[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


How can I use sendmail instead of smtp?

Posted on 2004-08-28
Medium Priority
Last Modified: 2013-12-27

I'me sending mail from the server using mailhost in the etc/hosts file. Our connection to the mailserver has become very unstable because of some instability in the network and this has caused many services interruptions.

How can I start using Sendmail? and what security risks do I face if I open it to the world? if there are much, how can I configure sendmail to behave more securly?

Question by:kalmen
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
LVL 34

Expert Comment

ID: 11924035
Uh...sendmail does use SMTP. SMTP, or Simple Mail Transfer Protocol, is just a protocol for exchanging E-Mail between hosts. Its actually quite versatile, and can support UUCP, DecNet, BitNet and a buncha other things.

Since you're asking this Question in the Solaris TA, I'll assume you have some version of Solaris. We're Experts, not mindreaders, so it would be helpful if you bothered to state what version of Solaris you have, what's the latest Recommended Patches set you have on it, and, in this case, what version of sendmail you're considering.

I also note that since you are sending E-mail, you've got to have some sort of Mail Transfer Agent (MTA) on the machine, unless you're running some program that makes a TCP connection to an MTA elsewhere. If you're running a stock Solaris, then if sendmail was installed (as it is by default) it was turned on by default. So unless you either didn't install it or didn't turn it off, its running.

The trouble with the sendmail version that ships with Solaris is that its generally an outdated version included in the OS. As if this writing, the latest release of sendmail is v8.13.1, and anything prior to v8.12.10 is generally considered obsolete. Even with the latest Recommended Patches for Solaris 8, its a horribly old (the vulnerable v8.11) install of sendmail you get.

If security is a concern to you, then I recommend that you download the latest sendmail from http://www.sendmail.org. Get the sources - you'll need a C compiler; gcc will do fine. Then, go to your fave bookstore and grab a copy of _Sendmail_3rd_Edition_ by Bryan Costales (ISBN 1-56592-839-3). Its a huge book, but its not a "How to" or "For Dummies" sort of thing. Its a reference you should consult while following the build and install instructions that come with the sendmail source. Note that the 3rd Edition only covers thru sendmail v8.12, so you might want to select the last v8.12 iteration, v8.12.11, instead of installing v8.13. Besides, word on the street is that v8.13 isn't quite rock solid.
LVL 34

Expert Comment

ID: 11924091
Ooops. In my comment above, when I was saying "Its actually quite versatile, and can support UUCP, DecNet, BitNet and a buncha other things." the "It" to which I was referring was sendmail, not SMTP. I wasn't clear.

Anyway, with the Costales book, I recommend Chapters 1 and 2 before you do anything more than download and unpack the sendmail source. In particular, pay attention to the 2.3 (The Build script), 2.4 (Building with m4), 2.7 (Pitfalls) and 2.8 (Build m4 Macro Reference).

Chapter 3 covers compile-time macros. These are put in ./devtools/Site/site.config.m4. For example, my site.config.m4 looks like this (I have inserted comments preceeded by the # sign):

# The first 3 comments turn off the building and installation of the man pages for sendmail and all its sub-programs
# This disables ipv6 support
# This includes Berkeley DB support
APPENDDEF(`confLIBDIRS', `-L/opt/BerkeleyDB.4.1/lib')
APPENDDEF(`confINCDIRS', `-I/opt/BerkeleyDB.4.1/include')
# This disables IP source routing code - my network doesn't permit source routing
# This adds MILTER support, needed for things like MIMEdefang and SpamAssassin
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
APPENDDEF(`conf_sendmail_MAPDEF', `-DDNSMAP=1')
# These tweak various parameters - See Table 3-7

Building and compiling was generally straightforward for me. Once it was installed (also fairly painless), the next big thing was to create the sendmail.cf file, or its running configuration file. In olden days (circa 1995), ya hadda hand-roll these. Easiest way was to get a pal to give you his and then tweak it to your needs.

Nowadays, ya use the sendmail.mc to build it, or you spend a lotta time poring over the one that's included and figuring out how to do it by hacking rulesets and generally puzzling thru the very arcane contents of sendmail.cf. I confess, until earlier this year, I was a sendmail.cf hacker. And I rarely touched it, because once I got it working, I didn't want to break it.

Now, I'm a confirmed sendmail.mc guy. I never wanna go back to hacking sendmail.cf, and you're probably too young to experience that sort of pain. Save yourself.

Chapter 4 of Costales' book covers the basics of creating the sendmail.mc file and using it to build a sendmail.cf. Note I said "the basics". Chapters 67 and 17-25, especially Chapters 7 and 24, cover this in a lot more detail. My sendmail.mc file is huge - about 4 single-spaced pages. If you really want it, I can post it here, but its very specific to my needs, and may not be of much value to you.

Anyway, you use the generic-solaric.mc template they provide and add on from there. Once you've got it put together, you make the sendmail.cf, put that in /etc/mail, and crank up the daemon.

Note that the /etc/init.d/sendmail script is very specific to the Sun iteration of sendmail. I don't use it.

