The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
upgrading sendmail 11 January 1999
Share
Need more help on this topic? Click here
This article has 1 comment
Show me similar articles
This section describes my upgrade of sendmail from version 8.8.8 to version 8.9.2.  The main reason for the upgrade was to obtain the anti-relay mechanism which is in place by default and to the new and improved anti-spam rules which are available.
Installation
Here's what I did to install the new sendmail:
cd /usr/ports/mail
fetch -p ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.2.tar.gz
gunzip sendmail.8.9.2.tar.gz
tar -xvf sendmail.8.9.2.tar
cd sendmail-8.9.2/
make
make install
Basic configuration
sendmail normally runs all the time.  Here's what I have in /etc/rc.conf which starts sendmail after every boot:
[root@ns:/var/log] # grep sendmail /etc/rc.conf   
sendmail_enable="YES"   # Run the sendmail daemon (or NO).
sendmail_flags="-bd -q30m" # -bd is pretty mandatory.
Restarting sendmail
The first thing I did was go through the README file in the main directory.  In there I found some settings which should be made:
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue

The next command they suggest is:

 /usr/sbin/sendmail -v -bi
Warning: .cf file is out of date: sendmail 8.9.2 supports version 8, 
                                              .cf file is version 7
/etc/aliases: 24 aliases, longest 10 bytes, 248 bytes total

Ahuh, time to upgrade the sendmail file.  If you're ever looked at mail headers, you'll see something like (8.9.2/8.8.8).  The first numbers represent the version of sendmail.  The second numbers are the version of /etc/sendmail.cf.

Please note that you must start sendmail with the full path name (i.e. /usr/sbin/sendmail), otherwise killall will not work and you'll get a message like this in your mail log:

[21:26] <Phaded> Feb 10 19:26:02 ns sendmail[21677]: could not restart: 
                                                          need full path
When sendmail starts up, it reads /etc/sendmail.cf.  You can either create a new sendmail.cf or have one generated for you.  I chose to generate one from a .mc file I was given.  Instead I could have used cf/cf/generic-bsd4.4.cf from within the port directory (/usr/ports/mail/sendmail).

To create the file, I issued the following commands from the above mentioned directory:

# cd cf/cf
# m4 ../m4/cf.m4 hendrix.mc > hendrix.cf
# mv hendrix.cf /etc/sendmail.cf

I've also supplied my copy of hendrix.mc in case you want it.  Please note that this is only for 8.9.x versions of sendmail.

NOTE: During the install of majordomo, I had to add the following entry to /etc/sendmail.cf:

#####################                        
#   Trusted users   #                             
#####################

Tmajordom

Heres how you can add this to hendrix.mc instead:

define(`confTRUSTED_USERS', majordom)dnl
Restarting sendmail
After creating a new sendmail.cf, remember to HUP sendmail:
killall -HUP sendmail

Then you should check the log files for any error messages.  Unless you've specified otherwise, such messages will be in /var/log/messages.  Here is an example of what I get.

[root@ns:/etc] # tail /var/log/messages
Feb  6 09:00:25 ns sendmail[8394]: restarting /usr/sbin/sendmail 
                                          on signal
Feb  6 09:00:32 ns sendmail[11116]: starting daemon (8.9.2): 
                                          SMTP+queueing@00:30:00
Please note that hendrix.mc was last upgraded on 31 January 1999 to correct errors and ommissions in the original file.  I apologise for the error.  I also wish to thank Greg Shapiro of sendmail.org for bringing this to my attention and providing assistance in amending the file.
Starting again
This time I used the following command to start sendmail:

# sendmail -bd -q15m
451 /etc/sendmail.cf: line 66: fileclass: cannot open /etc/sendmail.cw: No such file or directory

Then I did a touch /etc/sendmail.cw to create the file and restarted sendmail.

Testing the relay
At http://mail-abuse.org/tsi/ar-test.html you will find a webpage which will test your mail server for third-party relay vulnerability.  I suggest you use it.  Here's the output from my test:
$ telnet mail-abuse.org
Trying 204.152.184.74...
Connected to mail-abuse.org.
Escape character is '^]'.
Connecting to 210.55.152.18 for anonymous test ...
<<< 220 freebsddiary.yi.org ESMTP Sendmail 8.9.3/8.9.3; Sun, 
                                  31 Oct 1999 10:59:26 +1300 (NZDT)
>>> HELO mail-abuse.org
<<< 250 freebsddiary.yi.org Hello maps1.pa.vix.com [204.152.184.35], 
                                       pleased to meet you
Relay test 1
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@mail-abuse.org>
<<< 250 <spamtest@mail-abuse.org>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 2
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest>
<<< 553 <spamtest>... Domain name required
Relay test 3
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<>
<<< 250 <>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 4
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 5
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[210.55.152.18]>
<<< 250 <spamtest@[210.55.152.18]>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 6
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 7
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 <relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>...
                                                     Relaying denied
Relay test 8
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org">
<<< 550 <"relaytest@mail-abuse.org">... Relaying denied
Relay test 9
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest%mail-abuse.org">
<<< 550 <"relaytest%mail-abuse.org">... Relaying denied
Relay test 10
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 11
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 "relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 12
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 13
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 14
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@>
<<< 553 <spamtest@>... Domain name required
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest>
<<< 550 <mail-abuse.org!relaytest>... User unknown
Relay test 16
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 17
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test result
All tests performed, no relays accepted.
Connection closed by foreign host.
Relay
The relay information has been expanded and moved to a separate topic, allowing sendmail to relay mail.

Share
Need more help on this topic? Click here
This article has 1 comment
Show me similar articles