|
|
upgrading sendmail
11 January 1999
|
|
|
This section describes my upgrade of sendmail
from version 8.8.8 to version 8.9.2. The main reason for the upgrade was to obtain
the anti-relay mechanism which is in place by default and to the new and improved
anti-spam rules which are available. |
|
|
Installation
|
Here's what I did to install the new sendmail:
cd /usr/ports/mail
fetch -p ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.2.tar.gz
gunzip sendmail.8.9.2.tar.gz
tar -xvf sendmail.8.9.2.tar
cd sendmail-8.9.2/
make
make install
|
|
|
Basic configuration
|
sendmail normally runs all the time. Here's what I have in /etc/rc.conf
which starts sendmail after every boot:
[root@ns:/var/log] # grep sendmail /etc/rc.conf
sendmail_enable="YES" # Run the sendmail daemon (or NO).
sendmail_flags="-bd -q30m" # -bd is pretty mandatory.
|
|
|
Restarting sendmail
|
The first thing I did was go through the README file in the main directory. In
there I found some settings which should be made:
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
The next command they suggest is:
/usr/sbin/sendmail -v -bi
Warning: .cf file is out of date: sendmail 8.9.2 supports version 8,
.cf file is version 7
/etc/aliases: 24 aliases, longest 10 bytes, 248 bytes total
Ahuh, time to upgrade the sendmail file. If you're ever looked at mail
headers, you'll see something like (8.9.2/8.8.8). The first numbers represent the
version of sendmail. The second numbers are the version of /etc/sendmail.cf.
Please note that you must start sendmail with the full path name (i.e. /usr/sbin/sendmail),
otherwise killall will not work and you'll get a message like this in your mail
log:
[21:26] <Phaded> Feb 10 19:26:02 ns sendmail[21677]: could not restart:
need full path
|
|
|
|
| When sendmail starts up, it reads /etc/sendmail.cf. You can
either create a new sendmail.cf or have one generated for you. I chose to generate
one from a .mc file I was given. Instead I could have used cf/cf/generic-bsd4.4.cf
from within the port directory (/usr/ports/mail/sendmail). To create the
file, I issued the following commands from the above mentioned directory:
# cd cf/cf
# m4 ../m4/cf.m4 hendrix.mc > hendrix.cf
# mv hendrix.cf /etc/sendmail.cf
I've also supplied my copy of hendrix.mc in
case you want it. Please note that this is only for 8.9.x versions of sendmail.
NOTE: During the install of majordomo, I had to
add the following entry to /etc/sendmail.cf:
#####################
# Trusted users #
#####################
Tmajordom
Heres how you can add this to hendrix.mc instead:
define(`confTRUSTED_USERS', majordom)dnl
|
|
|
Restarting sendmail
|
After creating a new sendmail.cf, remember to HUP sendmail:
killall -HUP sendmail
Then you should check the log files for any error messages. Unless you've
specified otherwise, such messages will be in /var/log/messages. Here is
an example of what I get.
[root@ns:/etc] # tail /var/log/messages
Feb 6 09:00:25 ns sendmail[8394]: restarting /usr/sbin/sendmail
on signal
Feb 6 09:00:32 ns sendmail[11116]: starting daemon (8.9.2):
SMTP+queueing@00:30:00
|
|
|
|
| Please note that hendrix.mc was last
upgraded on 31 January 1999 to correct errors and ommissions in the original file. I
apologise for the error. I also wish to thank Greg Shapiro of sendmail.org for
bringing this to my attention and providing assistance in amending the file. |
|
|
Starting again
|
This time I used the following command to start sendmail:
# sendmail -bd -q15m
451 /etc/sendmail.cf: line 66: fileclass: cannot open /etc/sendmail.cw: No such file or
directory
Then I did a touch /etc/sendmail.cw to create the file and restarted sendmail. |
|
|
Testing the relay
|
At http://mail-abuse.org/tsi/ar-test.html
you will find a webpage which will test your mail server for third-party relay
vulnerability. I suggest you use it. Here's the output from my test:
$ telnet mail-abuse.org
Trying 204.152.184.74...
Connected to mail-abuse.org.
Escape character is '^]'.
Connecting to 210.55.152.18 for anonymous test ...
<<< 220 freebsddiary.yi.org ESMTP Sendmail 8.9.3/8.9.3; Sun,
31 Oct 1999 10:59:26 +1300 (NZDT)
>>> HELO mail-abuse.org
<<< 250 freebsddiary.yi.org Hello maps1.pa.vix.com [204.152.184.35],
pleased to meet you
Relay test 1
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@mail-abuse.org>
<<< 250 <spamtest@mail-abuse.org>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 2
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest>
<<< 553 <spamtest>... Domain name required
Relay test 3
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<>
<<< 250 <>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 4
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 5
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[210.55.152.18]>
<<< 250 <spamtest@[210.55.152.18]>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 6
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz...
Relaying denied
Relay test 7
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 <relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>...
Relaying denied
Relay test 8
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org">
<<< 550 <"relaytest@mail-abuse.org">... Relaying denied
Relay test 9
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest%mail-abuse.org">
<<< 550 <"relaytest%mail-abuse.org">... Relaying denied
Relay test 10
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz...
Relaying denied
Relay test 11
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 "relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz...
Re Relaying denied
Relay test 12
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz...
Re Relaying denied
Relay test 13
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>...
Relaying denied
Relay test 14
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>...
Relaying denied
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@>
<<< 553 <spamtest@>... Domain name required
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest>
<<< 550 <mail-abuse.org!relaytest>... User unknown
Relay test 16
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz...
Re Relaying denied
Relay test 17
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz...
Re Relaying denied
Relay test result
All tests performed, no relays accepted.
Connection closed by foreign host.
|
|
|
Relay
|
| The relay information has been expanded and moved to a separate topic, allowing sendmail to relay mail. |
|
