MMDF to Sendmail 8.11.0 howto SCO Openserver 5.0.x
Matt Lewis
mmdf to sendmail I have written a pretty well tested guide on how to
do it. I hope someone can find this usefull.
--Matt
Installing Sendmail 8.11.x on SCO OpenServer 5.0.x
August 20, 2002
Introduction
To thwart the ever-growing problem of junk and spam email, which in
many cases cripples systems and daily business operations it will be
necessary to convert a growing number of systems to newer and more
secure methods of mail deliver. Methods to implement include the
blocking of mail relaying through systems. Checks of who is sending
mail and who is authorized to do so. Creation of blacklisted senders
from which mail will always be rejected. Creation of white lists
specifying each individual who is allowed mail access while denying
all others.
Advantages of Sendmail over MMDF
a_ Better Relay checking
b_ Reverse DNS failure rejection
c_ Hosts, user, and network access restrictions applicable
d_ Better industry support, documentation and ongoing development over
MMDF or similar mailers.
e_ Graphical Administration tools available for most environments
including SCO OpenServer 5.0.x
f_ Ability to add custom features like blocking incoming mail with
listed words in subject.
*** Preparing for Upgrade ***
1. Backup the usr mail files in /usr/spool/mail/
( cp -rp /usr/spool/mail /usr/wwi/backup/ )
using -rp flags to preserve permissions on mail spool files.
Uninstalling mmdf or sendmail will
remove all files in /usr/spool/mail/
Backup the mmdf aliases file. This will later be appended to
/usr/lib/mail/aliases for sendmail
( cp /usr/mmdf/table/aliases /usr/wwi/backup/ )
Backup the mmdftailor config for reference
( cp /usr/mmdf/mmdftailor /usr/wwi/backup )
2. To uninstall mmdf issue
( custom -p SCO:odtes -d SCO:MMDF )
3. By default Openserver 5.0.5 has sendmail 8.8.8b installed. You
should not use this as many known
exploits exist for this version of sendmail. Also many of the
anti-spam features of sendmail are
not fully implemented in this version. The newest complete Sendmail
package available from SCO is
part of supplement rs506a meant for Openserver 5.0.6. Included is
Sendmail 8.11.0. This supplement
will work on Openserver 5.0.5 and should also work on Openserver
5.0.4
*** Downloading the Software ***
1. Download rs506a.tar at ftp.caldera.com
/pub/openserver5/rs506a/rs506a.tar
2. ( scoadmin software)
Select Install new from Media Images. This will list several
different components, which can be
installed. Only select Sendmail and install. The installation
procedure will have an error. Ignore
this error with 'i' and continue the Sendmail installation.
3. Now download the sendmail.8.11.0.tar.Z from
http://www.planetmirror.com/pub/sendmail/past-releases/
sco-generic.mc (is appended at the end of the article). This is a
SCO Openserver specific config
file I created. We are only downloading the sendmail distribution
to get the m4 make files for
sendmail.cf
4. Uncompress and untar sendmail.8.11.0.tar.Z in /usr/local/
( cd /usr/local/sendmail.8.11.0/cf/cf )
( cp sco-generic.mc /usr/local/sendmail.8.11.0/cf/cf )
*** Creating the config file sendmail.cf ***
1. Use the sco-generic.mc file I have provided for specific use with
SCO Openserver.
The only item that will need changing in sco-generic.mc is the name
of the domain you would like to
MASQUERADE_AS(`testdomain.com)dnl
Change this to the domain you are setting sendmail up for. Once
saved issue
( m4 sco-generic.mc > test.cf ) in the
/usr/local/sendmail.8.11.0/cf/cf directory. This will process
the configuration directives and create our initial configuration.
2. ( cp test.cf /usr/lib/sendmail.cf )
3. Now create the files referenced in sco-generic.mc
4. ( > /usr/lib/mail/access ) Access database crucial for Anti-Spam
( > /usr/lib/mail/relay-domains ) List of hosts we will relay
mail for
( > /usr/lib/mail/local-host-names )List of names the local host
is known by
( > /usr/lib/mail/blocked_subjects )List of words or phrases
that will be rejected in subject.
Note: In the blocked_subjects file phrases such as this is it must
have the spaces replaces with dots.
