Custom Search

Setting up a secure Linux server - Sendmail installation

1.	edit sendmail/srvrsmtp.c
2.	cd sendmail/ -> sh Build
3.	mkdir/var/spool/mqueue; mkdir /etc/mail; -> cd cf/cf -> sh Build sendmail.cf
4.	cd ../../sendmail - > sh Build install-set-user-id
5.	cd ../ -> {makemap vacation} && $sh Build install-strip {makemap vacation}
6.	cd smrsh -> notes below
--------------------
# I set the values to 1 or 2:
sendmail/srvrsmtp.c :
		    MAXBADCOMMANDS	25	unknown commands
		    MAXNOOPCOMMANDS	20	NOOP, VERB, ONEX, XUSR
		    MAXHELOCOMMANDS	3	HELO, EHLO
		    MAXVRFYCOMMANDS	6	VRFY, EXPN
		    MAXETRNCOMMANDS	8	ETRN
		Setting a value to 0 disables the check.  
------------------------
#   sendmail.mc:
# consult the docs
OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(access_db)dnl
FEATURE(virtusertable)dnl
FEATURE(genericstable)dnl
FEATURE(always_add_domain)dnl
FEATURE(blacklist_recipients)dnl
FEATURE(smrsh)dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`delay_checks',`friend')dnl
HACK(`require_rdns_2',`reject')dnl
MAILER(local)dnl
MAILER(smtp)dnl

edit the final sendmail.cf to your site specifications


# Stopping Spam:
# This guy has a HACK to do reverse dns checks that I really like.
# After more than two months I've had no complaints of missed mail.
# Combine this with a good /etc/mail/access file to block, for 
# example, dhcp.scrm.ca.charter.com, and Bob's yer uncle.
# http://blogs.sun.com/roller/resources/jbeck/require_rdns.m4
# //www.fiveanddime.net/ss/etc-mail-access.html

--------------------------
 touch: /etc/mail/local-host-names - add all of our domains
 touch: /etc/mail/    :   relay-domains - access - virtusertable - genericstable - LocalIP
 mkdir /var/spool/mqueue/.hoststat   

----------
SMRSH:
$sh Build LDOPTS=-static install-strip
$chmod 511 /usr/sbin/smrsh
search for Mprog in sendmail.cf, make sure it says /usr/sbin/smrsh and not /bin/sh
 ----mkdir /usr/adm/sm.bin && ln -s /usr/bin/procmail &&  ln -s /usr/bin/vacation

------------
recompile any makemap files (makemap hash /etc/mail/access < /etc/mail/access)
chmod 775 /var/spool/mail
chmod 755 /var/spool/mqueue
chmod 755 /var/spool/mqueue/.hoststat
chown root.mail mail & mqueue

------------
cat >> /etc/mail/service.switch
hosts: files dns
aliases: files

----
$>/usr/sbin/sendmail -bd -q45m

=============================================================
			Installing sendmail

**Note**: Starting with sendmail 8.12, sendmail is no longer set-user-ID
root by default.  As a result of this, you need to install two .cf files.
See steps 4 and 6 in this document.  We also strongly recommend reading
sendmail/SECURITY for more installation information.
1. Read all the README files noted in the INTRODUCTION section of the README
   file in this top-level directory.
2. Create any necessary site configuration build files, as noted in
   devtools/Site/README.
3. In the sendmail/ directory, run "sh Build" (see sendmail/README for
   details).
4. Change to the cf/cf/ directory (that's not a typo): Copy whichever .mc
   file best matches your environment to sendmail.mc, where config can be any
   name.  Next, tailor it as explained in cf/README.  Then run
   "sh Build sendmail.cf".
5. Back up your current /etc/mail/sendmail.cf and the sendmail binary (whose
   location varies from operating system to operating system, but is usually
   in /usr/sbin or /usr/lib).
6. Install sendmail.cf as /etc/mail/sendmail.cf and submit.cf as
   /etc/mail/submit.cf.  This can be done in the cf/cf by using
   "sh Build install-cf".
   Please read sendmail/SECURITY before continuing; you have to create a
   new user smmsp and a new group smmsp for the default installation.
   Then install the sendmail binary built in step 3 by cd-ing back to
   sendmail/ and running "sh Build install".
7. For each of the associated sendmail utilities (makemap, mailstats, etc.),
   read the README in the utility's directory.  When you are ready to install
   it, back up your installed version and type "sh Build install".
8. If you are upgrading from an older version of sendmail and are using any
   database maps, be sure to rebuild them with the new version of makemap,
   in case you are now using a different (and thereby incompatible) version
   of Berkeley DB.
$Revision: 8.13 $, Last updated $Date: 2001/09/08 00:15:06 $

-------------







www.fiveanddime.net








Custom Search