Sendmail configuration

[John Soltow]

Upon running Saint 1.4, I was told to correct the following two
problems.

Make sure the Sendmail commend EXPN is off
Make sure the Sendmail commend VRFY is off

The documentation tells me that I need to change the EXPN and VRFY
settings in /etc/sendmail.cf, but other documentation I've read tells me
not to edit the file directly - but to work in /etc/sendmail.mc. I've
spend some time in the documentation for m4, Mail-HOWTO and some of the
documentation available through Saint, but have only managed to confuse
myself.

Can someone give me a quick thumbnail sketch of what it is I'm
supposed to be doing? Or, point me to some documentation that is better
suited to a sendmail newbie?

While I'm at it, I believe that the only reason I need to leave
sendmail running is for the operating system to send error and problem
reports to root. Is that correct? Or do I really need sendmail at all?

Thanks,
John

[John Soltow]

Oops - forgot to mention - running Redhat 6.0, kernel 2.2.5-15

[DanH]

John Soltow wrote:
>
> Oops - forgot to mention - running Redhat 6.0, kernel 2.2.5-15
>
> John Soltow wrote:
> > The documentation tells me that I need to change the EXPN and VRFY
> > settings in /etc/sendmail.cf, but other documentation I've read tells me
> > not to edit the file directly - but to work in /etc/sendmail.mc. I've
> > spend some time in the documentation for m4, Mail-HOWTO and some of the
> > documentation available through Saint, but have only managed to confuse
> > myself.
> >
> > Can someone give me a quick thumbnail sketch of what it is I'm
> > supposed to be doing? Or, point me to some documentation that is better
> > suited to a sendmail newbie?

If you vi /etc/sendmail.cf and look for this block:

###############
# Options #
###############

Put the cursor on the line immediately below the last line of '#' signs
and type <SHIFT>+o (letter 'o'), then paste the next three lines where
you are:

# turning off the expand option and requiring a helo from
# a remote computer
Opnoexpn,novrfy,needmailhelo

Then <shift>+zz and that will write and save the file. then type
/etc/rc.d/init.d/sendmail restart

You will have stopped the vrfy, expn and require a helo from the
connecting computer.

> >
> > While I'm at it, I believe that the only reason I need to leave
> > sendmail running is for the operating system to send error and problem
> > reports to root. Is that correct? Or do I really need sendmail at all?

Having sendmail running is a good idea. If you have a cron job gone
awry or some other daemon error, it has to be able to tell you somehow
and sendmail is one of the built in ways for it to.

Look at http://www.sendmail.org/
and http://www.moongroup.com/mailhelp.phtml

Dan
--
UNIX - Not just for vestal virgins anymore
Linux - Choice of a GNU generation

[Bruce Stephens]

DanH <herr...@usa.net> writes:

> Having sendmail running is a good idea. If you have a cron job gone
> awry or some other daemon error, it has to be able to tell you
> somehow and sendmail is one of the built in ways for it to.

Other message transfer agents are available, of course. Many have
less arcane configuration file formats, and many are designed to
replace sendmail pretty straightforwardly (so that local users and
programs don't notice).

[Ralf Hildebrandt]

On Sat, 02 Oct 1999 14:58:28 -0400, DanH <herr...@usa.net> wrote:

>If you vi /etc/sendmail.cf and look for this block:

Yeah, vi & /etc/sendmail.cf -- best of both worlds for beginners, eh?

--
Ralf Hildebrandt http://www.stahl.bau.tu-bs.de/~hildeb (0)531/391-3366
Institute for Steel-Structures, Technic. Univers. of Braunschweig, Germany
"Those who do not understand UNIX are condemned to reinvent it -- badly."
-- Henry Spencer

[Ralf Hildebrandt]

On Sat, 02 Oct 1999 13:57:20 -0400, John Soltow <jaso...@erols.com> wrote:

>not to edit the file directly - but to work in /etc/sendmail.mc. I've
>spend some time in the documentation for m4, Mail-HOWTO and some of the
>documentation available through Saint, but have only managed to confuse
>myself.

