Click here to see this site with all of the graphics, features, and links.
dBforums Archive for: comp.unix.sco.misc
MMDF to Sendmail + Sendmail Webmin Setup guide
Click here to see this thread with all of the graphics and features.
| Matt Lewis Feb 12 2003 14:55 |
** Installing Sendmail 8.11.x on SCO
OpenServer 5.0.x ** Feb 10, 2002 key:: Commands are surrounded by ( ) Examples are quoted " " ** Introduction ** To thwart the ever-growing problem of junk and spam email, which in many cases cripples systems and daily, business operations it will be necessary to convert a growing number of systems to newer and more secure methods of mail deliver. Methods to implement include the blocking of mail relaying through systems. Checks of who is sending mail and who is authorized to do so. Creation of blacklisted senders from which mail will always be rejected. Creation of white lists specifying each individual who is allowed mail access while denying all others. Using new techniques of identifying sources of spam email such as real time black hole lists and content filtering such as spamassassin. ** Advantages of Sendmail over MMDF ** a_ Better Relay checking b_ Better DNS failure rejection c_ Hosts, user, and network access restrictions applicable d_ Better industry support, documentation and ongoing development over MMDF or similar mailers. e_ Graphical Administration tools available for most environments including SCO OpenServer 5.0.x through Webmin f_ Ability to add custom features like blocking incoming mail with listed words in subject. g_ Support for new techniques for mail filtering or rejection such as content filters of distributed database through dns. ** Preparing for Upgrade ** 1. Backup the usr mail files in /usr/spool/mail/ ( cp -rp /usr/spool/mail /tmp/ ) using -rp flags to preserve permissions on mail spool files. Uninstalling mmdf or sendmail will remove all files in /usr/spool/mail Backup the mmdf aliases file. This will later be appended to /usr/lib/mail/aliases for sendmail ( cp /usr/mmdf/table/aliases /tmp/ ) Backup the mmdftailor config for reference ( cp /usr/mmdf/mmdftailor /tmp/ ) 2. To uninstall mmdf issue custom -p SCO:odtes -d SCO:MMDF 3. By default Openserver 5.0.5 has Sendmail 8.8.8b installed. You should not use this as many known exploits exist for this version of Sendmail. Also many of the anti-spam features of Sendmail are not fully implemented in this version The newest complete Sendmail package available from SCO is part of supplement rs506a meant for Openserver 5.0.6. Included is Sendmail 8.11.0. This supplement will work on Openserver 5.0.5 and Openserver 5.0.4. ** Note: On Openserver 5.0.6b if you have Sendmail already installed you will get an error saying you are trying to install an older version of Sendmail. This is not the case. You must first uninstall your current version of sendmail with the following # custom -p SCO:ODTES -d SCO:SendMail. Then install sendmail 8.11.0 from rs506a ** Downloading the Software ** 1. Download rs506a.tar at ftp.caldera.com /pub/openserver5/rs506a/rs506a.tar 2. Extract the media images into the /tmp directory (tar xvf /tmp/rs506a.tar) 3. Issue ( scoadmin software) Select Install new from Media Images. This will list several different components, which can be installed. Only select Sendmail and install. The installation procedure will have an error. Ignore this error with 'i' and continue the Sendmail installation. 4. Now download the sendmail.8.11.0.tar.Z from ftp.sendmail.org /pub/sendmail/past-releases/sendmail.8.11.0.tar.Z 5. Uncompress and untar sendmail.8.11.0.tar.Z in /usr/local/ ( cd /usr/local/sendmail.8.11.0/cf/cf ) (cp sco-generic.mc /usr/local/sendmail.8.11.0/cf/cf ) Note: sco-generic.mc is a Sco OpenServer specific config file for Sendmail that is attached at the end of this documentation. Cut and paste into a an editor and name this sco-generic.mc ** Creating the config file sendmail.cf ** 1. Use the sco-generic.mc file for specific use with SCO Openserver. The only item in most configurations that will need changing in sco-generic.mc is the name of the domain you would like to MASQUERADE_AS(`testdomain.com)dnl Change this to the domain you are setting sendmail up for. Once saved issue ( m4 sco-generic.mc > test.cf ) in the /usr/local/sendmail.8.11.0/cf/cf directory. This will process the configuration directives and create our initial configuration. 