Sendmail hint update

J. Jones jjones at darkside.dynup.net
Sun Jul 22 16:01:16 PDT 2001


Fixed procmail installation.


-------------- next part --------------
GENERAL OUTLINE
===============

TITLE:		Sendmail
LFS VERSION:	Any
AUTHOR:		J. Jones <jjones(at)darkside.dynup.net>

SYNOPSIS:
	This hint covers the building, configuring, and use of Sendmail.

HINT:

Software you need
=================

  Sendmail (duh):  ftp://ftp.sendmail.org/pub/sendmail/
    I recommend the latest 8.11 (8.11.4 at this time).

  Procmail:  http://www.procmail.org/
    This will be used as our local delivery agent.

  Berkeley DB:  http://www.sleepycat.com/
    Sendmail uses this (libdb) to store much of it's configuration.
    Use the latest 3.* version (3.2.9 currently).

Building the required packages
==============================

Berkeley DB:

  Unpack the source tarball, cd into the build_unix/ subdirectory of the directory
  created.  From here, run the following:

    ../dist/configure --prefix=/usr --enable-compat185
    make
    ../dist/configure --prefix=/usr --enable-compat185 --enable-shared
    make
    make docdir=/usr/doc/Berkeley-DB install
    cp libdb.a /usr/lib/

  We do this twice because the source tree won't build both a shared and a
  static library at the same time.  You could optionally build either one, but
  having both is probably best.

  If you wish to add optimization flags to this package, you will have to edit
  either 1) the configure script, if you have the $CFLAGS variable set, or 2)
  the Makefile after ./configure has generated it.  For the previous, (with
  version 3.2.9), change line 994 to CFLAGS="$CFLAGS -DGNU_SOURCE".

Procmail:

  Unpack the source tarball, cd into the directory it created.  From here, run
  the following:

    touch /usr/sbin/sendmail
    make
    make install
    make install-suid

  Procmail will look for a sendmail file anywhere in the $PATH.  If it doesn't
  exist, it will prompt you for it.  Touching the file will allow it to find
  sendmail in the location where we will later install it.

Sendmail:

  NOTE:  m4 is very picky.. pay close attention, and realize that these are
  not standard single quotes.

  Unpack the source tarball, cd into the directory it created.

  Edit the file devtools/OS/Linux.  At the end of this file, add the following
  lines:

    define(`confMANGRP',`root')
    define(`confMANOWN',`root')
    define(`confSBINGRP',`root')
    define(`confUBINGRP',`root')
    define(`confUBINOWN',`root')

  You can also define/change the optimization flags here.  By default, we will
  be building the 'OPTIMIZED' variant, so this is the only one you need to edit.

  Run the following:

    cd sendmail/ && sh Build && cd ../

  Once that has completed (without error, hopefully), we need to build a
  config file.  The file cf/README has explanations of virtually every
  sendmail configuration option available.  I would advise you to at least
  browse the sections the config below mentions.

  cd into the cf/cf/ directory.  Edit the file config.mc (it doesn't exist..
  we are creating it).  The following is the config I use, and it has proven
  itself to be quite flexible.  I am recommending this config for most.  If
  you feel you may have special needs, consult the cf/README file.

  The following lines belong in the config.mc file you should be editing now.

    divert(0)dnl
    VERSIONID(`$Id: sendmail.txt,v 1.3 2001/07/01 23:09:20 highos Exp $')
    OSTYPE(linux)dnl
    DOMAIN(generic)dnl
    FEATURE(smrsh)dnl
    MAILER(local)dnl
    MAILER(smtp)dnl
    FEATURE(`nouucp',`reject')dnl
    FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
    define(`confCW_FILE', `-o /etc/mail/sendmail.cw')dnl
    FEATURE(`access_db',`hash /etc/mail/access')dnl
    FEATURE(`blacklist_recipients')dnl
    FEATURE(`no_default_msa')

  This config enables the following features.
    * smrsh (sendmail restricted shell).
    * procmail as the local delivery agent.
    * No uucp support.
    * Virtual user table support.
    * Access database support (handles relaying, blacklisting, etc).
    * Real-time blacklisting support (RBL).

  Save this file, and run the following command:

    sh Build config.cf
    mkdir -p /etc/mail /var/spool/mqueue
    cp config.cf /etc/mail/sendmail.cf
    cp config.mc /etc/mail/

  If there were any errors generating the config.cf file, please double check
  the config.mc's syntax (check those `' things).

  We are going to change smrsh's bin directory, because the default doesn't
  seem very appropriate to me, and it's not very FHS compliant.  Enter the
  sendmail-root/smrsh/ directory (should be a cd ../../smrsh/ away), and load
  smrsh.c in your favorite editor.  Find the following section (it begins on
  line 76 in 8.11.4):

    #ifndef CMDDIR
    # if defined(HPUX10) || defined(HPUX11) || SOLARIS >= 20800
    #  define CMDDIR    "/var/adm/sm.bin"
    # else /* HPUX10 || HPUX11 || SOLARIS >= 20800 */
    #  define CMDDIR    "/usr/adm/sm.bin"

  Change the above line to:

    #  define CMDDIR    "/var/lib/smrsh.bin"

  Save the file and continue.

  Now, enter the top source directory (should be a cd ../ away), and run
  the following:

    sh Build
    sh Build install

  Sendmail is now installed.. now to finish the configuration.

