Error correction for sendmail.cf template

 Mail  Add comments
Jan 311999
 

upgrading sendmail

This section describes my upgrade of sendmail from version 8.8.8 to version 8.9.2.  The main reason for the upgrade was to obtain the anti-relay mechanism which is in place by default and to the new and improved anti-spam rules which are available.

Installation

Here’s what I did to install the new sendmail:
cd /usr/ports/mail
fetch -p ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.2.tar.gz
gunzip sendmail.8.9.2.tar.gz
tar -xvf sendmail.8.9.2.tar
cd sendmail-8.9.2/
make
make install

Basic configuration

sendmail normally runs all the time.  Here’s what I have in /etc/rc.conf which starts sendmail after every boot:
[root@ns:/var/log] # grep sendmail /etc/rc.conf   
sendmail_enable="YES"   # Run the sendmail daemon (or NO).
sendmail_flags="-bd -q30m" # -bd is pretty mandatory.

Restarting sendmail

The first thing I did was go through the README file in the main directory.  In there I found some settings which should be made:
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue

The next command they suggest is:

 /usr/sbin/sendmail -v -bi
Warning: .cf file is out of date: sendmail 8.9.2 supports version 8, 
                                              .cf file is version 7
/etc/aliases: 24 aliases, longest 10 bytes, 248 bytes total

Ahuh, time to upgrade the sendmail file.  If you’re ever looked at mail headers, you’ll see something like (8.9.2/8.8.8).  The first numbers represent the version of sendmail.  The second numbers are the version of /etc/sendmail.cf.

Please note that you must start sendmail with the full path name (i.e. /usr/sbin/sendmail), otherwise killall will not work and you’ll get a message like this in your mail log:

[21:26] <Phaded> Feb 10 19:26:02 ns sendmail[21677]: could not restart: 
                                                          need full path

sendmail.cf

When sendmail starts up, it reads /etc/sendmail.cf.  You can either create a new sendmail.cf or have one generated for you.  I chose to generate one from a .mc file I was given.  Instead I could have used cf/cf/generic-bsd4.4.cf from within the port directory (/usr/ports/mail/sendmail).

To create the file, I issued the following commands from the above mentioned directory:

# cd cf/cf
# m4 ../m4/cf.m4 hendrix.mc > hendrix.cf
# mv hendrix.cf /etc/sendmail.cf

I’ve also supplied my copy of hendrix.mc in case you want it.  Please note that this is only for 8.9.x versions of sendmail.

NOTE: During the install of majordomo, I had to add the following entry to /etc/sendmail.cf:

#####################                        
#   Trusted users   #                             
#####################

Tmajordom

Heres how you can add this to hendrix.mc instead:

define(`confTRUSTED_USERS', majordom)dnl

Restarting sendmail

After creating a new sendmail.cf, remember to HUP sendmail:
killall -HUP sendmail

Then you should check the log files for any error messages.  Unless you’ve specified otherwise, such messages will be in /var/log/messages.  Here is an example of what I get.

[root@ns:/etc] # tail /var/log/messages
Feb  6 09:00:25 ns sendmail[8394]: restarting /usr/sbin/sendmail 
                                          on signal
Feb  6 09:00:32 ns sendmail[11116]: starting daemon (8.9.2): 
                                          SMTP+queueing@00:30:00

Error correction

Please note that hendrix.mc was last upgraded on 31 January 1999 to correct errors and ommissions in the original file.  I apologise for the error.  I also wish to thank Greg Shapiro of sendmail.org for bringing this to my attention and providing assistance in amending the file.

Starting again

This time I used the following command to start sendmail:

# sendmail -bd -q15m
451 /etc/sendmail.cf: line 66: fileclass: cannot open /etc/sendmail.cw: No such file or directory

Then I did a touch /etc/sendmail.cw to create the file and restarted sendmail.

Testing the relay

At http://mail-abuse.org/tsi/ar-test.html you will find a webpage which will test your mail server for third-party relay vulnerability.  I suggest you use it.  Here’s the output from my test:
$ telnet mail-abuse.org
Trying 204.152.184.74...
Connected to mail-abuse.org.
Escape character is '^]'.
Connecting to 210.55.152.18 for anonymous test ...
<<< 220 freebsddiary.yi.org ESMTP Sendmail 8.9.3/8.9.3; Sun, 
                                  31 Oct 1999 10:59:26 +1300 (NZDT)
>>> HELO mail-abuse.org
<<< 250 freebsddiary.yi.org Hello maps1.pa.vix.com [204.152.184.35], 
                                       pleased to meet you
Relay test 1
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@mail-abuse.org>
<<< 250 <spamtest@mail-abuse.org>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 2
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest>
<<< 553 <spamtest>... Domain name required
Relay test 3
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<>
<<< 250 <>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 4
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 5
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[210.55.152.18]>
<<< 250 <spamtest@[210.55.152.18]>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 6
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 7
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 <relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>...
                                                     Relaying denied
Relay test 8
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org">
<<< 550 <"relaytest@mail-abuse.org">... Relaying denied
Relay test 9
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest%mail-abuse.org">
<<< 550 <"relaytest%mail-abuse.org">... Relaying denied
Relay test 10
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 11
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 "relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 12
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 13
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 14
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@>
<<< 553 <spamtest@>... Domain name required
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest>
<<< 550 <mail-abuse.org!relaytest>... User unknown
Relay test 16
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 17
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test result
All tests performed, no relays accepted.
Connection closed by foreign host.

Relay

The relay information has been expanded and moved to a separate topic, allowing sendmail to relay mail.