Best of the Newsgroups: sendmail setup guide

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

Subject: MMDF to Sendmail + Sendmail Webmin Setup guide
From: dowagiac_2000@yahoo.com (Matt Lewis)
Date: Wed, Feb 12, 2003 2:55 PM

** Installing Sendmail 8.11.x on SCO OpenServer 5.0.x **
                                                Feb 10, 2002

key::
Commands are surrounded by ( )
Examples are quoted " "  

** Introduction **
To thwart the ever-growing problem of junk and spam email, which in
many cases cripples systems and daily, business operations it will be
necessary to

convert a growing number of systems to newer and more secure methods
of mail deliver.  Methods to implement include the blocking of mail
relaying through

systems.  Checks of who is sending mail and who is authorized to do
so.  Creation of blacklisted senders from which mail will always be
rejected.  Creation

of white lists specifying each individual who is allowed mail access
while denying all others. Using new techniques of identifying sources
of spam email

such as real time black hole lists and content filtering such as
spamassassin.

** Advantages of Sendmail over MMDF **

a_ Better Relay checking
b_ Better DNS failure rejection
c_ Hosts, user, and network access restrictions applicable
d_ Better industry support, documentation and ongoing development over
MMDF or similar mailers.
e_ Graphical Administration tools available for most environments
including SCO OpenServer 5.0.x through Webmin
f_ Ability to add custom features like blocking incoming mail with
listed words in subject.
g_ Support for new techniques for mail filtering or rejection such as
content filters of distributed database through dns.


** Preparing for Upgrade **

1. Backup the usr mail files in /usr/spool/mail/ 
   ( cp -rp /usr/spool/mail  /tmp/ ) 
   using -rp flags to preserve permissions on mail spool files.
Uninstalling mmdf or sendmail will remove all files in /usr/spool/mail
   Backup the mmdf aliases file. This will later be appended to
/usr/lib/mail/aliases for sendmail
   ( cp /usr/mmdf/table/aliases /tmp/ )
   Backup the mmdftailor config for reference
   ( cp /usr/mmdf/mmdftailor /tmp/ )

2. To uninstall mmdf issue
   custom -p SCO:odtes -d SCO:MMDF

3. By default Openserver 5.0.5 has Sendmail 8.8.8b installed.  You
should not use this as many known exploits exist for this version of
Sendmail.  Also many

   of the anti-spam features of Sendmail are not fully implemented in
this version
   The newest complete Sendmail package available from SCO is part of
supplement rs506a meant for Openserver 5.0.6.  Included is Sendmail
8.11.0.  This

supplement will work on Openserver 5.0.5 and Openserver 5.0.4.  

** Note: On Openserver 5.0.6b if you have Sendmail already installed
you will get an error saying you are trying to install an older
version of Sendmail.

This is not the case.  You must first uninstall your current version
of sendmail with the following # custom -p SCO:ODTES -d SCO:SendMail. 
Then install

sendmail 8.11.0 from rs506a 

** Downloading the Software **

1. Download rs506a.tar at ftp.caldera.com
/pub/openserver5/rs506a/rs506a.tar
2. Extract the media images into the /tmp directory
   (tar xvf /tmp/rs506a.tar)
3. Issue ( scoadmin software) 
   Select Install new from Media Images.  This will list several
different components, which can be installed.  Only select Sendmail
and install. The

installation procedure will have an error.  Ignore this error with 'i'
and continue the Sendmail installation.
4. Now download the sendmail.8.11.0.tar.Z from ftp.sendmail.org
/pub/sendmail/past-releases/sendmail.8.11.0.tar.Z

5. Uncompress and untar sendmail.8.11.0.tar.Z in /usr/local/
   ( cd /usr/local/sendmail.8.11.0/cf/cf )
   (cp sco-generic.mc /usr/local/sendmail.8.11.0/cf/cf ) 
   Note: sco-generic.mc is a Sco OpenServer specific config file for
Sendmail that is attached at the end of this documentation.  Cut and
paste into a an

   editor and name this sco-generic.mc
 
** Creating the config file sendmail.cf **

1. Use the sco-generic.mc file for specific use with SCO Openserver.
   The only item in most configurations that will need changing in
sco-generic.mc is the name of the domain you would like to

MASQUERADE_AS(`testdomain.com)dnl    Change this to the domain you are
setting sendmail up for.  Once saved issue
   ( m4 sco-generic.mc > test.cf ) in the
/usr/local/sendmail.8.11.0/cf/cf directory. This will process the
configuration directives and create our initial

   configuration.