Exa. "this is it" becomes "this.is.it"
Note: After entries have been made to /usr/lib/mail/blocked_subjects
you must stop and start sendmail
for entries to be updated using. ( /etc/init.d/sendmail stop;
/etc/init.d/sendmail start) or
issue a kill -HUP "process id of sendmail"
( > /usr/lib/mail/local-host-names )List of names the mail
server is know as
( > /usr/lib/mail/statistics ) Will keep track of server
statistics.
Note: Use mailstats command to view statistics from this file.
Create directory /var/adm/sendmail
( mkdir /var/adm/sendmail )
Note: This directory will save sendmail stats and status to files.
Use the hoststat command to view this information.
( cd /usr/lib/mail/ )
( makemap hash access < access )
( makemap hash relay-domains < relay-domains )
local-host-names is a plain text file and needs no special
processing.
blocked_subjects is a plain text file and needs no special
processing
5. Now append the saved aliases file from the MMDF setup to
/usr/lib/mail/aliases
( cat aliases >> /usr/lib/mail/aliases )
Edit aliases removing MMDF specific text, leaving the aliases behind
Issue
( newaliases ); builds the aliases database.
Add to /usr/lib/mail/local-host-names ; names which the mail server
is known by exa.
test-domain.com
nmc.test-domain.com
nmc
6. For Anti-Spam to have a chance we must have reverse DNS
Make the following entries in /etc/resolv.conf
exa.
nameserver 64.65.208.6
nameserver 64.65.196.6
hostresorder local bind nis
Note: The nameserver entries will be the nameserver/dns servers that
the internet service provider has specified.
6a.Replace the erased spool files /usr/spool/mail from where you
backed them up with
( cp -rp /usr/wwi/backup/mail/* /usr/spool/mail/ )
6b. Now run ( scoadmin software ). Select Sendmail in the list of
software installed. Then goto menu
software option verify software. Check for broken/missing
symbolic links. Select Ok. This will
find problems with symbolic links and will offer to fix them.
Answer yes to this. Sendmail 8.11
and higher is very picky in that it must have correct setup for
symbolic links. On most systems
this should not find any errors but is a good precaution to check.
If errors are found select "Fix
Discrepancies".
6c. Restart /etc/inetd service by finding the pid of inetd using
( ps -ef |grep inetd ) Then to force inetd to re-read its
configuration issue
( kill -HUP "process id of inetd" )
7. Now issue
( /etc/init.d/sendmail start )
If lucky everything is fine.
To test issue swaping user...@domain.com for your own
( /usr/lib/sendmail -v user...@domain.com < /dev/null )
If this delivers, sendmail should be properly configured.
To check remote access: exa
--
telnet nmc.test-domain.com 25
Trying 209.131.73.132...
Connected to nmc.test-domain.com.
Escape character is '^]'.
220 nmc.test-domain.com ESMTP Sendmail 8.11.0/8.11.0; Mon, 17 Jun 2002
19:
59:34 GMT
mail from:<m...@testdomain.com>
250 2.1.0 <m...@testdomain.com>... Sender ok
rcpt to:<w...@test-domain.com>
250 2.1.5 <w...@test-domain.com>... Recipient ok
data
354 Enter mail, end with "." on a line by itself
.
250 2.0.0 g5HJxks13843 Message accepted for delivery
quit
221 2.0.0 nmc.test-domain.com closing connection
Connection closed by foreign host.
--
8. Check /usr/adm/syslog for sendmail errors.
9. Once you are done with this configuration you should have a
standalone mail server. That is mail
will not be relayed to or sent by any other mail server but will be
sent directly out by your
domain. No DNS or nameserver setup is needed beyond entries in
/etc/resolv.conf which will allow
the system to query the domain name servers of your internet
service provider to determine the
routing of mail.
*** Graphical Sendmail Administration ***
Webmin (www.webmin.com) is a web based interface for configuring and
maintaining many aspects of a system. It is driven by perl scripting
and thus very portable to many platforms. The currently available
version 0.98 fully supports SCO Openserver and is an especially good
solution for maintenance and admin of many less understood system
services such as Sendmail.
