Sendmail hint update

J. Jones jjones at darkside.dynup.net
Fri Jul 27 18:20:14 PDT 2001


Changes:

  Only one.. the new Berkeley DB 3.3.11 package has what I'm assuming is a
  typo in it's 185 compatibility header.  A quick sed to fix it was added so
  it will actually work with packages that use it (sendmail doesn't).

Enjoy!
Jeremy

-------------- next part --------------
GENERAL OUTLINE
===============

TITLE:		Sendmail
LFS VERSION:	Any
AUTHOR:		J. Jones <wwbarf at qnexfvqr.qlahc.arg>

SYNOPSIS:
	This hint covers the building, configuring, and use of Sendmail.  Any and
all feedback is welcome.  Rot13 the address.

HINT:

Software you need
=================

  Sendmail (duh):  ftp://ftp.sendmail.org/pub/sendmail/
    I recommend the latest 8.11 (8.11.4 at this time).

  Procmail:  http://www.procmail.org/
    This will be used as our local delivery agent.

  Berkeley DB:  http://www.sleepycat.com/download.html
    Sendmail uses this (libdb) to store much of it's configuration.
    Use the latest 3.* version (3.3.11 currently).

Building the required packages
==============================

Berzerkeley DB:

  Unpack the source tarball, cd into the build_unix/ subdirectory of the directory
  created.  From here, run the following:

    ../dist/configure --prefix=/usr --enable-compat185 \
      --enable-shared --enable-static
    make
    make docdir=/usr/doc/Berkeley-DB install
    mv /usr/lib/libdb-3.3.a /usr/lib/libdb.a

    There was apparently a typo in the 3.3.11 package.  The sed below reverts
    db_185.h to it's last working state.  Sendmail does not use this
    compatibility, but many other packages do (GNOME).

    sed 's/^DB185/DB/' /usr/include/db_185.h > /usr/include/db_185.h.new
    mv /usr/include/db_185.h.new /usr/include/db_185.h

Procmail:

  Unpack the source tarball, cd into the directory it created.  From here, run
  the following:

    touch /usr/sbin/sendmail
    make
    make install
    make install-suid

  Procmail will look for a sendmail file anywhere in the $PATH.  If it doesn't
  exist, it will prompt you for it.  Touching the file will allow it to find
  sendmail in the location where we will later install it.

Sendmail:

  Unpack the source tarball, cd into the directory it created.

  Edit the file devtools/OS/Linux.  At the end of this file, add the following
  lines:

    define(`confMANGRP',`root')
    define(`confMANOWN',`root')
    define(`confSBINGRP',`root')
    define(`confUBINGRP',`root')
    define(`confUBINOWN',`root')

  You can also define/change the optimization flags here.  By default, we will
  be building the 'OPTIMIZED' variant, so this is the only one you need to edit.

  Run the following:

    cd sendmail/ && sh Build && cd ../

  Once that has completed (without error, hopefully), we need to build a
  config file.  The file cf/README has explanations of virtually every
  sendmail configuration option available.  I would advise you to at least
  browse the sections the config below mentions.

  cd into the cf/cf/ directory.  Edit the file config.mc (it doesn't exist..
  we are creating it).  The following is the config I use, and it has proven
  itself to be quite flexible.  I am recommending this config for most.  If
  you feel you may have special needs, consult the cf/README file.

  The following lines belong in the config.mc file you should be editing now.

    divert(0)dnl
    VERSIONID(`$Id: sendmail.txt,v 1.3 2001/07/01 23:09:20 highos Exp $')
    OSTYPE(linux)dnl
    DOMAIN(generic)dnl
    FEATURE(smrsh)dnl
    MAILER(local)dnl
    MAILER(smtp)dnl
    FEATURE(`nouucp',`reject')dnl
    FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl
    define(`confCW_FILE', `-o /etc/mail/sendmail.cw')dnl
    FEATURE(`access_db',`hash /etc/mail/access')dnl
    FEATURE(`blacklist_recipients')dnl
    FEATURE(`no_default_msa')

  This config enables the following features.
    * smrsh (sendmail restricted shell).
    * procmail as the local delivery agent.
    * No uucp support.
    * Virtual user table support.
    * Access database support (handles relaying, blacklisting, etc).
    * Real-time blacklisting support (RBL).

  Save this file, and run the following command:

    sh Build config.cf
    mkdir -p /etc/mail /var/spool/mqueue
    cp config.cf /etc/mail/sendmail.cf
    cp config.mc /etc/mail/

  If there were any errors generating the config.cf file, please double check
  the config.mc's syntax (check those `' things).

  We are going to change smrsh's bin directory, because the default doesn't
  seem very appropriate to me, and it's not very FHS compliant.  Enter the
  sendmail-root/smrsh/ directory (should be a cd ../../smrsh/ away), and load
  smrsh.c in your favorite editor.  Find the following section (it begins on
  line 76 in 8.11.4):

    #ifndef CMDDIR
    # if defined(HPUX10) || defined(HPUX11) || SOLARIS >= 20800
    #  define CMDDIR    "/var/adm/sm.bin"
    # else /* HPUX10 || HPUX11 || SOLARIS >= 20800 */
    #  define CMDDIR    "/usr/adm/sm.bin"

  Change the above line to:

    #  define CMDDIR    "/var/lib/smrsh.bin"

  Save the file and continue.

  Now, enter the top source directory (should be a cd ../ away), and run
  the following:

    sh Build
    sh Build install

  Sendmail is now installed.

