Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 637
  • Last Modified:

How can I use sendmail instead of smtp?


I'me sending mail from the server using mailhost in the etc/hosts file. Our connection to the mailserver has become very unstable because of some instability in the network and this has caused many services interruptions.

How can I start using Sendmail? and what security risks do I face if I open it to the world? if there are much, how can I configure sendmail to behave more securly?

  • 5
  • 2
2 Solutions
Uh...sendmail does use SMTP. SMTP, or Simple Mail Transfer Protocol, is just a protocol for exchanging E-Mail between hosts. Its actually quite versatile, and can support UUCP, DecNet, BitNet and a buncha other things.

Since you're asking this Question in the Solaris TA, I'll assume you have some version of Solaris. We're Experts, not mindreaders, so it would be helpful if you bothered to state what version of Solaris you have, what's the latest Recommended Patches set you have on it, and, in this case, what version of sendmail you're considering.

I also note that since you are sending E-mail, you've got to have some sort of Mail Transfer Agent (MTA) on the machine, unless you're running some program that makes a TCP connection to an MTA elsewhere. If you're running a stock Solaris, then if sendmail was installed (as it is by default) it was turned on by default. So unless you either didn't install it or didn't turn it off, its running.

The trouble with the sendmail version that ships with Solaris is that its generally an outdated version included in the OS. As if this writing, the latest release of sendmail is v8.13.1, and anything prior to v8.12.10 is generally considered obsolete. Even with the latest Recommended Patches for Solaris 8, its a horribly old (the vulnerable v8.11) install of sendmail you get.

If security is a concern to you, then I recommend that you download the latest sendmail from http://www.sendmail.org. Get the sources - you'll need a C compiler; gcc will do fine. Then, go to your fave bookstore and grab a copy of _Sendmail_3rd_Edition_ by Bryan Costales (ISBN 1-56592-839-3). Its a huge book, but its not a "How to" or "For Dummies" sort of thing. Its a reference you should consult while following the build and install instructions that come with the sendmail source. Note that the 3rd Edition only covers thru sendmail v8.12, so you might want to select the last v8.12 iteration, v8.12.11, instead of installing v8.13. Besides, word on the street is that v8.13 isn't quite rock solid.
Ooops. In my comment above, when I was saying "Its actually quite versatile, and can support UUCP, DecNet, BitNet and a buncha other things." the "It" to which I was referring was sendmail, not SMTP. I wasn't clear.

Anyway, with the Costales book, I recommend Chapters 1 and 2 before you do anything more than download and unpack the sendmail source. In particular, pay attention to the 2.3 (The Build script), 2.4 (Building with m4), 2.7 (Pitfalls) and 2.8 (Build m4 Macro Reference).

Chapter 3 covers compile-time macros. These are put in ./devtools/Site/site.config.m4. For example, my site.config.m4 looks like this (I have inserted comments preceeded by the # sign):

# The first 3 comments turn off the building and installation of the man pages for sendmail and all its sub-programs
# This disables ipv6 support
# This includes Berkeley DB support
APPENDDEF(`confLIBDIRS', `-L/opt/BerkeleyDB.4.1/lib')
APPENDDEF(`confINCDIRS', `-I/opt/BerkeleyDB.4.1/include')
# This disables IP source routing code - my network doesn't permit source routing
# This adds MILTER support, needed for things like MIMEdefang and SpamAssassin
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
APPENDDEF(`conf_sendmail_MAPDEF', `-DDNSMAP=1')
# These tweak various parameters - See Table 3-7

Building and compiling was generally straightforward for me. Once it was installed (also fairly painless), the next big thing was to create the sendmail.cf file, or its running configuration file. In olden days (circa 1995), ya hadda hand-roll these. Easiest way was to get a pal to give you his and then tweak it to your needs.

Nowadays, ya use the sendmail.mc to build it, or you spend a lotta time poring over the one that's included and figuring out how to do it by hacking rulesets and generally puzzling thru the very arcane contents of sendmail.cf. I confess, until earlier this year, I was a sendmail.cf hacker. And I rarely touched it, because once I got it working, I didn't want to break it.

Now, I'm a confirmed sendmail.mc guy. I never wanna go back to hacking sendmail.cf, and you're probably too young to experience that sort of pain. Save yourself.

Chapter 4 of Costales' book covers the basics of creating the sendmail.mc file and using it to build a sendmail.cf. Note I said "the basics". Chapters 67 and 17-25, especially Chapters 7 and 24, cover this in a lot more detail. My sendmail.mc file is huge - about 4 single-spaced pages. If you really want it, I can post it here, but its very specific to my needs, and may not be of much value to you.

Anyway, you use the generic-solaric.mc template they provide and add on from there. Once you've got it put together, you make the sendmail.cf, put that in /etc/mail, and crank up the daemon.

