Error correction for sendmail.cf template

upgrading sendmail

This section describes my upgrade of sendmail
from version 8.8.8 to version 8.9.2.  The main reason for the upgrade was to obtain
the anti-relay mechanism which is in place by default and to the new and improved
anti-spam rules which are available.

Installation

Here’s what I did to install the new sendmail:

cd /usr/ports/mail
fetch -p ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.9.2.tar.gz
gunzip sendmail.8.9.2.tar.gz
tar -xvf sendmail.8.9.2.tar
cd sendmail-8.9.2/
make
make install

Basic configuration

sendmail normally runs all the time.  Here’s what I have in /etc/rc.conf
which starts sendmail after every boot:

[root@ns:/var/log] # grep sendmail /etc/rc.conf   
sendmail_enable="YES"   # Run the sendmail daemon (or NO).
sendmail_flags="-bd -q30m" # -bd is pretty mandatory.

Restarting sendmail

The first thing I did was go through the README file in the main directory.  In
there I found some settings which should be made:

chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue

The next command they suggest is:

 /usr/sbin/sendmail -v -bi
Warning: .cf file is out of date: sendmail 8.9.2 supports version 8, 
                                              .cf file is version 7
/etc/aliases: 24 aliases, longest 10 bytes, 248 bytes total

Ahuh, time to upgrade the sendmail file.  If you’re ever looked at mail
headers, you’ll see something like (8.9.2/8.8.8).  The first numbers represent the
version of sendmail.  The second numbers are the version of /etc/sendmail.cf.

Please note that you must start sendmail with the full path name (i.e. /usr/sbin/sendmail),
otherwise killall will not work and you’ll get a message like this in your mail
log:

[21:26] <Phaded> Feb 10 19:26:02 ns sendmail[21677]: could not restart: 
                                                          need full path

sendmail.cf

When sendmail starts up, it reads /etc/sendmail.cf.  You can
either create a new sendmail.cf or have one generated for you.  I chose to generate
one from a .mc file I was given.  Instead I could have used cf/cf/generic-bsd4.4.cf
from within the port directory (/usr/ports/mail/sendmail).

To create the
file, I issued the following commands from the above mentioned directory:

# cd cf/cf
# m4 ../m4/cf.m4 hendrix.mc > hendrix.cf
# mv hendrix.cf /etc/sendmail.cf

I’ve also supplied my copy of hendrix.mc in
case you want it.  Please note that this is only for 8.9.x versions of sendmail.

NOTE: During the install of majordomo, I had to
add the following entry to /etc/sendmail.cf:

#####################                        
#   Trusted users   #                             
#####################

Tmajordom

Heres how you can add this to hendrix.mc instead:

define(`confTRUSTED_USERS', majordom)dnl

Restarting sendmail

After creating a new sendmail.cf, remember to HUP sendmail:

killall -HUP sendmail

Then you should check the log files for any error messages.  Unless you’ve
specified otherwise, such messages will be in /var/log/messages.  Here is
an example of what I get.

[root@ns:/etc] # tail /var/log/messages
Feb  6 09:00:25 ns sendmail[8394]: restarting /usr/sbin/sendmail 
                                          on signal
Feb  6 09:00:32 ns sendmail[11116]: starting daemon (8.9.2): 
                                          SMTP+queueing@00:30:00

Error correction

Please note that hendrix.mc was last
upgraded on 31 January 1999 to correct errors and ommissions in the original file.  I
apologise for the error.  I also wish to thank Greg Shapiro of sendmail.org for
bringing this to my attention and providing assistance in amending the file.

Starting again

This time I used the following command to start sendmail:

# sendmail -bd -q15m
451 /etc/sendmail.cf: line 66: fileclass: cannot open /etc/sendmail.cw: No such file or
directory

Then I did a touch /etc/sendmail.cw to create the file and restarted sendmail.

Testing the relay

At http://mail-abuse.org/tsi/ar-test.html
you will find a webpage which will test your mail server for third-party relay
vulnerability.  I suggest you use it.  Here’s the output from my test:

$ telnet mail-abuse.org
Trying 204.152.184.74...
Connected to mail-abuse.org.
Escape character is '^]'.
Connecting to 210.55.152.18 for anonymous test ...
<<< 220 freebsddiary.yi.org ESMTP Sendmail 8.9.3/8.9.3; Sun, 
                                  31 Oct 1999 10:59:26 +1300 (NZDT)
>>> HELO mail-abuse.org
<<< 250 freebsddiary.yi.org Hello maps1.pa.vix.com [204.152.184.35], 
                                       pleased to meet you
Relay test 1
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@mail-abuse.org>
<<< 250 <spamtest@mail-abuse.org>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 2
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest>
<<< 553 <spamtest>... Domain name required
Relay test 3
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<>
<<< 250 <>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 4
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 5
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[210.55.152.18]>
<<< 250 <spamtest@[210.55.152.18]>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org>
<<< 550 <relaytest@mail-abuse.org>... Relaying denied
Relay test 6
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 7
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 <relaytest%mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>...
                                                     Relaying denied
Relay test 8
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org">
<<< 550 <"relaytest@mail-abuse.org">... Relaying denied
Relay test 9
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest%mail-abuse.org">
<<< 550 <"relaytest%mail-abuse.org">... Relaying denied
Relay test 10
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
                                                     Relaying denied
Relay test 11
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<"relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 "relaytest@mail-abuse.org"@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 12
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 relaytest@mail-abuse.org@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 13
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 14
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>
<<< 550 <@210-55-152-18.ipnets.xtra.co.nz:relaytest@mail-abuse.org>... 
                                                     Relaying denied
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@>
<<< 553 <spamtest@>... Domain name required
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest>
<<< 550 <mail-abuse.org!relaytest>... User unknown
Relay test 16
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test 17
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@210-55-152-18.ipnets.xtra.co.nz>
<<< 250 <spamtest@210-55-152-18.ipnets.xtra.co.nz>... Sender ok
>>> RCPT TO:<mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz>
<<< 550 mail-abuse.org!relaytest@210-55-152-18.ipnets.xtra.co.nz... 
Re                                                     Relaying denied
Relay test result
All tests performed, no relays accepted.
Connection closed by foreign host.

Relay

The relay information has been expanded and moved to a separate topic, allowing sendmail to relay mail.

Leave a Comment

Scroll to Top