2. ( cp test.cf /usr/lib/sendmail.cf ) 3. Now create the files referenced in sco-generic.mc 4. ( touch /usr/lib/mail/access ):: Access database crucial for Anti-Spam ( touch /usr/lib/mail/relay-domains ) :: List of hosts we will relay mail for ( touch /usr/lib/mail/local-host-names ) :: List of names the local host is known by ( touch /usr/lib/mail/blocked_subjects ) :: List of words or phrases that will be rejected in subject. Note: In the blocked_subjects file phrases such as this is it must have the spaces replaces with dots. Exa. "this is it" becomes "this.is.it" Note: After entries have been made to /usr/lib/mail/blocked_subjects you must stop and start sendmail for entries to be updated using. ( /etc/init.d/sendmail stop; /etc/init.d/sendmail start) or issue a kill -HUP "process id of sendmail" ( touch /usr/lib/mail/local-host-names ) :: List of names the mail server is know as ( touch /usr/lib/mail/statistics ):: Will keep track of statistics. Use mailstats command to view statistics from this file. Create directory /var/adm/sendmail :: This directory will save sendmail stats and status to files. Use the hoststat command to view this information. ( mkdir /var/adm/sendmail ) ( cd /usr/lib/mail/ ) ( makemap hash access > /usr/lib/mail/aliases ) Edit aliases removing MMDF specific text, leaving the aliases behind Issue ( newaliases ); builds the aliases database. Add to /usr/lib/mail/local-host-names ; names which the mail server is known by exa. test-domain.com test.test-domain.com test 6. For Anti-Spam to have a chance we must have reverse DNS Make the following entries in /etc/resolv.conf exa. (replace 66.66.66.x with your sites nameserver ip addresses) nameserver 66.66.66.6 nameserver 66.66.66.7 hostresorder local bind nis The nameserver entries will be the nameserver/dns servers that your internet service provider has specified to you. 6a. Replace the erased spool files /usr/spool/mail from /tmp ( cp -rp /tmp/mail/* /usr/spool/mail/ ) 6c. Restart /etc/inetd service by finding the pid of inetd using ( ps -ef |grep inetd ) Then to force inetd to re-read its configuration issue ( kill -HUP "process id of inetd" ) 6d. Any special processing files used with mmdf such as .maildelivery will have to be migrated to sendmail. For example mmdf can use .maildelivery to forward mail. Sendmail uses the .forward file in each users home directory to accomplish this. 6e. Another potential pitfall is that even after switching from MMDF to Sendmail the mail user agents on OpenServer such as scomail still look to the file /usr/mmdf/mmdftailor. To get the host.domainname to put into the headers of all outbound messages. A dummy mmdftailor file is created for automatically by installing Sendmail but be sure to check this file to make that the hostname and domain are correct. 7. Now issue ( /etc/init.d/sendmail start ) If lucky everything is fine. To test issue swaping username@domain.com for your own ( /usr/lib/sendmail -v username@domain.com 250 2.1.0 ... Sender ok rcpt to: 250 2.1.5 ... Recipient ok data 354 Enter mail, end with "." on a line by itself . 250 2.0.0 g5HJxks13843 Message accepted for delivery quit 221 2.0.0 test.test-domain.com closing connection Connection closed by foreign host. -- 8. Check /usr/adm/syslog for sendmail errors. 9. Once you are done with this configuration you should have a standalone mail server. That is mail will not be relayed to or sent by any other mail server but will be sent directly out by your domain. No DNS or nameserver setup is needed beyond entries in /etc/resolv.conf which will allow the system to query the domain name servers of your internet service provider to determine the routing of mail. 10. Addittionally you will have a number of features enabled to prevent abuse of and spam email to your mail server. Including real-time black hole lists etc.. Graphical Sendmail Administration Webmin (www.webmin.com) is a web based interface for configuring and maintaining many aspects of a system. It is driven by perl scripting and thus very portable to many platforms. The currently available version 0.98 fully supports SCO Openserver and is an especially good solution for maintenance and admin of many less understood system services such as Sendmail. Installation 1. Download Perl package from ftp://ftp2.caldera.com/pub/skunkware/osr5/vols/ 2. Install as a package using ( scoadmin ) software -> Install new 3. Download the newest version of Webmin from www.webmin.com. SCO does have a version of Webmin in the Skunkware distribution at