  We will start with smrsh's configuration.  Create the directory we defined
  above (mkdir -p /var/lib/smrsh.bin) and cd into it.  The sendmail restricted
  shell is what will be executed (in place of /bin/sh) in order to execute any
  commands that may appear in a user's .forward file.  It can only execute a
  program if it appears in it's CMDDIR.  From the CMDDIR directory, execute
  the following:

    ln -s /usr/bin/procmail
    ln -s /usr/bin/vacation

  This will allow smrsh to execute procmail and vacation, and nothing else.
  You should never allow it to execute any shell, as it will defeat any
  security advantages gained by using it.

  Edit the /etc/mail/aliases file.  Insert (at least) the following lines:

    postmaster: root
    MAILER-DAEMON: root

  See man 5 aliases for an explanation of this file.  It is fairly
  straight-forward.

  Edit the /etc/mail/access file.  This file only has to exist.. null content
  is OK.  This file is quite powerful.. you should read the cf/README section
  about it to fully understand it.

  These lines are to serve as an example, and are not required in any way.

    10.0.0 RELAY
    spammer at aol.com ERROR:"550 spam sucks"

  The first line tells sendmail to relay any request from my LAN, 10.0.0.*.
  The second line tells sendmail to reject any mail from spammer at aol.com with
  the message, "I don't like spam, you spammer!"

  IMPORTANT:  The following command MUST BE EXECUTED after ANY changes to the
              /etc/mail/access file.

  Now, we must create the access.db (in the form sendmail wants it).  The
  following command will do so.

    makemap hash /etc/mail/access < /etc/mail/access

  This is the last step in the sendmail configuration.  We will create the
  sendmail.cw file, which sendmail uses as a list of domains which will be
  treated as 'local'.  If I wanted to accept mail for @microsoft.com, I would
  insert, on one line, microsoft.com.  Here's my sample sendmail.cw file.

    darkside.dynup.net
    crypt.dynup.net

  Finally, run the following command:

    sendmail -v -bi

  This command tells sendmail to build it's alias database.  The -v tells it
  to be very verbose about any possible permission and/or configuration issues
  that may exist.  If it's output is more than something like:

    /etc/mail/aliases: 5 aliases, longest 6 bytes, 62 bytes total

  you should attempt to correct the error (these are usually filesystem
  permission issues).  Check sendmail's output into syslog, also.

  Sendmail provides the newaliases command which you should use from now on to
  update your aliases.

Running sendmail
================

  To run sendmail in daemon mode, where it will listen on port 25 and accept
  mail, use the following.

    /usr/sbin/sendmail -bd -q20m

  The -q20m tells sendmail to re-run the mail queue every 20 minutes.

  To stop sendmail, use the following:

    kill -SIGTERM `head -1 /var/run/sendmail.pid`

  Sendmail provides a few useful tools:

    mailq:
      Dumps the contents of the mail spool, along with the status of
      each message.

    mailstats:
      Shows various usage stats.

    praliases:
      Displays current aliases.

    vacation:
      Auto-responder of sorts for when you're laying on the beach.

  See the corresponding man pages for more information.

Testing your configuration
==========================

  The easiest way will be to open an MUA (like mutt), and first attempt to
  send a message to "root".  If root recieves the message, things should be
  ok.  Second, send a message to root at some.host.you.listed.in./etc/sendmail.cw.
  Do this for each domain you have listed in that file.  All mail should go to
  root.

  There are some more 'advanced' features that are beyond the scope of this.
  You should refer to the excellent documentation which comes with the sendmail
  source and the FAQ located at www.sendmail.org for more information.

Common Problems / FAQ
=====================

  * Sendmail takes forever to start! WTF!

    Sendmail can't resolve your hostname.  In /etc/hosts, you need the
    following:

      127.0.0.1 hostname.domain.tld hostname

  * The hostname and domain sendmail picks up isn't the right one!  Any mail
  * I send comes from an unresolvable/incorrect domain!

    Add the following lines to /etc/mail/sendmail.cf

      Dwmyhostname
      Dmmydomain.tld
      Dj$w.$m

    The Dw<string> defines the hostname, Dm<string> defines the subdomain
    name, and the Dj line expands the Dw and the Dm values into the
    canonical domain name, which is myhostname.mydomain.tld in the above
    example.

    The above will force sendmail to act as that host.domain.tld.
    Alternatively, you could simply:

      DMhostname.domain.tld

    which would tell sendmail to 'masquerade' all mail as
    hostname.domain.tld.

    Either of these will fix the issue, but the previous is probably the
    one you will want to go with.  With the latter, sendmail will still
    identify itself as the erroneous host.domain.tld.

  * Mutt (the *ONLY* MUA!) errors out when I try to send a message!
  * Something about an exec error 127!  WTF!

    Add the following line to either 1) your ~/.muttrc, or 2) the
    system-wide Muttrc (mutt's ./configure --prefix/etc/Muttrc).
    The latter is the more sensible of the two.

      set sendmail = "/usr/sbin/sendmail"

    Restart mutt.

  * I want to use Maildir damnit!

    Edit your ~/.procmailrc, insert the following:

      :0
      *
      /home/your_username/Mail/

    Run:  mkdir -p ~/Mail/{cur,new,tmp}

    Voila.  Your mail will now be delivered to ~/Mail/, in the maildir format.

    NOTE:  I am not a procmail master.  If anyone has any additional tips on
    it, please submit them.

===========
End of hint


More information about the hints mailing list