Archive of - dBforums
Click here to see this site with all of the graphics, features, and links.
 
dBforums Archive for: comp.unix.sco.misc

MMDF to Sendmail + Sendmail Webmin Setup guide
Click here to see this thread with all of the graphics and features.

Matt Lewis
Feb 12 2003 14:55 
** Installing Sendmail 8.11.x on SCO OpenServer 5.0.x **
Feb 10, 2002

key::
Commands are surrounded by ( )
Examples are quoted " "


** Introduction **
To thwart the ever-growing problem of junk and spam email, which in
many cases cripples systems and daily, business operations it will be
necessary to

convert a growing number of systems to newer and more secure methods
of mail deliver. Methods to implement include the blocking of mail
relaying through

systems. Checks of who is sending mail and who is authorized to do
so. Creation of blacklisted senders from which mail will always be
rejected. Creation

of white lists specifying each individual who is allowed mail access
while denying all others. Using new techniques of identifying sources
of spam email

such as real time black hole lists and content filtering such as
spamassassin.

** Advantages of Sendmail over MMDF **

a_ Better Relay checking
b_ Better DNS failure rejection
c_ Hosts, user, and network access restrictions applicable
d_ Better industry support, documentation and ongoing development over
MMDF or similar mailers.
e_ Graphical Administration tools available for most environments
including SCO OpenServer 5.0.x through Webmin
f_ Ability to add custom features like blocking incoming mail with
listed words in subject.
g_ Support for new techniques for mail filtering or rejection such as
content filters of distributed database through dns.


** Preparing for Upgrade **

1. Backup the usr mail files in /usr/spool/mail/
( cp -rp /usr/spool/mail /tmp/ )
using -rp flags to preserve permissions on mail spool files.
Uninstalling mmdf or sendmail will remove all files in /usr/spool/mail
Backup the mmdf aliases file. This will later be appended to
/usr/lib/mail/aliases for sendmail
( cp /usr/mmdf/table/aliases /tmp/ )
Backup the mmdftailor config for reference
( cp /usr/mmdf/mmdftailor /tmp/ )

2. To uninstall mmdf issue
custom -p SCO:odtes -d SCO:MMDF

3. By default Openserver 5.0.5 has Sendmail 8.8.8b installed. You
should not use this as many known exploits exist for this version of
Sendmail. Also many

of the anti-spam features of Sendmail are not fully implemented in
this version
The newest complete Sendmail package available from SCO is part of
supplement rs506a meant for Openserver 5.0.6. Included is Sendmail
8.11.0. This

supplement will work on Openserver 5.0.5 and Openserver 5.0.4.

** Note: On Openserver 5.0.6b if you have Sendmail already installed
you will get an error saying you are trying to install an older
version of Sendmail.

This is not the case. You must first uninstall your current version
of sendmail with the following # custom -p SCO:ODTES -d SCO:SendMail.
Then install

sendmail 8.11.0 from rs506a

** Downloading the Software **

1. Download rs506a.tar at ftp.caldera.com
/pub/openserver5/rs506a/rs506a.tar
2. Extract the media images into the /tmp directory
(tar xvf /tmp/rs506a.tar)
3. Issue ( scoadmin software)
Select Install new from Media Images. This will list several
different components, which can be installed. Only select Sendmail
and install. The

installation procedure will have an error. Ignore this error with 'i'
and continue the Sendmail installation.
4. Now download the sendmail.8.11.0.tar.Z from ftp.sendmail.org
/pub/sendmail/past-releases/sendmail.8.11.0.tar.Z

5. Uncompress and untar sendmail.8.11.0.tar.Z in /usr/local/
( cd /usr/local/sendmail.8.11.0/cf/cf )
(cp sco-generic.mc /usr/local/sendmail.8.11.0/cf/cf )
Note: sco-generic.mc is a Sco OpenServer specific config file for
Sendmail that is attached at the end of this documentation. Cut and
paste into a an

editor and name this sco-generic.mc

** Creating the config file sendmail.cf **

1. Use the sco-generic.mc file for specific use with SCO Openserver.
The only item in most configurations that will need changing in
sco-generic.mc is the name of the domain you would like to

MASQUERADE_AS(`testdomain.com)dnl Change this to the domain you are
setting sendmail up for. Once saved issue
( m4 sco-generic.mc > test.cf ) in the
/usr/local/sendmail.8.11.0/cf/cf directory. This will process the
configuration directives and create our initial

configuration.