Note that the /etc/init.d/sendmail script is very specific to the Sun iteration of sendmail. I don't use it.

A good place for more information is this website, which I found very helpful when I was getting started on sendmail v8.12 earlier this year --> http://www.brandonhutchinson.com/sendmail_solaris.html
I think he's saying he's using smarthost relay in sendmail.cf.  

Look for a line in your /etc/mail/sendmail.cf

Either comment it out or remove the "mailhost" portion

Then restart sendmail and pray.

This will either begin to use sendmail's own delivery...

...Or it will begin piling up in your local mailspool, depending on how the rest of your sendmail.cf is configured.  There's no easy way to describe all the letters contained within that file, and how to fit them all to your environment.  The above poster is well to say that "hacking" sendmail.cf is no easy task.  The best way is to use the configuration macros to do the job.

You should use the method described above to configure a "proper" sendmail.cf for your system in order to route mail properly.  Solaris comes with the m4 utility and default .mc files required.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

kalmenAuthor Commented:
Hi Guys,

Thanks for the feedback PsiCop, i'll be writing most the information you asked for.

Lego Maniac:

The line sendmail.cf is:
# "Smart" relay host (may be null)

So your saying I should remove it?

PsiCop: Now I understand how I should explain what I want to do. I want my system to stop relaying mail through a third party mail server as described in the /etc/hosts file: smtp.domain.com      mailhost

Instead, I want to start using the webserver's own smtp or sendmail capabilities to deliver mail, instead of depending on the third party mail server.

I'm using Solaris 8, the patchset is the Recommended-22.02.2004 for sparc. I do want to download the install the latest from the URL you provided, but I'm aware that there is a lot of reading to be done.

I won't trouble any of you by having to help me out, I really wanted to know if I understood what I want to do properly, and I'd rather do it on a testing server than what is public right now.

What the "DSmailhost$?m.$m$." line is doing is telling the the sendmail *current running* on your Solaris server to use the mailhost (as listed in the /etc/hosts file you quoted) as a relay. That is, all *outbound* E-Mail from the Solaris server, regardless of actual destination, is sent to a mail exchanger (sendmail? postfix? GroupWise GWIA? who knows...) running on the host known as smtp.domain.com. It is up for that relay, or "smart host", to send the E-Mail to its final disposition. That smart host has the necessary name resolution services and network accesses to accomplish that task.

I would not comment out the line if you want to change it - I would change it to --> DS

To be safe, perhaps comment out the current line and add the new version. Makes it easier to switch back. Note that you must restart sendmail in order for it to notice the change. As root or SU, enter "/etc/init.d/sendmail stop" and "/etc/init.d/sendmail start" to make that happen.

If you comment it out and restart, you now make the sendmail running on this Solaris server responsible for delivery of *outgoing* E-Mail. The sendmail daemon must have access to name resolution services and be able to talk to destination hosts using TCP port 25. By removing the relay host, this sendmail daemon now has to do all the work of SMTP delivery, instead of handing it off to smtp.domain.com and letting that host worry about the details.

If you have Solaris 8/Sparc with the 2004-Feb Recommended Patches, you are running a VERY backleveled version of sendmail. I'm almost certain that's the vulnerable v8.11. If this server has access to the Internet (or, more importantly, the Internet has access to it), I *stongly* recommend that you do NOT run that version. Minimum you should be running is v8.12.X where X > 9.

Note that if you upgrade the sendmail, you run the risk of future Recommended Patches overwriting your sendmail installation. I got bitten by this in the 2004-Jul set of Recommended Patches, which happily overwrote my sendmail v8.12.11 install with a buncha older garbage, trashing my sendmail.cf and /etc/init.d/sendmail script along the way. I haven't figured a workaround for this - somehow I gotta convince the Recommended Patches install that sendmail is not installed on the server.

Anyway, you may want to apply the latest Recommended Patches BEFORE installing your newer version of sendmail. Keep a safe copy of /etc/init.d/sendmail (I used the one at brandonhutchinson.com, mentioned above, as a template), and always have handy the necessary sendmail files to rebuild sendmail.cf.
BTW, in my 08/28/2004 @ 10:19pmEDT comment, I have another typo. Where I say "Chapters 67 and 17-25" I meant "Chapters 6, 7 and 17-25".

The Costales book really is a great reference - once you understand it. The trouble is, its not very readable to someone who hasn't been mucking about with sendmail, and if you need to understand the m4 macro process (which is really cool, just a bit arcane). Keep plugging away at it and it will eventually make sense.
Also, by default, sendmail will log its error messages, especially those that prevent it from starting, to /var/log/syslog. Be sure you have the "mail.*" line UNcommented in syslogd.conf (and restart the syslog daemon if needed).
kalmenAuthor Commented:
Very valuable information from your side. Now I'm fully aware of the situation.

Thanks a lot.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now