Setting up a secure Linux server - Sendmail installation
1. edit sendmail/srvrsmtp.c
2. cd sendmail/ -> sh Build
3. mkdir/var/spool/mqueue; mkdir /etc/mail; -> cd cf/cf -> sh Build sendmail.cf
4. cd ../../sendmail - > sh Build install-set-user-id
5. cd ../ -> {makemap vacation} && $sh Build install-strip {makemap vacation}
6. cd smrsh -> notes below
--------------------
# I set the values to 1 or 2:
sendmail/srvrsmtp.c :
MAXBADCOMMANDS 25 unknown commands
MAXNOOPCOMMANDS 20 NOOP, VERB, ONEX, XUSR
MAXHELOCOMMANDS 3 HELO, EHLO
MAXVRFYCOMMANDS 6 VRFY, EXPN
MAXETRNCOMMANDS 8 ETRN
Setting a value to 0 disables the check.
------------------------
# sendmail.mc:
# consult the docs
OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(access_db)dnl
FEATURE(virtusertable)dnl
FEATURE(genericstable)dnl
FEATURE(always_add_domain)dnl
FEATURE(blacklist_recipients)dnl
FEATURE(smrsh)dnl
FEATURE(`nouucp',`reject')dnl
FEATURE(`delay_checks',`friend')dnl
HACK(`require_rdns_2',`reject')dnl
MAILER(local)dnl
MAILER(smtp)dnl
edit the final sendmail.cf to your site specifications
# Stopping Spam:
# This guy has a HACK to do reverse dns checks that I really like.
# After more than two months I've had no complaints of missed mail.
# Combine this with a good /etc/mail/access file to block, for
# example, dhcp.scrm.ca.charter.com, and Bob's yer uncle.
# http://blogs.sun.com/roller/resources/jbeck/require_rdns.m4
# http://www.fiveanddime.net/ss/etc-mail-access.html
--------------------------
touch: /etc/mail/local-host-names - add all of our domains
touch: /etc/mail/ : relay-domains - access - virtusertable - genericstable - LocalIP
mkdir /var/spool/mqueue/.hoststat
----------
SMRSH:
$sh Build LDOPTS=-static install-strip
$chmod 511 /usr/sbin/smrsh
search for Mprog in sendmail.cf, make sure it says /usr/sbin/smrsh and not /bin/sh
----mkdir /usr/adm/sm.bin && ln -s /usr/bin/procmail && ln -s /usr/bin/vacation
------------
recompile any makemap files (makemap hash /etc/mail/access < /etc/mail/access)
chmod 775 /var/spool/mail
chmod 755 /var/spool/mqueue
chmod 755 /var/spool/mqueue/.hoststat
chown root.mail mail & mqueue
------------
cat >> /etc/mail/service.switch
hosts: files dns
aliases: files
----
$>/usr/sbin/sendmail -bd -q45m
=============================================================
Installing sendmail
**Note**: Starting with sendmail 8.12, sendmail is no longer set-user-ID
root by default. As a result of this, you need to install two .cf files.
See steps 4 and 6 in this document. We also strongly recommend reading
sendmail/SECURITY for more installation information.
1. Read all the README files noted in the INTRODUCTION section of the README
file in this top-level directory.
2. Create any necessary site configuration build files, as noted in
devtools/Site/README.
3. In the sendmail/ directory, run "sh Build" (see sendmail/README for
details).
4. Change to the cf/cf/ directory (that's not a typo): Copy whichever .mc
file best matches your environment to sendmail.mc, where config can be any
name. Next, tailor it as explained in cf/README. Then run
"sh Build sendmail.cf".
5. Back up your current /etc/mail/sendmail.cf and the sendmail binary (whose
location varies from operating system to operating system, but is usually
in /usr/sbin or /usr/lib).
6. Install sendmail.cf as /etc/mail/sendmail.cf and submit.cf as
/etc/mail/submit.cf. This can be done in the cf/cf by using
"sh Build install-cf".
Please read sendmail/SECURITY before continuing; you have to create a
new user smmsp and a new group smmsp for the default installation.
Then install the sendmail binary built in step 3 by cd-ing back to
sendmail/ and running "sh Build install".
7. For each of the associated sendmail utilities (makemap, mailstats, etc.),
read the README in the utility's directory. When you are ready to install
it, back up your installed version and type "sh Build install".
8. If you are upgrading from an older version of sendmail and are using any
database maps, be sure to rebuild them with the new version of makemap,
in case you are now using a different (and thereby incompatible) version
of Berkeley DB.
$Revision: 8.13 $, Last updated $Date: 2001/09/08 00:15:06 $
-------------
www.fiveanddime.net