2. ( cp test.cf /usr/lib/sendmail.cf )

3. Now create the files referenced in sco-generic.mc

4. ( touch /usr/lib/mail/access ):: Access database crucial for
Anti-Spam
   ( touch /usr/lib/mail/relay-domains )  :: List of hosts we will
relay mail for
   ( touch /usr/lib/mail/local-host-names ) :: List of names the local
host is known by
   ( touch /usr/lib/mail/blocked_subjects ) :: List of words or
phrases that will be rejected in subject.
   Note:  In the blocked_subjects file phrases such as this is it must
have the spaces replaces with dots.  Exa.  "this is it" becomes
"this.is.it"
   Note: After entries have been made to
/usr/lib/mail/blocked_subjects you  must stop and start sendmail for
entries to be updated using. (

/etc/init.d/sendmail stop; /etc/init.d/sendmail start) or issue a kill
-HUP "process id of sendmail"
   ( touch /usr/lib/mail/local-host-names ) :: List of names the mail
server is know as
   ( touch /usr/lib/mail/statistics ):: Will keep track of statistics.
 Use mailstats command to view statistics from this file.
   Create directory /var/adm/sendmail :: This directory will save
sendmail stats and status to files.  Use the hoststat command to view
this information.
   ( mkdir /var/adm/sendmail )  
   ( cd /usr/lib/mail/ )
   ( makemap hash access < access )
   ( makemap hash relay-domains < relay-domains )
   local-host-names : is a plain text file and needs no special
processing.
   blocked_subjects : is a plain text file and needs no special
processing
   statistics file  : needs no special processing

5. Now append the saved aliases file from the MMDF setup to
/usr/lib/mail/aliases
   ( cat aliases >> /usr/lib/mail/aliases )
   Edit aliases removing MMDF specific text, leaving the aliases
behind
   Issue 
   ( newaliases ); builds the aliases database. 
   Add to /usr/lib/mail/local-host-names ; names which the mail server
is known by  exa.
   test-domain.com
   test.test-domain.com
   test

6. For Anti-Spam to have a chance we must have reverse DNS
   Make the following entries in /etc/resolv.conf
   exa. (replace 66.66.66.x with your sites nameserver ip addresses)
   nameserver 66.66.66.6
   nameserver 66.66.66.7
   hostresorder local bind nis
   The nameserver entries will be the nameserver/dns servers that your
internet service provider has specified to you.

6a. Replace the erased spool files /usr/spool/mail from /tmp  
   ( cp -rp /tmp/mail/* /usr/spool/mail/ )  

6c. Restart /etc/inetd service by finding the pid of inetd using 
   ( ps -ef |grep inetd ) Then to force inetd to re-read its
configuration issue
   ( kill -HUP "process id of inetd" )

6d. Any special processing files used with mmdf such as .maildelivery
will have to be migrated to sendmail.  For example mmdf can use
.maildelivery to

forward mail.  Sendmail uses the .forward file in each users home
directory to accomplish this.

6e. Another potential pitfall is that even after switching from MMDF
to Sendmail the mail user agents on OpenServer such as scomail still
look to the file

  /usr/mmdf/mmdftailor.  To get the host.domainname to put into the
headers of all outbound messages.  A dummy mmdftailor file is created
for

automatically by installing Sendmail but be sure to check this file to
make that the hostname and domain are correct.

7. Now issue
   ( /etc/init.d/sendmail start )
   If lucky everything is fine.
   To test issue swaping username@domain.com for your own
   ( /usr/lib/sendmail -v username@domain.com  < /dev/null )
   If this delivers, sendmail should be properly configured.
   To check remote access: exa
--
telnet test.test-domain.com 25 
Trying 209.131.73.132...
Connected to test.test-domain.com.
Escape character is '^]'.
220 test.test-domain.com ESMTP Sendmail 8.11.0/8.11.0; Mon, 17 Jun
2002 19:
59:34 GMT
mail from:<test@testdomain.com>
250 2.1.0 <test@testdomain.com>... Sender ok
rcpt to:<test@test-domain.com>
250 2.1.5 <test@test-domain.com>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
.
250 2.0.0 g5HJxks13843 Message accepted for delivery
quit
221 2.0.0 test.test-domain.com closing connection
Connection closed by foreign host.
--
8. Check /usr/adm/syslog for sendmail errors. 

9. Once you are done with this configuration you should have a
standalone mail server.  That is mail will not be relayed to or sent
by any other mail server

   but will be sent directly out by your domain.  No DNS or nameserver
setup is needed beyond entries in /etc/resolv.conf which will allow
the system to

  query the domain name servers of your internet service provider to
determine the routing of mail.

10.  Addittionally you will have a number of features enabled to
prevent abuse of and spam email to your mail server.  Including
real-time black hole lists

etc..


Graphical Sendmail Administration

Webmin (www.webmin.com) is a web based interface for configuring and
maintaining many aspects of a system.  It is driven by perl scripting
and thus very

portable to many platforms.  The currently available version 0.98
fully supports SCO Openserver and is an especially good solution for
maintenance and admin

of many less understood system services such as Sendmail.


