Solved

How can I use sendmail instead of smtp?

Posted on 2004-08-28
8
609 Views
Last Modified: 2013-12-27
Hi,

I'me sending mail from the server using mailhost in the etc/hosts file. Our connection to the mailserver has become very unstable because of some instability in the network and this has caused many services interruptions.

How can I start using Sendmail? and what security risks do I face if I open it to the world? if there are much, how can I configure sendmail to behave more securly?

Thanks....
Mohammad
0
Comment
Question by:kalmen
  • 5
  • 2
8 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 11924035
Uh...sendmail does use SMTP. SMTP, or Simple Mail Transfer Protocol, is just a protocol for exchanging E-Mail between hosts. Its actually quite versatile, and can support UUCP, DecNet, BitNet and a buncha other things.

Since you're asking this Question in the Solaris TA, I'll assume you have some version of Solaris. We're Experts, not mindreaders, so it would be helpful if you bothered to state what version of Solaris you have, what's the latest Recommended Patches set you have on it, and, in this case, what version of sendmail you're considering.

I also note that since you are sending E-mail, you've got to have some sort of Mail Transfer Agent (MTA) on the machine, unless you're running some program that makes a TCP connection to an MTA elsewhere. If you're running a stock Solaris, then if sendmail was installed (as it is by default) it was turned on by default. So unless you either didn't install it or didn't turn it off, its running.

The trouble with the sendmail version that ships with Solaris is that its generally an outdated version included in the OS. As if this writing, the latest release of sendmail is v8.13.1, and anything prior to v8.12.10 is generally considered obsolete. Even with the latest Recommended Patches for Solaris 8, its a horribly old (the vulnerable v8.11) install of sendmail you get.

If security is a concern to you, then I recommend that you download the latest sendmail from http://www.sendmail.org. Get the sources - you'll need a C compiler; gcc will do fine. Then, go to your fave bookstore and grab a copy of _Sendmail_3rd_Edition_ by Bryan Costales (ISBN 1-56592-839-3). Its a huge book, but its not a "How to" or "For Dummies" sort of thing. Its a reference you should consult while following the build and install instructions that come with the sendmail source. Note that the 3rd Edition only covers thru sendmail v8.12, so you might want to select the last v8.12 iteration, v8.12.11, instead of installing v8.13. Besides, word on the street is that v8.13 isn't quite rock solid.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11924091
Ooops. In my comment above, when I was saying "Its actually quite versatile, and can support UUCP, DecNet, BitNet and a buncha other things." the "It" to which I was referring was sendmail, not SMTP. I wasn't clear.

Anyway, with the Costales book, I recommend Chapters 1 and 2 before you do anything more than download and unpack the sendmail source. In particular, pay attention to the 2.3 (The Build script), 2.4 (Building with m4), 2.7 (Pitfalls) and 2.8 (Build m4 Macro Reference).

Chapter 3 covers compile-time macros. These are put in ./devtools/Site/site.config.m4. For example, my site.config.m4 looks like this (I have inserted comments preceeded by the # sign):

# The first 3 comments turn off the building and installation of the man pages for sendmail and all its sub-programs
define(`confDONT_INSTALL_CATMAN')
define(`confNO_MAN_BUILD')
define(`confNO_MAN_INSTALL')
# This disables ipv6 support
ADDENDDEF(`confENVDEF', `-DNETINET6=0')
# This includes Berkeley DB support
APPENDDEF(`confLIBDIRS', `-L/opt/BerkeleyDB.4.1/lib')
APPENDDEF(`confINCDIRS', `-I/opt/BerkeleyDB.4.1/include')
APPENDDEF(`confENVDEF', `-DNEWDB')
# This disables IP source routing code - my network doesn't permit source routing
APPENDDEF(`confENVDEF', `-DIP_SRCROUTE=0')
# This adds MILTER support, needed for things like MIMEdefang and SpamAssassin
APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER_ROOT_UNSAFE')
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
APPENDDEF(`conf_sendmail_MAPDEF', `-DDNSMAP=1')
# These tweak various parameters - See Table 3-7
APPENDDEF(`conf_sendmail_ENVDEF', `-DMAXBADCOMMANDS=4')
APPENDDEF(`conf_sendmail_ENVDEF', `-DMAXNOOPCOMMANDS=2')
APPENDDEF(`conf_sendmail_ENVDEF', `-DMAXVFYCOMMANDS=1')

Building and compiling was generally straightforward for me. Once it was installed (also fairly painless), the next big thing was to create the sendmail.cf file, or its running configuration file. In olden days (circa 1995), ya hadda hand-roll these. Easiest way was to get a pal to give you his and then tweak it to your needs.

Nowadays, ya use the sendmail.mc to build it, or you spend a lotta time poring over the one that's included and figuring out how to do it by hacking rulesets and generally puzzling thru the very arcane contents of sendmail.cf. I confess, until earlier this year, I was a sendmail.cf hacker. And I rarely touched it, because once I got it working, I didn't want to break it.

Now, I'm a confirmed sendmail.mc guy. I never wanna go back to hacking sendmail.cf, and you're probably too young to experience that sort of pain. Save yourself.

Chapter 4 of Costales' book covers the basics of creating the sendmail.mc file and using it to build a sendmail.cf. Note I said "the basics". Chapters 67 and 17-25, especially Chapters 7 and 24, cover this in a lot more detail. My sendmail.mc file is huge - about 4 single-spaced pages. If you really want it, I can post it here, but its very specific to my needs, and may not be of much value to you.