Where is the problem? Can't you all read? http://www.sendmail.org/m4/readme.html

Add the follwoing to /etc/sendmail.mc:

define(`confPRIVACY_FLAGS',`novrfy,noexpn')
Note that these are differnt quotes!!

Now create /etc/sendmail.cf from /etc/sendmail.mc by running (see http://www.sendmail.org/m4/intro.html):

m4 /etc/sendmail.mc > /etc/sendmail.cf

[John Soltow]

Ralf Hildebrandt wrote:

> On Sat, 02 Oct 1999 13:57:20 -0400, John Soltow <jaso...@erols.com> wrote:
>
> >not to edit the file directly - but to work in /etc/sendmail.mc. I've
> >spend some time in the documentation for m4, Mail-HOWTO and some of the
> >documentation available through Saint, but have only managed to confuse
> >myself.
>
> Where is the problem? Can't you all read? http://www.sendmail.org/m4/readme.html

Me? Apparently not today. I was on the right site, but looking in the wrong places. This is what I
was looking for.

Thank-you.

John Soltow

[DanH]

Ralf Hildebrandt wrote:
>
> On Sat, 02 Oct 1999 14:58:28 -0400, DanH <herr...@usa.net> wrote:
>
> >If you vi /etc/sendmail.cf and look for this block:
>
> Yeah, vi & /etc/sendmail.cf -- best of both worlds for beginners, eh?

If you're gonna learn, learn right :)

[Walter Francis]

Timo Korvola wrote:

> John Soltow <jaso...@erols.com>:

>
> > Upon running Saint 1.4, I was told to correct the following two
> > problems.
> >
> > Make sure the Sendmail commend EXPN is off
> > Make sure the Sendmail commend VRFY is off
>

> I would not consider them problems but your mileage may vary. In fact
> I often use VRFY when guessing people's mail addresses.

Which of course is the very reason Saint suggests turning off EXPN and
VRFY, as someone can connect to sendmail and guess account names.

--
Walter Francis
http://wally.hplx.org Powered by RedHat 6.0

[Timo Korvola]

John Soltow <jaso...@erols.com>:

> Upon running Saint 1.4, I was told to correct the following two
> problems.
>
> Make sure the Sendmail commend EXPN is off
> Make sure the Sendmail commend VRFY is off

I would not consider them problems but your mileage may vary. In fact
I often use VRFY when guessing people's mail addresses.

> While I'm at it, I believe that the only reason I need to leave

> sendmail running is for the operating system to send error and problem
> reports to root. Is that correct? Or do I really need sendmail at all?

Depends on your setup of course. If you want to be able to send mail
but do not need to receive it you can run sendmail periodically to
flush the mail queue but do not need a daemon to listen for incoming
connections. You can have root's crontab output mailed to some other
host.

--
Timo Korvola <URL:http://www.iki.fi/tkorvola>

[Ralf Hildebrandt]

On Sun, 03 Oct 1999 14:48:37 -0400, DanH <herr...@usa.net> wrote:

>> Yeah, vi & /etc/sendmail.cf -- best of both worlds for beginners, eh?
>
>If you're gonna learn, learn right :)

Isn't using m4 the "better way"...?

[Ralf Hildebrandt]

On Sun, 03 Oct 1999 12:48:14 -0400, John Soltow <jaso...@erols.com> wrote:

> Me? Apparently not today. I was on the right site, but looking
> in the wrong places. This is what I was looking for.

Anyway, if one is running sendmail on HP, this might not work :)
Cause the m4 behaves odd there...

[Timo Korvola]

Walter Francis <wa...@pop.uky.edu> writes:

> Which of course is the very reason Saint suggests turning off EXPN and
> VRFY, as someone can connect to sendmail and guess account names.

If your system security relies on the secrecy of usernames then your
system has no security. Unix usernames simply aren't designed to be
kept secret. Besides, VRFY does not allow you to generate account
names, only to test for existence, and those tests are logged. On the
other hand in a corporate environment you might not want to disclose
even that information about employee names.