2. ( cp test.cf /usr/lib/sendmail.cf )

3. Now create the files referenced in sco-generic.mc

4. ( touch /usr/lib/mail/access ):: Access database crucial for
Anti-Spam
( touch /usr/lib/mail/relay-domains ) :: List of hosts we will
relay mail for
( touch /usr/lib/mail/local-host-names ) :: List of names the local
host is known by
( touch /usr/lib/mail/blocked_subjects ) :: List of words or
phrases that will be rejected in subject.
Note: In the blocked_subjects file phrases such as this is it must
have the spaces replaces with dots. Exa. "this is it" becomes
"this.is.it"
Note: After entries have been made to
/usr/lib/mail/blocked_subjects you must stop and start sendmail for
entries to be updated using. (

/etc/init.d/sendmail stop; /etc/init.d/sendmail start) or issue a kill
-HUP "process id of sendmail"
( touch /usr/lib/mail/local-host-names ) :: List of names the mail
server is know as
( touch /usr/lib/mail/statistics ):: Will keep track of statistics.
Use mailstats command to view statistics from this file.
Create directory /var/adm/sendmail :: This directory will save
sendmail stats and status to files. Use the hoststat command to view
this information.
( mkdir /var/adm/sendmail )
( cd /usr/lib/mail/ )
( makemap hash access > /usr/lib/mail/aliases )
Edit aliases removing MMDF specific text, leaving the aliases
behind
Issue
( newaliases ); builds the aliases database.
Add to /usr/lib/mail/local-host-names ; names which the mail server
is known by exa.
test-domain.com
test.test-domain.com
test

6. For Anti-Spam to have a chance we must have reverse DNS
Make the following entries in /etc/resolv.conf
exa. (replace 66.66.66.x with your sites nameserver ip addresses)
nameserver 66.66.66.6
nameserver 66.66.66.7
hostresorder local bind nis
The nameserver entries will be the nameserver/dns servers that your
internet service provider has specified to you.

6a. Replace the erased spool files /usr/spool/mail from /tmp
( cp -rp /tmp/mail/* /usr/spool/mail/ )

6c. Restart /etc/inetd service by finding the pid of inetd using
( ps -ef |grep inetd ) Then to force inetd to re-read its
configuration issue
( kill -HUP "process id of inetd" )

6d. Any special processing files used with mmdf such as .maildelivery
will have to be migrated to sendmail. For example mmdf can use
.maildelivery to

forward mail. Sendmail uses the .forward file in each users home
directory to accomplish this.

6e. Another potential pitfall is that even after switching from MMDF
to Sendmail the mail user agents on OpenServer such as scomail still
look to the file

/usr/mmdf/mmdftailor. To get the host.domainname to put into the
headers of all outbound messages. A dummy mmdftailor file is created
for

automatically by installing Sendmail but be sure to check this file to
make that the hostname and domain are correct.

7. Now issue
( /etc/init.d/sendmail start )
If lucky everything is fine.
To test issue swaping username@domain.com for your own
( /usr/lib/sendmail -v username@domain.com
250 2.1.0 ... Sender ok
rcpt to:
250 2.1.5 ... Recipient ok
data
354 Enter mail, end with "." on a line by itself
.
250 2.0.0 g5HJxks13843 Message accepted for delivery
quit
221 2.0.0 test.test-domain.com closing connection
Connection closed by foreign host.
--
8. Check /usr/adm/syslog for sendmail errors.

9. Once you are done with this configuration you should have a
standalone mail server. That is mail will not be relayed to or sent
by any other mail server

but will be sent directly out by your domain. No DNS or nameserver
setup is needed beyond entries in /etc/resolv.conf which will allow
the system to

query the domain name servers of your internet service provider to
determine the routing of mail.

10. Addittionally you will have a number of features enabled to
prevent abuse of and spam email to your mail server. Including
real-time black hole lists

etc..


Graphical Sendmail Administration

Webmin (www.webmin.com) is a web based interface for configuring and
maintaining many aspects of a system. It is driven by perl scripting
and thus very

portable to many platforms. The currently available version 0.98
fully supports SCO Openserver and is an especially good solution for
maintenance and admin

of many less understood system services such as Sendmail.


Installation

1. Download Perl package from
ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/

2. Install as a package using
( scoadmin ) software -> Install new

3. Download the newest version of Webmin from www.webmin.com. SCO
does have a version of Webmin in the Skunkware distribution at

ftp2.caldera.com/pub/skunkware/osr5/vols/. Installation of Webmin
from www.webmin.com is smoother for SCO Openserver though

4. Untar webmin in /usr/local/
This will create a directory /usr/local/webmin-0.9x.x
( cd /usr/local/webmin-0.9x.x )
( ./setup.sh )

This script will prompt you for several items. Leave everything at
default except the following items.