  Create the directory we defined above (mkdir -p /var/lib/smrsh.bin) and cd
  into it.  The sendmail restricted shell is what will be executed (in place
  of /bin/sh) in order to process any commands that may appear in a user's
  .forward file.  It can only execute a program if it appears in it's CMDDIR.
  From the CMDDIR directory, execute the following:

    ln -s /usr/bin/procmail
    ln -s /usr/bin/vacation

  This will allow smrsh to execute procmail and vacation, and nothing else.
  You should never allow it to execute any shell, as it will defeat any
  security advantages gained by using it.

  Edit the /etc/mail/aliases file.  Insert (at least) the following lines:

    postmaster: root
    MAILER-DAEMON: root

  See man 5 aliases for an explanation of this file.  It is fairly
  straight-forward.

  Edit the /etc/mail/access file.  This file only has to exist.. null content
  is OK.  This file is quite powerful.. you should read the cf/README section
  about it to fully understand it.

  These lines are to serve as an example, and are not required in any way.

    10.0.0 RELAY
    spammer at aol.com ERROR:"550 spam sucks"

  The first line tells sendmail to relay any request from my LAN, 10.0.0.*.
  The second line tells sendmail to reject any mail from spammer at aol.com with
  the message, "spam sucks".

  IMPORTANT:  The following command MUST BE EXECUTED after ANY changes to the
              /etc/mail/access file.

  Now, we must create the access.db (in the form sendmail wants it).  The
  following command will do so.

    makemap hash /etc/mail/access < /etc/mail/access

  This is the last step in the sendmail configuration.  We will create the
  sendmail.cw file, which sendmail uses as a list of domains which will be
  treated as 'local'.  If I wanted to accept mail for @microsoft.com, I would
  insert, on one line, microsoft.com.  Here's my sample sendmail.cw file.

    darkside.dynup.net
    crypt.dynup.net

  Finally, run the following command:

    sendmail -v -bi

  This command tells sendmail to build it's alias database.  The -v tells it
  to be very verbose about any possible permission and/or configuration issues
  that may exist.  If it's output is more than something like:

    /etc/mail/aliases: 5 aliases, longest 6 bytes, 62 bytes total

  you should attempt to correct the error (these are usually filesystem
  permission issues).  Check sendmail's output into syslog, too.

  Sendmail provides the newaliases command which you should use from now on to
  update your aliases.

Running sendmail
================

  To run sendmail in daemon mode, where it will listen on port 25 and accept
  mail, use the following.

    /usr/sbin/sendmail -bd -q20m

  The -q20m tells sendmail to re-run the mail queue every 20 minutes.

  To stop sendmail, use the following:

    kill -SIGTERM `head -1 /var/run/sendmail.pid`

  Sendmail provides a few useful tools:

    mailq:
      Dumps the contents of the mail spool, along with the status of
      each message.

    mailstats:
      Shows various usage stats.

    praliases:
      Displays current aliases.

    vacation:
      Auto-responder of sorts for when you're laying on the beach.

  See the corresponding man pages for more information.

Testing your configuration
==========================

  The easiest way will be to open an MUA (like mutt), and first attempt to
  send a message to "root".  If root recieves the message, things should be
  ok.  Second, send a message to root at some.host.you.listed.in./etc/sendmail.cw.
  Do this for each domain you have listed in that file.  All mail should go to
  root.

  There are some more 'advanced' features that are beyond the scope of this.
  You should refer to the excellent documentation which comes with the sendmail
  source and the FAQ located at www.sendmail.org for more information.

Common Problems / FAQ
=====================

  * Sendmail takes forever to start! WTF!

    Sendmail can't resolve your hostname.  In /etc/hosts, you need the
    following:

      127.0.0.1 hostname.domain.tld hostname

  * The hostname and domain sendmail picks up isn't the right one!  Any mail
  * I send comes from an unresolvable/incorrect domain!

    Add the following lines to /etc/mail/sendmail.cf

      Dwmyhostname
      Dmmydomain.tld
      Dj$w.$m

    The Dw<string> defines the hostname, Dm<string> defines the subdomain
    name, and the Dj line expands the Dw and the Dm values into the
    canonical domain name, which is myhostname.mydomain.tld in the above
    example.

    The above will force sendmail to act as that host.domain.tld.
    Alternatively, you could simply:

      DMhostname.domain.tld

    which would tell sendmail to 'masquerade' all mail as
    hostname.domain.tld.

    Either of these will fix the issue, but the previous is probably the
    one you will want to go with.  With the latter, sendmail will still
    identify itself as the erroneous host.domain.tld.

  * Mutt (the *ONLY* MUA!) errors out when I try to send a message!
  * Something about an exec error 127!  WTF!

    Add the following line to either 1) your ~/.muttrc, or 2) the
    system-wide Muttrc (mutt's ./configure --prefix/etc/Muttrc).
    The latter is the more sensible of the two.

      set sendmail = "/usr/sbin/sendmail"

    Restart mutt.

  * I want to use Maildir damnit!

    Edit your ~/.procmailrc, insert the following:

      :0
      *
      /home/your_username/Mail/

    Run:  mkdir -p ~/Mail/{cur,new,tmp}

    Voila.  Your mail will now be delivered to ~/Mail/, in the maildir format.

    NOTE:  I am not a procmail master.  If anyone has any additional tips on
    it, please submit them.

===========
End of hint


More information about the hints mailing list