cvs commit: hints sendmail.txt
timothy at linuxfromscratch.org
timothy at linuxfromscratch.org
Wed Feb 26 15:35:44 PST 2003
timothy 03/02/26 18:35:44
Modified: . sendmail.txt
Upgraded db, sendmail and removed 'mail' setup.
Revision Changes Path
1.25 +12 -41 hints/sendmail.txt
RCS file: /home/cvsroot/hints/sendmail.txt,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- sendmail.txt 27 Jan 2003 20:17:55 -0000 1.24
+++ sendmail.txt 26 Feb 2003 23:35:44 -0000 1.25
@@ -43,6 +43,7 @@
0.1.13 edit the initscript to process the failed messages in the clientmqueue.
0.1.14 thanks to Duncan Webb <duncan AT dwebb.ch> for a fix to the submit.mc
0.1.15 notes on berkeleydb and added ssl support
+0.1.16 upgraded db, sendmail and removed group 'mail' setup
@@ -51,11 +52,7 @@
Handles sending and receiving of mail by the SMTP protocol
- Latest 'stable' version at time of writing is 8.12.6, you will also
- require a patch to that version publicised on the main webpage. I say
- 'stable' here because the latest version is 8.12.7, which requires a
- more recent version of Berkeley DB. Feel free to use that version of
- sendmail if you are happy using the more recent Berkeley DB.
+ Latest stable version at time of writing is 8.12.7.
Our local delivery agent (makes sure mail goes to the correct boxes)
@@ -63,9 +60,8 @@
Berkeley DB: http://www.sleepycat.com/download.html
Sendmail uses this library to store much of it's configuration.
- Latest stable version at time of writing is 4.0.14 although
- many applications are now porting to the 4.1.x series and
- this hint will address that in the future.
+ Latest stable version at time of writing is 4.1.25 although
+ requires a patch found at the same location.
Make sure you run md5sum and check the signatures of the packages!
The recent sendmail trojan was a lesson to us all!
@@ -99,15 +95,17 @@
You may want to build the database with back-wards compatibility, so that you
-can use this functionality with older and unmaintained packages.
+can use this functionality with older and unmaintained packages
(--enable-compat185). Try passing (--help) to see other API's you may build,
-such as java, c++ and tcl, in fact you will need c++ and java if you wish
-to build OpenOffice. This package takes the standard GNUmake environment
-variables for optimisations and now is the best time to set them;
+such as java, c++ and tcl. Be warned that if you build Openoffice you may have
+conflicts as it requires an older version of Berkeley-DB. This package takes
+the standard GNUmake environment variables for optimisations and now is
+the best time to set them;
export CFLAGS='-s -O2 -march=i386 -fomit-frame-pointer'
unpack db tarball
+patch -p0 < ../patch.220.127.116.11 # Apply the patch
../dist/configure --prefix=/usr --enable-compat185
@@ -137,16 +135,9 @@
Sendmail runs on TCP port 25, and by default runs as root. Although Sendmail
has now gained the respect of the community as being safe to run as root,
I still do not like having daemons running on open ports as root. So we will
-create the group/user pair 'smmsp'.
-This will be quite an out of the ordinary install, as I intend to allow the
-system administrator to have control over who ultimately can use Sendmail,
-through a group called 'mail'. Obviously there are ways around this if somebody
-_really_ wants to send an email (such as telnetting port 25) but it will give
-a fair deal of control to the systems administrator. Create these groups like
+create the group/user pair 'smmsp':
groupadd -g 18 smmsp
-groupadd -g 19 mail
useradd -g smmsp -G mail -u 18 smmsp
Unlike Procmail and most other programs, which use a text based rc file for
@@ -156,11 +147,6 @@
then processed by the m4 macro processor to create the 'cf' config file.
Editing a 'cf' file directly is NOT recommended.
-A security problem was recently found, apply the patch by typing in the root
-directory of sendmail
-patch smrsh/smrsh.c < ../smrsh-20020924.patch
After unpacking sendmail, in order to avoid a user.group install which we
may not be able to accomodate, create the config file with the following
after setting your CFLAGS to what you desire (leaving them blank is also
@@ -218,6 +204,7 @@
cp -r cf/domain /etc/mail
cp -r cf/feature /etc/mail
cp -r cf/mailer /etc/mail
+cp -r cf/sh /etc/mail
cat > cf/cf/sendmail.mc << "EOF"
@@ -345,22 +332,6 @@
chmod 1777 /var/mail
Now run `sendmail -v -bi` to upgrade the sendmail alias list.
-OK, now we will do the unconventional stuff... you can skip this section if you
-just want a standard install where anyone can use Sendmail. What we do is create
-a folder which only has entry permissions set for members of a group 'mail' and
-move the Sendmail binary into the folder. Then we make a symbolic link from this
-new location to the default so that nothing is disrupted. You need to be a
-member of the group 'mail' to be able to access the binary!
-mv sendmail sendmailbin/
-ln -s /usr/sbin/sendmailbin/sendmail /usr/sbin/sendmail
-chown root.mail sendmailbin
-chmod o-rwx sendmailbin
-chown smmsp.smmsp sendmailbin/sendmail
-chmod 2111 sendmailbin/sendmail
OK, sendmail is now installed and should be working once we run the startup
script, speaking of which...
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe hints' in the subject header of the message
More information about the hints