Config files
/usr/local/etc/webmin
Log files
/usr/local/log/webmin

Admin user is root not admin as the default

Once webmin is installed you can start and stop the server with the
following commands.

/usr/local/etc/webmin/start
/usr/local/etc/webmin/stop


5. Now open a browser and type in the hostname or ip address of the
host and the port that you installed Webmin the default being 10000.
examples

http://test.test-domain.com:10000/
http://100.100.0.0:10000/


5a. So that webmin will be started automatically on bootup issue.
mv /etc/rc.d/K99webmin /etc/rc0.d/
mv /etc/rc.d/S99webmin /etc/rc2.d/

6. Login with root and root password

7. Configure Webmin users and modules. Very good documentation on
Webmin and all modules it contains are available at www.webmin.com

8. Sendmail will need its module configured for use with SCO
Openserver. Primarily to tell the module where the files Sendmail
uses are located.



****************** Below is attached sco-generic.mc file
******************************

divert(-1)
#
# Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers.
# All rights reserved.
# Copyright (c) 1983 Eric P. Allman. All rights reserved.
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#
divert(0)dnl
dnl #################### Setup ##################################
include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4')
VERSIONID(`$Id: sco-generic.mc,v 1.00 2002/07/12 ML Exp $')dnl
OSTYPE(`sco3.2')dnl

dnl ################### Network Specific ########################
MASQUERADE_AS(`host.domain')dnl

dnl ################### Server Specific #########################
dnl # Commonly used Files
define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl
define(`confCR_FILE',`-o /usr/lib/mail/relay-domains')dnl
define(`confCW_FILE',`-o /usr/lib/mail/local-host-names')dnl
define(`STATUS_FILE',`-o /usr/lib/mail/statistics')dnl
define(`confHOST_STATUS_DIRECTORY',`/usr/adm/sendmail')dnl

dnl # SCO Openserver Specific variables and options
dnl # Needed to fix error with /usr/lib/uucp/ permission on SCO
OpenServer
define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl

dnl # Options to correct deficient bind setup under SCO Openserver.
define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl

dnl ################## Features ################################
FEATURE(`access_db',`hash -o /usr/lib/mail/access')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`masquerade_envelope')dnl

dnl ################## Anti-Spam / Security Features & Definitions
#########
dnl # Disable certain SMTP commands that lend themselves to spam
define(`confPRIVACY_FLAGS',authwarnings,novrfy,noexpn,noverb,restrictmailq,restrictqrun,needmailhelo')dnl

dnl # Real Time Black Hole Lists. Currently the best
FEATURE(`dnsbl',`relays.ordb.org')dnl
FEATURE(`dnsbl',`relays.osirusoft.com')dnl
FEATURE(`dnsbl',`list.dsbl.org')dnl

dnl # Dont Let anyone know exactly what version or Mail Daemon you are
running
define(`confSMTP_LOGIN_MSG',`$j Mail Secure/Rabid; $b')dnl

dnl # Options to help cut down on dictionary attacks
define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl

dnl # Options to limit the load on the mail server
define(`confMAX_DAEMON_CHILDREN',`25')dnl

dnl # Restricted Shell for security
FEATURE(`smrsh')


dnl ################# Parameters ###############################
EXPOSED_USER(`root')
define(`confMAX_MESSAGE_SIZE',`15000000')dnl

dnl # Sco Version does not correctly pick up the TIME_ZONE
define(`confTIME_ZONE',`USE_TZ')dnl

dnl ################# Mailer Definitions #######################
MAILER(`local')dnl
MAILER(`smtp')dnl

dnl ################ Local Rulesets ############################
dnl # Ruleset to block incoming mail by searching subject for blocked
words
dnl # or phrases
dnl # Note: Multi word entries in blocked_subjects file must have
dnl # spaces replaced by "." Exa. "this is it" becomes "this.is.it"
dnl # Any changes to blocked_subjects file requires a restart or HUP
of
dnl # Sendmail. exa (kill -HUP "pid of sendmail")
dnl # If you want to go really over-board with the number of
blocked_subjects
dnl # I recommend turning this into a map.

LOCAL_CONFIG
F{MRej} /usr/lib/mail/blocked_subjects

LOCAL_RULESETS
HSubject: $>CheckSubject
D{MMsg} Mail blocked.
SCheckSubject
R$* $={MRej}$* $#error $: 550 ${MMsg}


dBforums.com - RDBMS discussion and helpdesk
 

More Computer Related Text Archives:  MainFrameForum Plan, Implement and Support


Click here to see this site with all of the graphics, features, and links.

copyright 2001, 2002 dBforums.com

vbSpiderMate - inspired by : vbSpiderFriend ~shabang~ of Marijuana Growing