kalmen
asked on
How can I use sendmail instead of smtp?
Hi,
I'me sending mail from the server using mailhost in the etc/hosts file. Our connection to the mailserver has become very unstable because of some instability in the network and this has caused many services interruptions.
How can I start using Sendmail? and what security risks do I face if I open it to the world? if there are much, how can I configure sendmail to behave more securly?
Thanks....
Mohammad
I'me sending mail from the server using mailhost in the etc/hosts file. Our connection to the mailserver has become very unstable because of some instability in the network and this has caused many services interruptions.
How can I start using Sendmail? and what security risks do I face if I open it to the world? if there are much, how can I configure sendmail to behave more securly?
Thanks....
Mohammad
Ooops. In my comment above, when I was saying "Its actually quite versatile, and can support UUCP, DecNet, BitNet and a buncha other things." the "It" to which I was referring was sendmail, not SMTP. I wasn't clear.
Anyway, with the Costales book, I recommend Chapters 1 and 2 before you do anything more than download and unpack the sendmail source. In particular, pay attention to the 2.3 (The Build script), 2.4 (Building with m4), 2.7 (Pitfalls) and 2.8 (Build m4 Macro Reference).
Chapter 3 covers compile-time macros. These are put in ./devtools/Site/site.confi
# The first 3 comments turn off the building and installation of the man pages for sendmail and all its sub-programs
define(`confDONT_INSTALL_C
define(`confNO_MAN_BUILD')
define(`confNO_MAN_INSTALL
# This disables ipv6 support
ADDENDDEF(`confENVDEF', `-DNETINET6=0')
# This includes Berkeley DB support
APPENDDEF(`confLIBDIRS', `-L/opt/BerkeleyDB.4.1/lib
APPENDDEF(`confINCDIRS', `-I/opt/BerkeleyDB.4.1/inc
APPENDDEF(`confENVDEF', `-DNEWDB')
# This disables IP source routing code - my network doesn't permit source routing
APPENDDEF(`confENVDEF', `-DIP_SRCROUTE=0')
# This adds MILTER support, needed for things like MIMEdefang and SpamAssassin
APPENDDEF(`conf_libmilter_
APPENDDEF(`conf_sendmail_E
APPENDDEF(`conf_sendmail_M
# These tweak various parameters - See Table 3-7
APPENDDEF(`conf_sendmail_E
APPENDDEF(`conf_sendmail_E
APPENDDEF(`conf_sendmail_E
Building and compiling was generally straightforward for me. Once it was installed (also fairly painless), the next big thing was to create the sendmail.cf file, or its running configuration file. In olden days (circa 1995), ya hadda hand-roll these. Easiest way was to get a pal to give you his and then tweak it to your needs.
Nowadays, ya use the sendmail.mc to build it, or you spend a lotta time poring over the one that's included and figuring out how to do it by hacking rulesets and generally puzzling thru the very arcane contents of sendmail.cf. I confess, until earlier this year, I was a sendmail.cf hacker. And I rarely touched it, because once I got it working, I didn't want to break it.
Now, I'm a confirmed sendmail.mc guy. I never wanna go back to hacking sendmail.cf, and you're probably too young to experience that sort of pain. Save yourself.
Chapter 4 of Costales' book covers the basics of creating the sendmail.mc file and using it to build a sendmail.cf. Note I said "the basics". Chapters 67 and 17-25, especially Chapters 7 and 24, cover this in a lot more detail. My sendmail.mc file is huge - about 4 single-spaced pages. If you really want it, I can post it here, but its very specific to my needs, and may not be of much value to you.
Anyway, you use the generic-solaric.mc template they provide and add on from there. Once you've got it put together, you make the sendmail.cf, put that in /etc/mail, and crank up the daemon.
Note that the /etc/init.d/sendmail script is very specific to the Sun iteration of sendmail. I don't use it.
A good place for more information is this website, which I found very helpful when I was getting started on sendmail v8.12 earlier this year --> http://www.brandonhutchinson.com/sendmail_solaris.html
Anyway, with the Costales book, I recommend Chapters 1 and 2 before you do anything more than download and unpack the sendmail source. In particular, pay attention to the 2.3 (The Build script), 2.4 (Building with m4), 2.7 (Pitfalls) and 2.8 (Build m4 Macro Reference).
Chapter 3 covers compile-time macros. These are put in ./devtools/Site/site.confi
# The first 3 comments turn off the building and installation of the man pages for sendmail and all its sub-programs
define(`confDONT_INSTALL_C
define(`confNO_MAN_BUILD')
define(`confNO_MAN_INSTALL
# This disables ipv6 support
ADDENDDEF(`confENVDEF', `-DNETINET6=0')
# This includes Berkeley DB support
APPENDDEF(`confLIBDIRS', `-L/opt/BerkeleyDB.4.1/lib
APPENDDEF(`confINCDIRS', `-I/opt/BerkeleyDB.4.1/inc
APPENDDEF(`confENVDEF', `-DNEWDB')
# This disables IP source routing code - my network doesn't permit source routing
APPENDDEF(`confENVDEF', `-DIP_SRCROUTE=0')
# This adds MILTER support, needed for things like MIMEdefang and SpamAssassin
APPENDDEF(`conf_libmilter_
APPENDDEF(`conf_sendmail_E
APPENDDEF(`conf_sendmail_M
# These tweak various parameters - See Table 3-7
APPENDDEF(`conf_sendmail_E
APPENDDEF(`conf_sendmail_E
APPENDDEF(`conf_sendmail_E
Building and compiling was generally straightforward for me. Once it was installed (also fairly painless), the next big thing was to create the sendmail.cf file, or its running configuration file. In olden days (circa 1995), ya hadda hand-roll these. Easiest way was to get a pal to give you his and then tweak it to your needs.