Installation
1. Download Perl package from
ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/
2. Install as a package using
( scoadmin software -> Install new )
3. Download the newest version of Webmin from www.webmin.com. SCO
does have a version of Webmin in the Skunkware distribution at
ftp2.caldera.com/pub/skunkware/osr5/vols/. Installation of Webmin
from www.webmin.com is smoother for SCO Openserver though
4. Untar webmin in /usr/local/
( tar xvf webmin-0.9x.x
This will create a directory /usr/local/webmin-0.9x.x
( cd /usr/local/webmin-0.9x.x )
( ./setup.sh )
This script will prompt you for several items. Leave everything at
default except the following
items.
Config files
/usr/local/etc/webmin
Log files
/usr/local/log/webmin
Admin user is root not admin as the default
Once webmin is installed you can start and stop the server with the
following commands.
( /usr/local/etc/webmin/start )
( /usr/local/etc/webmin/stop )
5. Now open a browser and type in the hostname or ip address of the
host and the port that you installed Webmin the default being 10000.
examples
http://nmc.test-domain.com:10000
http://100.100.0.0:10000
5a. So that webmin will be started automatically on bootup issue.
( mv /etc/rc.d/K99webmin /etc/rc0.d/ )
( mv /etc/rc.d/S99webmin /etc/rc2.d/ )
6. Login with root and root password
7. Configure Webmin users and modules. Very good documentation on
Webmin and all modules it contains are available at www.webmin.com
8. Sendmail will need its module configured for use with SCO
Openserver. Primarily to tell the module where the files Sendmail
uses are located.
divert(-1)
#
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)dnl
dnl #################### Setup ##################################
include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4')
VERSIONID(`$Id: sco-generic.mc,v 1.00 2002/07/12 ML Exp $')dnl
OSTYPE(`sco3.2')dnl
dnl ################### Network Specific ########################
MASQUERADE_AS(`testdomain.com')dnl
dnl ################### Server Specific #########################
dnl # Commonly used Files
define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl
define(`confCR_FILE',`/usr/lib/mail/relay-domains')dnl
define(`confCW_FILE',`/usr/lib/mail/local-host-names')dnl
define(`STATUS_FILE',`/usr/lib/mail/statistics')dnl
dnl # SCO Openserver Specific variables and options
dnl # Needed to fix error with /usr/lib/uucp/ permission on SCO
OpenServer
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl
dnl # Options to correct deficient bind setup under SCO Openserver.
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl
dnl ################## Features ################################
FEATURE(`access_db',`hash /usr/lib/mail/access')dnl
FEATURE(use_cw_file)dnl
dnl ################# Parameters ###############################
EXPOSED_USER(`root')
define(`confHOST_STATUS_DIRECTORY',`/usr/adm/sendmail')dnl
define(`confMAX_DAEMON_CHILDREN',`25')dnl
define(`confMAX_MESSAGE_SIZE',`5000000')dnl
define(`confMAX_RCPTS_PER_MESSAGE',`40')dnl
define(`confPRIVACY_FLAGS',`goaway')dnl
dnl ################# Mailer Definitions #######################
MAILER(local)dnl
MAILER(smtp)dnl
dnl ################ Local Rulesets ############################
dnl # Ruleset to block incoming mail by searching subject for blocked
words
dnl # or phrases
dnl # Note: Multi word entries in /usr/lib/mail/blocked_subjects must
have
dnl # spaces replaced by "." Exa. "this is it" becomes "this.is.it"
LOCAL_CONFIG
F{MRej} /usr/lib/mail/blocked_subjects
LOCAL_RULESETS
HSubject: $>CheckSubject
D{MMsg} Mail blocked.
SCheckSubject
R$* $={MRej}$* $#error $: 550 ${MMsg}
jlac
Lewis In an ongoing effort of converting a number of Openserver Systems
--Matt
( cq /usr/mmdf/mmdftailor /usr/wwi/backup )
2. To uninstall mmdf issue ( custom -p SCO:odtes -d SCO:MMDF )
3. By default Openserver 5.0.5 has sendmail 8.8.8b installed. You
should not use
this as many known exploits exist for this version of sendmail. Also
many of the
anti-spam features of sendmail are not fully implemented in this
version. The
newest complete Sendmail package available from SCO is part of
supplement rs506a
meant for Openserver 5.0.6. Included is Sendmail 8.11.0. This
supplement will
work on Openserver 5.0.5 and should also work on Openserver
4..4
*** Downloading the Software ***
5. Download rs506a.tar at ftp.caldera.com
/pub/openserver5/rs506a/rs506a.tar
6. ( scoadmin software) Select Install new from Media Images.