ftp2.caldera.com/pub/skunkware/osr5/vols/. Installation of Webmin from www.webmin.com is smoother for SCO Openserver though 4. Untar webmin in /usr/local/ This will create a directory /usr/local/webmin-0.9x.x ( cd /usr/local/webmin-0.9x.x ) ( ./setup.sh ) This script will prompt you for several items. Leave everything at default except the following items. Config files /usr/local/etc/webmin Log files /usr/local/log/webmin Admin user is root not admin as the default Once webmin is installed you can start and stop the server with the following commands. /usr/local/etc/webmin/start /usr/local/etc/webmin/stop 5. Now open a browser and type in the hostname or ip address of the host and the port that you installed Webmin the default being 10000. examples http://test.test-domain.com:10000/ http://100.100.0.0:10000/ 5a. So that webmin will be started automatically on bootup issue. mv /etc/rc.d/K99webmin /etc/rc0.d/ mv /etc/rc.d/S99webmin /etc/rc2.d/ 6. Login with root and root password 7. Configure Webmin users and modules. Very good documentation on Webmin and all modules it contains are available at www.webmin.com 8. Sendmail will need its module configured for use with SCO Openserver. Primarily to tell the module where the files Sendmail uses are located. ****************** Below is attached sco-generic.mc file ****************************** divert(-1) # # Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # divert(0)dnl dnl #################### Setup ################################## include(`/usr/local/sendmail-8.11.0/cf/m4/cf.m4') VERSIONID(`$Id: sco-generic.mc,v 1.00 2002/07/12 ML Exp $')dnl OSTYPE(`sco3.2')dnl dnl ################### Network Specific ######################## MASQUERADE_AS(`host.domain')dnl dnl ################### Server Specific ######################### dnl # Commonly used Files define(`ALIAS_FILE',`/usr/lib/mail/aliases')dnl define(`confCR_FILE',`-o /usr/lib/mail/relay-domains')dnl define(`confCW_FILE',`-o /usr/lib/mail/local-host-names')dnl define(`STATUS_FILE',`-o /usr/lib/mail/statistics')dnl define(`confHOST_STATUS_DIRECTORY',`/usr/adm/sendmail')dnl dnl # SCO Openserver Specific variables and options dnl # Needed to fix error with /usr/lib/uucp/ permission on SCO OpenServer define(`confDONT_BLAME_SENDMAIL',`GroupWritableDirPathSafe')dnl dnl # Options to correct deficient bind setup under SCO Openserver. define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl dnl ################## Features ################################ FEATURE(`access_db',`hash -o /usr/lib/mail/access')dnl FEATURE(`use_cw_file')dnl FEATURE(`masquerade_envelope')dnl dnl ################## Anti-Spam / Security Features & Definitions ######### dnl # Disable certain SMTP commands that lend themselves to spam define(`confPRIVACY_FLAGS',authwarnings,novrfy,noexpn,noverb,restrictmailq,restrictqrun,needmailhelo')dnl dnl # Real Time Black Hole Lists. Currently the best FEATURE(`dnsbl',`relays.ordb.org')dnl FEATURE(`dnsbl',`relays.osirusoft.com')dnl FEATURE(`dnsbl',`list.dsbl.org')dnl dnl # Dont Let anyone know exactly what version or Mail Daemon you are running define(`confSMTP_LOGIN_MSG',`$j Mail Secure/Rabid; $b')dnl dnl # Options to help cut down on dictionary attacks define(`confMAX_RCPTS_PER_MESSAGE',`50')dnl define(`confBAD_RCPT_THROTTLE',`3')dnl dnl # Options to limit the load on the mail server define(`confMAX_DAEMON_CHILDREN',`25')dnl dnl # Restricted Shell for security FEATURE(`smrsh') dnl ################# Parameters ############################### EXPOSED_USER(`root') define(`confMAX_MESSAGE_SIZE',`15000000')dnl dnl # Sco Version does not correctly pick up the TIME_ZONE define(`confTIME_ZONE',`USE_TZ')dnl dnl ################# Mailer Definitions ####################### MAILER(`local')dnl MAILER(`smtp')dnl dnl ################ Local Rulesets ############################ dnl # Ruleset to block incoming mail by searching subject for blocked words dnl # or phrases dnl # Note: Multi word entries in blocked_subjects file must have dnl # spaces replaced by "." Exa. "this is it" becomes "this.is.it" dnl # Any changes to blocked_subjects file requires a restart or HUP of dnl # Sendmail. exa (kill -HUP "pid of sendmail") dnl # If you want to go really over-board with the number of blocked_subjects dnl # I recommend turning this into a map. LOCAL_CONFIG F{MRej} /usr/lib/mail/blocked_subjects LOCAL_RULESETS HSubject: $>CheckSubject D{MMsg} Mail blocked. SCheckSubject R$* $={MRej}$* $#error $: 550 ${MMsg} |