Nowadays, ya use the sendmail.mc to build it, or you spend a lotta time poring over the one that's included and figuring out how to do it by hacking rulesets and generally puzzling thru the very arcane contents of sendmail.cf. I confess, until earlier this year, I was a sendmail.cf hacker. And I rarely touched it, because once I got it working, I didn't want to break it.
Now, I'm a confirmed sendmail.mc guy. I never wanna go back to hacking sendmail.cf, and you're probably too young to experience that sort of pain. Save yourself.
Chapter 4 of Costales' book covers the basics of creating the sendmail.mc file and using it to build a sendmail.cf. Note I said "the basics". Chapters 67 and 17-25, especially Chapters 7 and 24, cover this in a lot more detail. My sendmail.mc file is huge - about 4 single-spaced pages. If you really want it, I can post it here, but its very specific to my needs, and may not be of much value to you.
Anyway, you use the generic-solaric.mc template they provide and add on from there. Once you've got it put together, you make the sendmail.cf, put that in /etc/mail, and crank up the daemon.
Note that the /etc/init.d/sendmail script is very specific to the Sun iteration of sendmail. I don't use it.
A good place for more information is this website, which I found very helpful when I was getting started on sendmail v8.12 earlier this year --> http://www.brandonhutchinson.com/sendmail_solaris.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Guys,
Thanks for the feedback PsiCop, i'll be writing most the information you asked for.
Lego Maniac:
The line sendmail.cf is:
# "Smart" relay host (may be null)
DSmailhost$?m.$m$.
So your saying I should remove it?
PsiCop: Now I understand how I should explain what I want to do. I want my system to stop relaying mail through a third party mail server as described in the /etc/hosts file:
111.111.111.111 smtp.domain.com mailhost
Instead, I want to start using the webserver's own smtp or sendmail capabilities to deliver mail, instead of depending on the third party mail server.
I'm using Solaris 8, the patchset is the Recommended-22.02.2004 for sparc. I do want to download the install the latest from the URL you provided, but I'm aware that there is a lot of reading to be done.
I won't trouble any of you by having to help me out, I really wanted to know if I understood what I want to do properly, and I'd rather do it on a testing server than what is public right now.
Thanks for the feedback PsiCop, i'll be writing most the information you asked for.
Lego Maniac:
The line sendmail.cf is:
# "Smart" relay host (may be null)
DSmailhost$?m.$m$.
So your saying I should remove it?
PsiCop: Now I understand how I should explain what I want to do. I want my system to stop relaying mail through a third party mail server as described in the /etc/hosts file:
111.111.111.111 smtp.domain.com mailhost
Instead, I want to start using the webserver's own smtp or sendmail capabilities to deliver mail, instead of depending on the third party mail server.
I'm using Solaris 8, the patchset is the Recommended-22.02.2004 for sparc. I do want to download the install the latest from the URL you provided, but I'm aware that there is a lot of reading to be done.
I won't trouble any of you by having to help me out, I really wanted to know if I understood what I want to do properly, and I'd rather do it on a testing server than what is public right now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BTW, in my 08/28/2004 @ 10:19pmEDT comment, I have another typo. Where I say "Chapters 67 and 17-25" I meant "Chapters 6, 7 and 17-25".
The Costales book really is a great reference - once you understand it. The trouble is, its not very readable to someone who hasn't been mucking about with sendmail, and if you need to understand the m4 macro process (which is really cool, just a bit arcane). Keep plugging away at it and it will eventually make sense.
The Costales book really is a great reference - once you understand it. The trouble is, its not very readable to someone who hasn't been mucking about with sendmail, and if you need to understand the m4 macro process (which is really cool, just a bit arcane). Keep plugging away at it and it will eventually make sense.
Also, by default, sendmail will log its error messages, especially those that prevent it from starting, to /var/log/syslog. Be sure you have the "mail.*" line UNcommented in syslogd.conf (and restart the syslog daemon if needed).
ASKER
Very valuable information from your side. Now I'm fully aware of the situation.
Thanks a lot.
Thanks a lot.
Since you're asking this Question in the Solaris TA, I'll assume you have some version of Solaris. We're Experts, not mindreaders, so it would be helpful if you bothered to state what version of Solaris you have, what's the latest Recommended Patches set you have on it, and, in this case, what version of sendmail you're considering.
I also note that since you are sending E-mail, you've got to have some sort of Mail Transfer Agent (MTA) on the machine, unless you're running some program that makes a TCP connection to an MTA elsewhere. If you're running a stock Solaris, then if sendmail was installed (as it is by default) it was turned on by default. So unless you either didn't install it or didn't turn it off, its running.
The trouble with the sendmail version that ships with Solaris is that its generally an outdated version included in the OS. As if this writing, the latest release of sendmail is v8.13.1, and anything prior to v8.12.10 is generally considered obsolete. Even with the latest Recommended Patches for Solaris 8, its a horribly old (the vulnerable v8.11) install of sendmail you get.
If security is a concern to you, then I recommend that you download the latest sendmail from http://www.sendmail.org. Get the sources - you'll need a C compiler; gcc will do fine. Then, go to your fave bookstore and grab a copy of _Sendmail_3rd_Edition_ by Bryan Costales (ISBN 1-56592-839-3). Its a huge book, but its not a "How to" or "For Dummies" sort of thing. Its a reference you should consult while following the build and install instructions that come with the sendmail source. Note that the 3rd Edition only covers thru sendmail v8.12, so you might want to select the last v8.12 iteration, v8.12.11, instead of installing v8.13. Besides, word on the street is that v8.13 isn't quite rock solid.