upgrading sendmail
This section describes my upgrade of sendmail
from version 8.8.8 to version 8.9.2. The main reason for the upgrade was to obtain
the anti-relay mechanism which is in place by default and to the new and improved
anti-spam rules which are available.
Installation
Here’s what I did to install the new sendmail:
cd /usr/ports/mail fetch -p ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.2.tar.gz gunzip sendmail.8.9.2.tar.gz tar -xvf sendmail.8.9.2.tar cd sendmail-8.9.2/ make make install
Basic configuration
sendmail normally runs all the time. Here’s what I have in /etc/rc.conf
which starts sendmail after every boot:
[root@ns:/var/log] # grep sendmail /etc/rc.conf sendmail_enable="YES" # Run the sendmail daemon (or NO). sendmail_flags="-bd -q30m" # -bd is pretty mandatory.
Restarting sendmail
The first thing I did was go through the README file in the main directory. In
there I found some settings which should be made:
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
The next command they suggest is:
/usr/sbin/sendmail -v -bi Warning: .cf file is out of date: sendmail 8.9.2 supports version 8, .cf file is version 7 /etc/aliases: 24 aliases, longest 10 bytes, 248 bytes total
Ahuh, time to upgrade the sendmail file. If you’re ever looked at mail
headers, you’ll see something like (8.9.2/8.8.8). The first numbers represent the
version of sendmail. The second numbers are the version of /etc/sendmail.cf.
Please note that you must start sendmail with the full path name (i.e. /usr/sbin/sendmail),
otherwise killall will not work and you’ll get a message like this in your mail
log:
[21:26] <Phaded> Feb 10 19:26:02 ns sendmail[21677]: could not restart: need full path
sendmail.cf
When sendmail starts up, it reads /etc/sendmail.cf. You can
either create a new sendmail.cf or have one generated for you. I chose to generate
one from a .mc file I was given. Instead I could have used cf/cf/generic-bsd4.4.cf
from within the port directory (/usr/ports/mail/sendmail).
To create the
file, I issued the following commands from the above mentioned directory:
# cd cf/cf # m4 ../m4/cf.m4 hendrix.mc > hendrix.cf # mv hendrix.cf /etc/sendmail.cf
I’ve also supplied my copy of hendrix.mc in
case you want it. Please note that this is only for 8.9.x versions of sendmail.
NOTE: During the install of majordomo, I had to
add the following entry to /etc/sendmail.cf:
##################### # Trusted users # ##################### Tmajordom
Heres how you can add this to hendrix.mc instead:
define(`confTRUSTED_USERS', majordom)dnl
Restarting sendmail
After creating a new sendmail.cf, remember to HUP sendmail:
killall -HUP sendmail
Then you should check the log files for any error messages. Unless you’ve
specified otherwise, such messages will be in /var/log/messages. Here is
an example of what I get.
[root@ns:/etc] # tail /var/log/messages Feb 6 09:00:25 ns sendmail[8394]: restarting /usr/sbin/sendmail on signal Feb 6 09:00:32 ns sendmail[11116]: starting daemon (8.9.2): SMTP+queueing@00:30:00
Error correction
Please note that hendrix.mc was last
upgraded on 31 January 1999 to correct errors and ommissions in the original file. I
apologise for the error. I also wish to thank Greg Shapiro of sendmail.org for
bringing this to my attention and providing assistance in amending the file.
Starting again
This time I used the following command to start sendmail:
# sendmail -bd -q15m
451 /etc/sendmail.cf: line 66: fileclass: cannot open /etc/sendmail.cw: No such file or
directory
Then I did a touch /etc/sendmail.cw to create the file and restarted sendmail.
Testing the relay
At http://mail-abuse.org/tsi/ar-test.html
you will find a webpage which will test your mail server for third-party relay
vulnerability. I suggest you use it. Here’s the output from my test:
$ telnet mail-abuse.org Trying 204.152.184.74... Connected to mail-abuse.org. Escape character is '^]'. Connecting to 210.55.152.18 for anonymous test ... <<< 220 freebsddiary.yi.org ESMTP Sendmail 8.9.3/8.9.3; Sun, 31 Oct 1999 10:59:26 +1300 (NZDT) >>> HELO mail-abuse.org <<< 250 freebsddiary.yi.org Hello maps1.pa.vix.com [204.152.184.35], pleased to meet you Relay test 1 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@mail-abuse.org> <<< 250 <spamtest@mail-abuse.org>... Sender ok >>> RCPT TO:<relaytest@mail-abuse.org> <<< 550 <relaytest@mail-abuse.org>... Relaying denied Relay test 2 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest> <<< 553 <spamtest>... Domain name required Relay test 3 >>> RSET <<< 250 Reset state >>> MAIL FROM:<> <<< 250 <>... Sender ok >>> RCPT TO:<relaytest@mail-abuse.org> <<< 550 <relaytest@mail-abuse.org>... Relaying denied Relay test 4 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<relaytest@mail-abuse.org> <<< 550 <relaytest@mail-abuse.org>... Relaying denied Relay test 5 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@[210.55.152.18]> <<< 250 <spamtest@[210.55.152.18]>... Sender ok >>> RCPT TO:<relaytest@mail-abuse.org> <<< 550 <relaytest@mail-abuse.org>... Relaying denied Relay test 6 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz> <<< 550 relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... Relaying denied Relay test 7 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz> <<< 550 <relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>... Relaying denied Relay test 8 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<"relaytest@mail-abuse.org"> <<< 550 <"relaytest@mail-abuse.org">... Relaying denied Relay test 9 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<"relaytest%mail-abuse.org"> <<< 550 <"relaytest%mail-abuse.org">... Relaying denied Relay test 10 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz> <<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... Relaying denied Relay test 11 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<"relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz> <<< 550 "relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz... Re Relaying denied Relay test 12 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz> <<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... Re Relaying denied Relay test 13 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org> <<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... Relaying denied Relay test 14 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org> <<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... Relaying denied Relay test 15 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@> <<< 553 <spamtest@>... Domain name required Relay test 15 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<mail-abuse.org!relaytest> <<< 550 <mail-abuse.org!relaytest>... User unknown Relay test 16 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz> <<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... Re Relaying denied Relay test 17 >>> RSET <<< 250 Reset state >>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz> <<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok >>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz> <<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... Re Relaying denied Relay test result All tests performed, no relays accepted. Connection closed by foreign host.
Relay
The relay information has been expanded and moved to a separate topic, allowing sendmail to relay mail.
I found your tutorial on upgrading sendmail to be quite helpful when I was upgrading a FreeBSD 5 server this week to the most recent Sendmail 8.12.9. After getting sendmail built and installed, and my sendmail.cf set up from the bsd-4.4 default cm file with M4, local delivery wouldn’t work, and gave this error:
stat=Deferred: local mailer (/usr/libexec/mail.local) exited with EX_TEMPFAIL
After a bit of hunting around, I fixed the problem with:
chown root /usr/libexec/mail.local
chmod u+s /usr/libexec/mail.local