Installation

1. Download Perl package from 
ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/

2. Install as a package using 
( scoadmin ) software -> Install new

3. Download the newest version of Webmin from www.webmin.com.  SCO
does have a version of Webmin in the Skunkware distribution at

ftp2.caldera.com/pub/skunkware/osr5/vols/.  Installation of Webmin
from www.webmin.com is smoother for SCO Openserver though

4. Untar webmin in /usr/local/
This will create a directory /usr/local/webmin-0.9x.x
( cd /usr/local/webmin-0.9x.x )
( ./setup.sh )

This script will prompt you for several items.  Leave everything at
default except the following items.

Config files
/usr/local/etc/webmin
Log files
/usr/local/log/webmin

Admin user is root not admin as the default

Once webmin is installed you can start and stop the server with the
following commands.

/usr/local/etc/webmin/start
/usr/local/etc/webmin/stop


5. Now open a browser and type in the hostname or ip address of the
host and the port that you installed Webmin the default being 10000. 
examples

http://test.test-domain.com:10000
http://100.100.0.0:10000


5a. So that webmin will be started automatically on bootup issue.
mv /etc/rc.d/K99webmin /etc/rc0.d/
mv /etc/rc.d/S99webmin /etc/rc2.d/

6. Login with root and root password

7. Configure Webmin users and modules.  Very good documentation on
Webmin and all modules it contains are available at www.webmin.com

8.      Sendmail will need its module configured for use with SCO
Openserver.  Primarily to tell the module where the files Sendmail
uses are located.



******************  Below is attached sco-generic.mc file
******************************
        
divert(-1)
# 
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
#       All rights reserved.
# Copyright (c) 1983 Eric P. Allman.  All rights reserved.
# Copyright (c) 1988, 1993
#       The Regents of the University of California.  All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)dnl
dnl #################### Setup ##################################
include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4')
VERSIONID(`$Id: sco-generic.mc,v 1.00 2002/07/12 ML Exp $')dnl
OSTYPE(`sco3.2')dnl

dnl ################### Network Specific ########################
MASQUERADE_AS(`host.domain')dnl

dnl ################### Server Specific #########################
dnl # Commonly used Files
define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl
define(`confCR_FILE',`-o /usr/lib/mail/relay-domains')dnl
define(`confCW_FILE',`-o /usr/lib/mail/local-host-names')dnl
define(`STATUS_FILE',`-o /usr/lib/mail/statistics')dnl
define(`confHOST_STATUS_DIRECTORY',`/usr/adm/sendmail')dnl

dnl # SCO Openserver Specific variables and options  
dnl # Needed to fix error with /usr/lib/uucp/ permission on SCO
OpenServer
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl

dnl # Options to correct deficient bind setup under SCO Openserver.  
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl

dnl ################## Features ################################
FEATURE(`access_db',`hash -o /usr/lib/mail/access')dnl 
FEATURE(`use_cw_file')dnl
FEATURE(`masquerade_envelope')dnl

dnl ################## Anti-Spam / Security Features & Definitions
#########
dnl # Disable certain SMTP commands that lend themselves to spam
define(`confPRIVACY_FLAGS',authwarnings,novrfy,noexpn,noverb,restrictmailq,restrictqrun,needmailhelo')dnl

dnl # Real Time Black Hole Lists.  Currently the best
FEATURE(`dnsbl',`relays.ordb.org')dnl
FEATURE(`dnsbl',`relays.osirusoft.com')dnl
FEATURE(`dnsbl',`list.dsbl.org')dnl

dnl # Dont Let anyone know exactly what version or Mail Daemon you are
running
define(`confSMTP_LOGIN_MSG',`$j Mail Secure/Rabid; $b')dnl

dnl # Options to help cut down on dictionary attacks
define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl 

dnl # Options to limit the load on the mail server
define(`confMAX_DAEMON_CHILDREN',`25')dnl

dnl # Restricted Shell for security
FEATURE(`smrsh')


dnl ################# Parameters ###############################
EXPOSED_USER(`root')
define(`confMAX_MESSAGE_SIZE',`15000000')dnl

dnl # Sco Version does not correctly pick up the TIME_ZONE
define(`confTIME_ZONE',`USE_TZ')dnl

dnl ################# Mailer Definitions #######################
MAILER(`local')dnl
MAILER(`smtp')dnl

dnl ################ Local Rulesets ############################
dnl # Ruleset to block incoming mail by searching subject for blocked
words
dnl # or phrases
dnl # Note: Multi word entries in blocked_subjects file must have 
dnl # spaces replaced by "." Exa.  "this is it" becomes "this.is.it"
dnl # Any changes to blocked_subjects file requires a restart or HUP
of
dnl # Sendmail. exa (kill -HUP "pid of sendmail")
dnl # If you want to go really over-board with the number of
blocked_subjects
dnl # I recommend turning this into a map.

LOCAL_CONFIG
F{MRej} /usr/lib/mail/blocked_subjects

LOCAL_RULESETS
HSubject: $>CheckSubject
D{MMsg} Mail blocked.
SCheckSubject
R$* $={MRej}$*          $#error $: 550 ${MMsg}
 

Take Control of Your Domain Names

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.