This will list
several different components, which can be installed. Only select
Sendmail and
install. The installation procedure will have an error. Ignore this
error with
'i' and continue the Sendmail installation.
7. Now download the sendmail.8.11.0.tar.Z from
http://www.planetmirror.com/pub/sendmail/past-release-
s/ sco-generic.mc (is appended at the end of the article). This is a SCO
Openserver specific config file I created. We are only downloading
the sendmail
distribution to get the m4 make files for sendmail.cf
8. Uncompress and untar sendmail.8.11.0.tar.Z in /usr/local/
( cd /usr/local/sendmail.8.11.0/cf/cf ) ( cp sco-generic.mc
/usr/local/sendmail.8.11.0/cf/cf )
Hello Matt,
I've never dealt with sendmail before, after having a few problems I
found this document, it makes sence except for the section -
(cp sco-generic.mc /usr/local/sendmail.8.11.0/cf/cf
There is no sco-generic.mc and the cp command is copying it to the same
directory.
My apologies if I'am being stupid but any help would be appreciated.
Thanks
Justin
--
Posted via http://dbforums.com
Matt Lewis
original article. This includes smrsh and a few othe security items
the original did not. Copy and past below into a file and call it
sco-generic.mc move this to /usr/local/sendmail-8.11.0/cf/cf. Then
run m4 sco-generic.mc > /usr/lib/sendmail.cf as per instructions in
previous posting.
--Matt
divert(-1)
#
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)dnl
dnl #################### Setup ##################################
include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4')
VERSIONID(`$Id: sco-generic.mc,v 1.00 2002/07/12 ML Exp $')dnl
OSTYPE(`sco3.2')dnl
dnl ################### Network Specific ########################
MASQUERADE_AS(`test.testdomain.com')dnl
dnl ################### Server Specific #########################
dnl # Commonly used Files
define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl
define(`confCR_FILE',`/usr/lib/mail/relay-domains')dnl
define(`confCW_FILE',`/usr/lib/mail/local-host-names')dnl
define(`STATUS_FILE',`/usr/lib/mail/statistics')dnl
dnl # SCO Openserver Specific variables and options
dnl # Needed to fix error with /usr/lib/uucp/ permission on SCO
OpenServer
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl
dnl # Options to correct deficient bind setup under SCO Openserver.
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl
dnl ################## Features ################################
FEATURE(`access_db',`hash /usr/lib/mail/access')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`masquerade_envelope')dnl
dnl # Restricted Shell for security
FEATURE(`smrsh')
dnl ################# Parameters ###############################
EXPOSED_USER(`root')
define(`confHOST_STATUS_DIRECTORY',`/usr/adm/sendmail')dnl
define(`confMAX_DAEMON_CHILDREN',`25')dnl
define(`confMAX_MESSAGE_SIZE',`15000000')dnl
define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl
define(`confPRIVACY_FLAGS',`goaway')dnl
define(`confBAD_RCPT_THROTTLE',`10')dnl
dnl ################# Mailer Definitions #######################
MAILER(`local')dnl
MAILER(`smtp')dnl
dnl ################ Local Rulesets ############################
dnl # Ruleset to block incoming mail by searching subject for blocked
words
dnl # or phrases
dnl # Note: Multi word entries in blocked_subjects file must have
dnl # spaces replaced by "." Exa. "this is it" becomes "this.is.it"
dnl # Any changes to blocked_subjects file require a restart or HUP of
dnl # Sendmail. exa (kill -HUP "pid of sendmail")
James Szabadics
> ( cd /usr/local/sendmail.8.11.0/cf/cf ) ( cp sco-generic.mc
> /usr/local/sendmail.8.11.0/cf/cf )
>
> Hello Matt,
>
> I've never dealt with sendmail before, after having a few problems I
> found this document, it makes sence except for the section -
> (cp sco-generic.mc /usr/local/sendmail.8.11.0/cf/cf
> There is no sco-generic.mc and the cp command is copying it to the same
> directory.
> My apologies if I'am being stupid but any help would be appreciated.
>
> Thanks
> Justin
I too found myself confused with this part of the otherwise very clear
instruction. Given that matt has provided raw text of sco-generic.mc
in his post I am going to paste this into a text file and place it in
/usr/local/sendmail.8.11.0/cf/cf
Does that sound right to those who know?
Regards
James