# # Original Version # ---------------- # http://www.Linux-Sec.net/Mail/etc.mail/sendmail.antispam.uhowto.txt # http://www.Linux-Sec.net/Mail/etc.mail/sendmail.rbl.mc # http://www.Linux-Sec.net/Mail/etc.mail/sendmail.check_local.mc # # # http://www.sendmail.org # http://www.sendmail.org/faq/ # http://www.sendmail.org/tips/ # http://www.sendmail.org/m4/readme.html # http://www.sendmail.org/m4/cf-readme.txt # # # 07-May-02 amo Download and install sendmail-8.12.3 ( prior version: 8.9.3/8.9.3 ) # 13-May-02 amo Cleanup config section # 17-May-02 amo Fixed and installed using check_local-5 features # 04-Jun-02 amo Download and install sendmail-8.12.4 # 27-Jun-02 amo Download and install sendmail-8.12.5 # 30-Aug-02 amo Download and install sendmail-8.12.6 + check_local-5.4 # # # # # Installing Sendmail # ------------------- # http://cork.linux.ie/projects/install-sendmail - (untested) sendmail installer # # http://www.doc.eng.cmu.ac.th/ldp/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap22sec173.html ( fix smrsh ) # # http://www.redhat.com/support/resources/howto/RH-sendmail-HOWTO/book1.html # http://www.redhat.com/support/resources/faqs/RH-sendmail-FAQ/book1.html # http://mail-abuse.org/rbl/usage.html # http://www.sendmail.org/~ca/email/misc.html # # http://www.Linux-Sec.net/Mail/etc.mail/sendmail-8.12.3.antispam.uhowto.txt # http://www.natur.cuni.cz/~mmokrejs/sendmail/ Installing Sendmail-8.12 # http://www.cerritoslug.org/tutorials/sendmail-8.11.html # http://www.cyberflunk.com/~nikm/unix/sendmail.html - ( libdb ) # http://www.linuxfocus.org/English/March1998/article32.html # http://archive.linuxfromscratch.org/lfs-museum/2.3.1/LFS-BOOK-2.3.1-HTML/c1797.html#AEN1814 # http://www.linuxsavvy.com/resources/linux/sendmail-8.9.x-mini-howto # http://linux-sxs.org/sendm2.html ( more options ) # http://www.tldp.org/LDP/nag2/x14607.html # http://www.users.dircon.co.uk/~trix/Raven/EyeView/SSR03/SSR03-18.htm # http://hr.uoregon.edu/davidrl/sendmail.html - m4 # # http://www.mkplan.net/kura/memo/FreeBSD/sendmail-8.12.0.html # http://www3.wind.ne.jp/ray7/linux/sendmail.htm # # http://www.decaservices.com/docs/sendmail/compilation.html # # For Sendmail-8.8 # http://www.soldierx.com/books/networking/tcpip/appe_01.htm # http://www.optix.org/~dxy/solaris/sendmail/ # # http://news.spamcop.net/cgi-bin/fom?_recurse=1&file=291 ( sendmail-8.12.1 issues ) # # http://www.sendmail.org/virtual-hosting.html # # # # Save all incoming/outgoing emails # --------------------------------- # http://www.usenix.org/publications/login/1999-10/features/archiving.html # # # misc sendmail tutorial # http://www.unix-ag.uni-hannover.de/soft/check_local/flow.html -- flow chart # http://www.aplawrence.com/Unixart/sendmail.html # http://www.networkcomputing.com/unixworld/tutorial/008/008.txt.html # # # # Check these later # ------------------ # http://www.sendmail.org/other-sendmail-links.html # http://www.elephanet.com/~ozi/mta/smtpauth.html # http://cphys.s.kanazawa-u.ac.jp/~takasu/unix/sendmail.html # # # #==================================================================== # # # 04-Jun-02 amo Download and install sendmail-8.12.4 # 27-Jun-02 amo Download and install sendmail-8.12.5 # 30-Aug-02 amo Download and install sendmail-8.12.6 + check_local-5.4 # # #==================================================================== # # ** ------------- ** # ** Backup first ** # ** ------------- ** # tar -zcvf /tmp/sendmail_backup.8.12.x.tgz /etc/sendmail* /usr/sbin/*mail* /usr/bin/*mail* /etc/mail* # # # -------------------------------------------------------------------- # # Check permissions After Sendmail is Installed ( sendmail-8.12.6 ) # --------------------------------------------- # # # more sendmail-8.12.4/README # --------------------------- # chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue # chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue # # chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir} # chmod 0640 /etc/mail/*.