sendmail 8.9.3

1. Get the software and build it

   Ftp from WWW.Sendmail.ORG

   To build the main mail server (on Solaris 2.6) Unpack and type "make" but interrupt the make after the first file is compiled.  Now cd into the src/obj.SunOS.5.6.sun4/ dir and edit the Makefile.  Change the :

   MAPDEF=	-DNDBM -DNIS -DNISPLUS -DMAP_REGEX
   NROFF=	groff -Tascii
   MANDOC=	-mandoc

   to

   MAPDEF=	-DNDBM -DNIS -DMAP_REGEX
   NROFF=	nroff -h
   MANDOC=	-man

2. Now generate the config file (/etc/sendmail.cf on Solaris machines and /var/adm/sendmail/sendmail.cf on Digital Unix) for the mail server.  There are three files to edit/create:

   1. sendmaildir/cf/cf/neptune.mc:

      divert(-1)
      # Comments
      # This mc file generates the cf for neptune, our mail server.
      # All mail for our clients is received by sendmail on neptune and 
      # then read by mail readers such as Pine and Eudora.
      divert(0)dnl
      include(`../m4/cf.m4')
      VERSIONID(`@(#)neptune.mc                   1.1 (UF Physics) 10/10/97')
      OSTYPE(solaris2)dnl
      DOMAIN(phys)dnl
      MAILER(local)dnl
      MAILER(smtp)dnl
      define(`confAUTO_REBUILD',True)dnl
      define(`ALIAS_FILE',`/etc/mail/aliases,nis:mail.aliases@phys.ufl.edu')dnl
      define(`confME_TOO',True)dnl
      define(`confFALLBACK_MX',`qtp.ufl.edu')dnl
      define(`confBIND_OPTS', `-AAONLY')dnl
      define(`confPRIVACY_FLAGS',`goaway,restrictmailq,restrictqrun')dnl
      
      

   2. sendmaildir/cf/ostype/solaris2.m4:

      divert(-1)
      #
      #
      #
      divert(0)
      VERSIONID(`@(#)solaris2.m4           1.0 (UF Physics) 08/16/1999')
      divert(-1)
      define(`ALIAS_FILE', /etc/mail/aliases)
      define(`HELP_FILE', `/etc/mail/sendmail.hf')
      define(`STATUS_FILE', `/etc/mail/sendmail.st')
      define(`PROCMAIL_MAILER_PATH', `/local/bin/procmail')
      FEATURE(local_procmail)
      define(`confEBINDIR', `/usr/lib')dnl
      
      

   3. sendmaildir/cf/domain/phys.m4:

      divert(0)
      divert(-1)
      VERSIONID(`@(#)phys.m4                    1.3 (UF-Physics) 10/12/98')
      define(`confCW_FILE', `-o /etc/mail/sendmail.clients')dnl
      define(`confFORWARD_PATH', `$z/.forward')dnl
      FEATURE(redirect)dnl
      FEATURE(use_cw_file)dnl
      MASQUERADE_AS(phys.ufl.edu)dnl
      
      

      On the client machines (all machines other than mailhost) the sendmail.cf file is generated from this mc file:

      
      cd ../cf/cf and  Edit client.mc to contain the following
      
      divert(-1)
      # This is an mc file for all machines except for the mail server
      # and the machine where the CAPA server runs.
      
      divert(0)dnl
      include(`../m4/cf.m4')
      VERSIONID(`@(#)phys-client.mc   1.0 (UF Physics) 5 Aug 98')
      # change the ostype to be one of the following: osf1,
      # solaris2, linux, nextstep, irix6
      OSTYPE(osf1)
      MASQUERADE_AS(phys.ufl.edu)
      FEATURE(nullclient, neptune-gw.phys.ufl.edu)
      
      

3. Cut down on the email viruses

   The cf/ostype/solaris2.m4 file specifies that procmail is our local mailer. This is done so that we can have a filter on all incoming mail which checks for known email attatchment viruses. The files involved in this are:
    

   1. /etc/procmailrc

      #    -*- Mode: sh -*-
      DROPPRIVS=YES
      
      # Change to a good shell :)
      SHELL=/bin/ksh
      
      # Set on when debugging
      VERBOSE=off
      
      # Directory for storing procmail log and rc files
      PMDIR=/var/adm/procmail
      
      # Set the Log file
      LOGFILE=$HOME/procmaillog
      
      # Only log errors
      LOGABSTRACT=no
      
      
      # Keep a list of the X-Mailer: headers
      #:0 Whc: mailer.lock
      #| formail -X X-Mailer >> $PMDIR/mailer
      
      
      # Keep a running total of how many messages we receive
      #:0 hc: $PMDIR/count.lock
      #| echo $(( $(cat $PMDIR/count) +1 )) > $PMDIR/count
      
      
      SECURITY_QUARANTINE=/var/mail/quarantine
      SECURITY_NOTIFY=ddr,yourpager@epage.arch.com
      SECURITY_NOTIFY_VERBOSE=ddr
      POISONED_EXECUTABLES=$PMDIR/procmail-poison
      INCLUDERC=${PMDIR}/html-trap.procmail
      
      

   2. /var/adm/procmail/procmail-poison

      monopoly.vbs
      zipped_files.exe
      prettypark.exe
      pretty park.exe
      path.xls
      compu_ma.exe
      list.doc
      photos17.exe
      happy99.exe
      IBMls.exe
      picture.exe
      yahoo.exe
      ie0199.exe
      aol4free.com
      
      

      get the updated list from the "Enhancing Email Security with Procmail" site.

   3. /var/adm/procmail/html-trap.procmail

      This file is a perl script, get the latest version here.

4. Prevent connections to the smtp port on machines other than the mail server

   On machines other than neptune and ultra we run sendmail to process the queue periodically, but not as a background daemon to listen to port 25. To make this change you have to edit the line that starts sendmail. On the Alphas and Suns this is done by editing the sendmail script in /sbin/init.d or /etc/init.d. Change the line that looks like:

   /usr/sbin/sendmail -bd -q15m
   
   

   to

   /usr/sbin/sendmail -q15m
   
   

   On Irix 6 machines the lines look like:

   if test "$DOPTS" = ""; then
     DOPTS="-bd -q15m"
   else
     DOPTS="-bd $DOPTS"
   fi
   
   

   Just remove the "-bd" from the DOPTS lines to give:

   if test "$DOPTS" = ""; then
     DOPTS="-q15m"
   else
     DOPTS="$DOPTS"
   fi
   
   

   On RedHat 6 machines the file to edit is /etc/sysconfig/sendmail. Change:

   DAEMON=yes
   QUEUE=1h
   
   

   to

   DAEMON=no
   QUEUE=15m
   
   

   This will prevent sendmail from listening to port 25, but will allow sendmail to process queued messages.

   /etc/init.d/sendmail start
   and check the sendmail operation.