by searching subject for blocked
words
dnl # or phrases
dnl # Note: Multi word entries in blocked_subjects file must have 
dnl # spaces replaced by "." Exa.  "this is it" becomes "this.is.it"
dnl # Any changes to blocked_subjects file requires a restart or HUP
of
dnl # Sendmail. exa (kill -HUP "pid of sendmail")
dnl # If you want to go really over-board with the number of
blocked_subjects
dnl # I recommend turning this into a map.

LOCAL_CONFIG
F{MRej} /usr/lib/mail/blocked_subjects

LOCAL_RULESETS
HSubject: $>CheckSubject
D{MMsg} Mail blocked.
SCheckSubject
R$* $={MRej}$*          $#error $: 550 ${MMsg}
 

Comments?

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.