{db,pag,dir} # chmod 0640 /etc/mail/statistics /var/log/sendmail.st # chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid # # # sendmail -v -bi # If it gives messages such as # WARNING: World writable directory /var/spool/mqueue # /etc/mail/aliases: 155 aliases, longest 156 bytes, 10897 bytes total # # chmod go-w /var/spool/mqueue # chown root /var/spool/mqueue # # ------------------------------------ # chown smmsp:smmsp /var/spool/clientmqueue chmod 770 /var/spool/clientmqueue # chmod 700 /var/spool/mqueue chown root.mail /var/spool/mqueue # chmod 770 /var/spool/mail chown root.mail /var/spool/mail # # chmod 4555 /usr/sbin/sendmail chown root.smmsp /usr/sbin/sendmail # # # http://rr.sans.org/email/sendmail_812.php # http://www.sendmail.org/~ca/email/doc8.12/SECURITY # -r-xr-sr-x root smmsp ... /PATH/TO/sendmail # drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue # drwx------ root wheel ... /var/spool/mqueue # -r--r--r-- root wheel ... /etc/mail/sendmail.cf # -r--r--r-- root wheel ... /etc/mail/submit.cf # # # Fire off the sendmail daemon # ---------------------------- # /usr/sbin/sendmail -L sm-mta -bd -q15m # # # # ======================================================================= # # # cd /usr/local/src # wget http://sendmail.org/pub/sendmail/sendmail.8.12.xx.tar.gz # cd sendmail.8.12.xx # # vi devtools/bin/configure.sh # -DNEWDB -DMAP_REGEX -DDNSMAP # sh Build # # cd cf/cf cp generic-linux.mc config.mc # # sh Build config.cf # # # backup first # mv /etc/mail/sendmail.mc /etc/mail/sendmail.previous.mc mv /etc/mail/sendmail.cf /etc/mail/sendmail.previous.cf # # # install latest version # cp config.mc /etc/mail/sendmail.mc cp config.cf /etc/mail/sendmail.cf # vi /etc/sendmail.cf # Dj=Mail.foo.com # # # Rebuild the aliases db # sendmail -v -bi # # /etc/rc.d/rc.smtp stop ; sleep 5 ; /etc/rc.d/rc.smtp start # # # ------------------------- # install sendmail with rbl # ========================= # # Get a sample config.mc file # --------------------------- # http://www.Linux-Sec.net/Mail/etc.mail/sendmail-8.12.6.config.rbl.mc --> config.mc # # sh Build config.cf # cp config.cf /etc/mail cp config.mc /etc/mail # # Restart sendmail # # # ------------------------------------------------- # install sendmail with rbl + the check-local stuff # ================================================= # cd sendmail-8.12.x/cf mv hack hack-8.12.x # mkdir hack-local-5.4 ln -s hack-local-5.4 hack # # copy the check-local stuff # cp -p ../../check-local-5.4/hack/check* hack-local-5.4 # cd cf # # # Get a sample config.mc file # --------------------------- # http://www.Linux-Sec.net/Mail/etc.mail/sendmail-8.12.6.config.local.mc --> config.mc # # sh Build config.cf # cp config.cf /etc/mail cp config.mc /etc/mail # # Restart sendmail # # #==================================================================== # # # Install sendmail-8.12.3 # ----------------------- # # #==================================================================== # # Backup first # ------------- # tar -zcvf /tmp/sendmail_backup.tgz /etc/sendmail* /usr/sbin/*mail* /usr/bin/*mail* /etc/mail* # # # # -------------------------- # Install Sendmail # -------------------------- # # # Get the latest version # ---------------------- # ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.3.tar.gz # # cd /usr/local/src # tar zxvfp sendmail.8.12.3.tar.gz # # cd sendmail.8.12.3 sh