Anyway, you use the generic-solaric.mc template they provide and add on from there. Once you've got it put together, you make the sendmail.cf, put that in /etc/mail, and crank up the daemon.

Note that the /etc/init.d/sendmail script is very specific to the Sun iteration of sendmail. I don't use it.

A good place for more information is this website, which I found very helpful when I was getting started on sendmail v8.12 earlier this year --> http://www.brandonhutchinson.com/sendmail_solaris.html
0
 

Assisted Solution

by:Lego_Maniac
Lego_Maniac earned 50 total points
ID: 11924620
I think he's saying he's using smarthost relay in sendmail.cf.  

Look for a line in your /etc/mail/sendmail.cf
DSmaihost

Either comment it out or remove the "mailhost" portion
DS

Then restart sendmail and pray.

This will either begin to use sendmail's own delivery...

...Or it will begin piling up in your local mailspool, depending on how the rest of your sendmail.cf is configured.  There's no easy way to describe all the letters contained within that file, and how to fit them all to your environment.  The above poster is well to say that "hacking" sendmail.cf is no easy task.  The best way is to use the configuration macros to do the job.

You should use the method described above to configure a "proper" sendmail.cf for your system in order to route mail properly.  Solaris comes with the m4 utility and default .mc files required.
0
 
LVL 1

Author Comment

by:kalmen
ID: 11924812
Hi Guys,

Thanks for the feedback PsiCop, i'll be writing most the information you asked for.

Lego Maniac:

The line sendmail.cf is:
# "Smart" relay host (may be null)
DSmailhost$?m.$m$.

So your saying I should remove it?

PsiCop: Now I understand how I should explain what I want to do. I want my system to stop relaying mail through a third party mail server as described in the /etc/hosts file:
111.111.111.111 smtp.domain.com      mailhost

Instead, I want to start using the webserver's own smtp or sendmail capabilities to deliver mail, instead of depending on the third party mail server.

I'm using Solaris 8, the patchset is the Recommended-22.02.2004 for sparc. I do want to download the install the latest from the URL you provided, but I'm aware that there is a lot of reading to be done.

I won't trouble any of you by having to help me out, I really wanted to know if I understood what I want to do properly, and I'd rather do it on a testing server than what is public right now.


0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 34

Accepted Solution

by:
PsiCop earned 450 total points
ID: 11926226
What the "DSmailhost$?m.$m$." line is doing is telling the the sendmail *current running* on your Solaris server to use the mailhost (as listed in the /etc/hosts file you quoted) as a relay. That is, all *outbound* E-Mail from the Solaris server, regardless of actual destination, is sent to a mail exchanger (sendmail? postfix? GroupWise GWIA? who knows...) running on the host known as smtp.domain.com. It is up for that relay, or "smart host", to send the E-Mail to its final disposition. That smart host has the necessary name resolution services and network accesses to accomplish that task.

I would not comment out the line if you want to change it - I would change it to --> DS

To be safe, perhaps comment out the current line and add the new version. Makes it easier to switch back. Note that you must restart sendmail in order for it to notice the change. As root or SU, enter "/etc/init.d/sendmail stop" and "/etc/init.d/sendmail start" to make that happen.

If you comment it out and restart, you now make the sendmail running on this Solaris server responsible for delivery of *outgoing* E-Mail. The sendmail daemon must have access to name resolution services and be able to talk to destination hosts using TCP port 25. By removing the relay host, this sendmail daemon now has to do all the work of SMTP delivery, instead of handing it off to smtp.domain.com and letting that host worry about the details.

If you have Solaris 8/Sparc with the 2004-Feb Recommended Patches, you are running a VERY backleveled version of sendmail. I'm almost certain that's the vulnerable v8.11. If this server has access to the Internet (or, more importantly, the Internet has access to it), I *stongly* recommend that you do NOT run that version. Minimum you should be running is v8.12.X where X > 9.

Note that if you upgrade the sendmail, you run the risk of future Recommended Patches overwriting your sendmail installation. I got bitten by this in the 2004-Jul set of Recommended Patches, which happily overwrote my sendmail v8.12.11 install with a buncha older garbage, trashing my sendmail.cf and /etc/init.d/sendmail script along the way. I haven't figured a workaround for this - somehow I gotta convince the Recommended Patches install that sendmail is not installed on the server.

Anyway, you may want to apply the latest Recommended Patches BEFORE installing your newer version of sendmail. Keep a safe copy of /etc/init.d/sendmail (I used the one at brandonhutchinson.com, mentioned above, as a template), and always have handy the necessary sendmail files to rebuild sendmail.cf.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11926255
BTW, in my 08/28/2004 @ 10:19pmEDT comment, I have another typo. Where I say "Chapters 67 and 17-25" I meant "Chapters 6, 7 and 17-25".

The Costales book really is a great reference - once you understand it. The trouble is, its not very readable to someone who hasn't been mucking about with sendmail, and if you need to understand the m4 macro process (which is really cool, just a bit arcane). Keep plugging away at it and it will eventually make sense.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11926273
Also, by default, sendmail will log its error messages, especially those that prevent it from starting, to /var/log/syslog. Be sure you have the "mail.*" line UNcommented in syslogd.conf (and restart the syslog daemon if needed).
0
 
LVL 1

Author Comment

by:kalmen
ID: 11926586
Very valuable information from your side. Now I'm fully aware of the situation.

Thanks a lot.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now