upgrading sendmail

upgrading sendmail

This section describes my upgrade of sendmail
from version 8.8.8 to version 8.9.2.  The main reason for the upgrade was to obtain
the anti-relay mechanism which is in place by default and to the new and improved
anti-spam rules which are available.

Installation

Here’s what I did to install the new sendmail:

cd /usr/ports/mail
fetch -p ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.2.tar.gz
gunzip sendmail.8.9.2.tar.gz
tar -xvf sendmail.8.9.2.tar
cd sendmail-8.9.2/
make
make install

Basic configuration

sendmail normally runs all the time.  Here’s what I have in /etc/rc.conf
which starts sendmail after every boot:

[root@ns:/var/log] # grep sendmail /etc/rc.conf   
sendmail_enable="YES"   # Run the sendmail daemon (or NO).
sendmail_flags="-bd -q30m" # -bd is pretty mandatory.

Restarting sendmail

The first thing I did was go through the README file in the main directory.  In
there I found some settings which should be made:

chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue

The next command they suggest is:

 /usr/sbin/sendmail -v -bi
Warning: .cf file is out of date: sendmail 8.9.2 supports version 8, 
                                              .cf file is version 7
/etc/aliases: 24 aliases, longest 10 bytes, 248 bytes total

Ahuh, time to upgrade the sendmail file.  If you’re ever looked at mail
headers, you’ll see something like (8.9.2/8.8.8).  The first numbers represent the
version of sendmail.  The second numbers are the version of /etc/sendmail.cf.

Please note that you must start sendmail with the full path name (i.e. /usr/sbin/sendmail),
otherwise killall will not work and you’ll get a message like this in your mail
log:

[21:26] <Phaded> Feb 10 19:26:02 ns sendmail[21677]: could not restart: 
                                                          need full path

sendmail.cf

When sendmail starts up, it reads /etc/sendmail.cf.  You can
either create a new sendmail.cf or have one generated for you.  I chose to generate
one from a .mc file I was given.  Instead I could have used cf/cf/generic-bsd4.4.cf
from within the port directory (/usr/ports/mail/sendmail).

To create the
file, I issued the following commands from the above mentioned directory:

# cd cf/cf
# m4 ../m4/cf.m4 hendrix.mc > hendrix.cf
# mv hendrix.cf /etc/sendmail.cf

I’ve also supplied my copy of hendrix.mc in
case you want it.  Please note that this is only for 8.9.x versions of sendmail.

NOTE: During the install of majordomo, I had to
add the following entry to /etc/sendmail.cf:

#####################                        
#   Trusted users   #                             
#####################

Tmajordom

Heres how you can add this to hendrix.mc instead:

define(`confTRUSTED_USERS', majordom)dnl

Restarting sendmail

After creating a new sendmail.cf, remember to HUP sendmail:

killall -HUP sendmail

Then you should check the log files for any error messages.  Unless you’ve
specified otherwise, such messages will be in /var/log/messages.  Here is
an example of what I get.

[root@ns:/etc] # tail /var/log/messages
Feb  6 09:00:25 ns sendmail[8394]: restarting /usr/sbin/sendmail 
                                          on signal
Feb  6 09:00:32 ns sendmail[11116]: starting daemon (8.9.2): 
                                          SMTP+queueing@00:30:00

Error correction

Please note that hendrix.mc was last
upgraded on 31 January 1999 to correct errors and ommissions in the original file.  I
apologise for the error.  I also wish to thank Greg Shapiro of sendmail.org for
bringing this to my attention and providing assistance in amending the file.

Starting again

This time I used the following command to start sendmail:

# sendmail -bd -q15m
451 /etc/sendmail.cf: line 66: fileclass: cannot open /etc/sendmail.cw: No such file or
directory

Then I did a touch /etc/sendmail.cw to create the file and restarted sendmail.

Testing the relay

At http://mail-abuse.org/tsi/ar-test.html
you will find a webpage which will test your mail server for third-party relay
vulnerability.  I suggest you use it.  Here’s the output from my test:

$ telnet mail-abuse.org
Trying 204.152.184.74...
Connected to mail-abuse.org.
Escape character is '^]'.
Connecting to 210.55.152.18 for anonymous test ...
<<< 220 freebsddiary.yi.org ESMTP Sendmail 8.9.3/8.9.3; Sun, 
                                  31 Oct 1999 10:59:26 +1300 (NZDT)
>>> HELO mail-abuse.org
<<< 250 freebsddiary.yi.org Hello maps1.pa.vix.com [204.152.184.35], 
                                       pleased to meet you
Relay test 1
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@mail-abuse.org>
<<< 250 <spamtest@mail-abuse.org>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 2
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest>
<<< 553 <spamtest>... Domain name required
Relay test 3
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<>
<<< 250 <>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 4
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 5
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[210.55.152.18]>
<<< 250 <spamtest@[210.55.152.18]>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 6
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 7
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 <relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>...
                                                     Relaying denied
Relay test 8
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org">
<<< 550 <"relaytest@mail-abuse.org">... Relaying denied
Relay test 9
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest%mail-abuse.org">
<<< 550 <"relaytest%mail-abuse.org">... Relaying denied
Relay test 10
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 11
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 "relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 12
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 13
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 14
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@>
<<< 553 <spamtest@>... Domain name required
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest>
<<< 550 <mail-abuse.org!relaytest>... User unknown
Relay test 16
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 17
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test result
All tests performed, no relays accepted.
Connection closed by foreign host.

Relay

The relay information has been expanded and moved to a separate topic, allowing sendmail to relay mail.

1 thought on “upgrading sendmail”

  1. I found your tutorial on upgrading sendmail to be quite helpful when I was upgrading a FreeBSD 5 server this week to the most recent Sendmail 8.12.9. After getting sendmail built and installed, and my sendmail.cf set up from the bsd-4.4 default cm file with M4, local delivery wouldn’t work, and gave this error:

    stat=Deferred: local mailer (/usr/libexec/mail.local) exited with EX_TEMPFAIL

    After a bit of hunting around, I fixed the problem with:

    chown root /usr/libexec/mail.local
    chmod u+s /usr/libexec/mail.local

Leave a Comment

Scroll to Top