Build # # make clean -- or make fresh # make # # # groupadd -g 25 smmsp useradd -u 25 -g 25 -s /bin/false smmsp # # # not a typo cd sendmail.8.12.3/sendmail sh Build install # # # not a typo cd sendmail.8.12.3 sh Build install # # # cd /etc/mail ln -s ../sendmail.cf . ln -s ../sendmail.c2 . ln -s ../aliases . ln -s ../aliases.db . make clean make # # # # # # # For mailing list and trusted users # ----------------------------------- # # mkdir /usr/adm/sm.bin # ln -s /usr/sbin/smrsh /usr/adm/sm.bin # cd /etc/smrsh ln -s /usr/sbin/smrsh . # # cd /usr/local/src/sendmail-8.12.3 # vi smrsh/smrsh.c # - /etc/smrsh # make install # # # #==================================================================== # # For a reference/starting config.mc file # ---------------------------------------- # #==================================================================== # # http://www.Linux-Sec.net/Mail/etc.mail/sendmail-8.12.3.config.mc --> config.mc # cd sendmail.8.12.3/cf/cf cp generic-linux.mc config.mc vi config.mc (add the appropriate FEATUREs in) sh Build config.cf # # test the new config file # cd /usr/local/src/sendmail-8.12.3 ./obj.Linux.2.2.14.i586/sendmail/sendmail -d72 -bt -Ccf/cf/config.cf # # # ps axuw | grep send kill -HUP "pid" # # # Save your current mail config before upgrading # mv /etc/sendmail.cf /etc/sendmail.till_may08.cf mv /etc/sendmail.mc /etc/sendmail.till_may08.mc cp cf/cf/config.cf /etc/sendmail.cf cp cf/cf/config.mc /etc/sendmail.mc # # # Stop and start sendmail # # # done for the above # ----------------------------------------------------------------------- # # Check_local # ============ # http://www.Linux-Sec.net/Mail/etc.mail/check_local.txt # # cd /usr/local/src # # # Make sure sendmail is compiled with regex support # ------------------------------------------------- # # # check-local-3.15 and check-local-5 requires MAP_REGEX # check-local-5 does NOT need any patches to sendmail-8.12.3 # vi sendmail-8.12.3/devtools/bin/configure.sh # # add MAP_REGEX DNSMAP into # -DNEWDB -DMAP_REGEX -DDNSMAP -DSM_CONF_SHM=0 # # # http://www.stud.uni-hannover.de/~jk/map-regex/check_header.html # # OBJADD=map_storage.o, DBMDEF= -DMAP_STORAGE ... # cd sendmail-8.12.3 sh Build # # -------------------------------------------------------------------------- # cp check_local-3.15/map_storage/map_storage.c sendmail-8.13.2/sendmail/ # vi sendmail-8.12.3/devtools/Site/site.config.m4 APPENDDEF(`confMAPDEF', `-DMAP_STORAGE')dnl APPENDDEF(`confSMOBJADD', `map_storage.o')dnl # # # --------------------------------------------------------------- # # # make sure oyu see the MAP_REGEX option defined during compile time # cd sendmail-8.12.3 make fresh # # # # Copy the check-local-5 stuff into sendmail-8.12.3 # ------------------------------------------------- # # wget http://www.digitalanswers.org/check_local/check_local.5.0.tar.gz # tar zxvfp check_local-5.tar.gz cd check_local-5 cp -p hack/* ../sendmail-8.12.3/cf/hack # ln -s cf/hack-local-5 cf/hack # # cd ../sendmail-8.12.3/cf/cf # vi config.mc HACK(`check_local') # # # use an Example config.mc # wget http://www.Linux-Sec.net/Mail/etc.mail/sendmail-8.12.3.config.local-5.mc config.mc # # sh Build config.cf # cp config.cf /etc/mail/sendmai.cf cp config.mc /etc/mail/sendmai.mc # # stop - start sendmail # # # map hc_switch: class storage not available # solution ==>> ?? # # # # ------------------------------------------------------------------ # Manually test the config file with check-local-5 and regex suppert # ------------------------------------------------------------------ # cd sendmail-8.12.3 # ./obj.Linux.2.2.14.i586/sendmail/sendmail -d72 -bt -Ccf/cf/config.cf # # # # end of file