A good place for more information is this website, which I found very helpful when I was getting started on sendmail v8.12 earlier this year --> http://www.brandonhutchinson.com/sendmail_solaris.html

Assisted Solution

Lego_Maniac earned 200 total points
ID: 11924620
I think he's saying he's using smarthost relay in sendmail.cf.  

Look for a line in your /etc/mail/sendmail.cf

Either comment it out or remove the "mailhost" portion

Then restart sendmail and pray.

This will either begin to use sendmail's own delivery...

...Or it will begin piling up in your local mailspool, depending on how the rest of your sendmail.cf is configured.  There's no easy way to describe all the letters contained within that file, and how to fit them all to your environment.  The above poster is well to say that "hacking" sendmail.cf is no easy task.  The best way is to use the configuration macros to do the job.

You should use the method described above to configure a "proper" sendmail.cf for your system in order to route mail properly.  Solaris comes with the m4 utility and default .mc files required.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 11924812
Hi Guys,

Thanks for the feedback PsiCop, i'll be writing most the information you asked for.

Lego Maniac:

The line sendmail.cf is:
# "Smart" relay host (may be null)

So your saying I should remove it?

PsiCop: Now I understand how I should explain what I want to do. I want my system to stop relaying mail through a third party mail server as described in the /etc/hosts file: smtp.domain.com      mailhost

Instead, I want to start using the webserver's own smtp or sendmail capabilities to deliver mail, instead of depending on the third party mail server.

I'm using Solaris 8, the patchset is the Recommended-22.02.2004 for sparc. I do want to download the install the latest from the URL you provided, but I'm aware that there is a lot of reading to be done.

I won't trouble any of you by having to help me out, I really wanted to know if I understood what I want to do properly, and I'd rather do it on a testing server than what is public right now.

LVL 34

Accepted Solution

PsiCop earned 1800 total points
ID: 11926226
What the "DSmailhost$?m.$m$." line is doing is telling the the sendmail *current running* on your Solaris server to use the mailhost (as listed in the /etc/hosts file you quoted) as a relay. That is, all *outbound* E-Mail from the Solaris server, regardless of actual destination, is sent to a mail exchanger (sendmail? postfix? GroupWise GWIA? who knows...) running on the host known as smtp.domain.com. It is up for that relay, or "smart host", to send the E-Mail to its final disposition. That smart host has the necessary name resolution services and network accesses to accomplish that task.

I would not comment out the line if you want to change it - I would change it to --> DS

To be safe, perhaps comment out the current line and add the new version. Makes it easier to switch back. Note that you must restart sendmail in order for it to notice the change. As root or SU, enter "/etc/init.d/sendmail stop" and "/etc/init.d/sendmail start" to make that happen.

If you comment it out and restart, you now make the sendmail running on this Solaris server responsible for delivery of *outgoing* E-Mail. The sendmail daemon must have access to name resolution services and be able to talk to destination hosts using TCP port 25. By removing the relay host, this sendmail daemon now has to do all the work of SMTP delivery, instead of handing it off to smtp.domain.com and letting that host worry about the details.

If you have Solaris 8/Sparc with the 2004-Feb Recommended Patches, you are running a VERY backleveled version of sendmail. I'm almost certain that's the vulnerable v8.11. If this server has access to the Internet (or, more importantly, the Internet has access to it), I *stongly* recommend that you do NOT run that version. Minimum you should be running is v8.12.X where X > 9.

Note that if you upgrade the sendmail, you run the risk of future Recommended Patches overwriting your sendmail installation. I got bitten by this in the 2004-Jul set of Recommended Patches, which happily overwrote my sendmail v8.12.11 install with a buncha older garbage, trashing my sendmail.cf and /etc/init.d/sendmail script along the way. I haven't figured a workaround for this - somehow I gotta convince the Recommended Patches install that sendmail is not installed on the server.

Anyway, you may want to apply the latest Recommended Patches BEFORE installing your newer version of sendmail. Keep a safe copy of /etc/init.d/sendmail (I used the one at brandonhutchinson.com, mentioned above, as a template), and always have handy the necessary sendmail files to rebuild sendmail.cf.
LVL 34

Expert Comment

ID: 11926255
BTW, in my 08/28/2004 @ 10:19pmEDT comment, I have another typo. Where I say "Chapters 67 and 17-25" I meant "Chapters 6, 7 and 17-25".

The Costales book really is a great reference - once you understand it. The trouble is, its not very readable to someone who hasn't been mucking about with sendmail, and if you need to understand the m4 macro process (which is really cool, just a bit arcane). Keep plugging away at it and it will eventually make sense.
LVL 34

Expert Comment

ID: 11926273
Also, by default, sendmail will log its error messages, especially those that prevent it from starting, to /var/log/syslog. Be sure you have the "mail.*" line UNcommented in syslogd.conf (and restart the syslog daemon if needed).

Author Comment

ID: 11926586
Very valuable information from your side. Now I'm fully aware of the situation.

Thanks a lot.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question