|
Installing Sendmail for Mailshell
Sendmail Plugin
Get the latest Sendmail source from
www.sendmail.org.
If you are running a version of Sendmail earlier than
8.12.9, you need to upgrade because of a serious security
problem. As of version 8.12, you must also create
a new user smmsp and change the permissions of various
files as described in the file sendmail/SECURITY.
Versions 8.12.10 and later have the security problem
fixed.
Note: On FreeBSD 4.8, Sendmail is libmilter
enabled out of the box. Also, Sendmail shipped on
SuSE 7.2 and later, and RedHat Linux 9 has the libmilter
enabled.
1. Back up the following files:
/etc/mail/sendmail.cf
/etc/mail/submit.cf
/usr/sbin/sendmail
2. Create a user and group called
`smmsp':
3. Edit /etc/passwd and change
smmsp's uid to 25. This may mean changing some other
user (such as "at") to something else.
4. Edit /etc/group and change
smmsp's gid to 25. Don't make a mistake at these two
steps, or it will be hard to undo, because the installation
makes extensive use of the uid and gid. The lines
in /etc/passwd and /etc/group should look like this:
smmsp:x:25:25:Sendmail:/home/smmsp:/bin/false
smmsp:x:25:smmsp
5. Compile libmilter and Sendmail.
In some Linux distributions, you will need to have
the source code for a kernel installed before Sendmail
will compile. However, sometimes this can be avoided
by creating an empty version.h file.
touch /usr/include/linux/version.h
tar -xzvf sendmail.8.12.11.tar.gz
cd libmilter
./Build
If your system is old you may need to update some
of the headers in /usr/include/arpa/ from newer systems.
Do this only if you get errors about networking during
libmilter compilation.
After building libmilter, you need to create the /devtools/Site/site.config.mc
file with the following content (just 1 line);
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
Now Sendmail will build, it is milter enabled:
If your Linux system is really old, you will get error
messages like:
map.c:2084: `DB_FCNTL_LOCKING' undeclared (first
use in this function)
This means you need to install a newer copy of the
Berkeley DB libraries from www.sleepycat.com.
6. Check to make sure it created
an executable Sendmail in the directory obj.##.#.#.##.##/sendmail.
If it doesn't work, edit the file include/libsmdb/smdb.h,
removing the lines:
# ifndef NDBM
# ifndef NEWDB
ERROR NDBM or NEWDB must be defined.
# endif /* ! NEWDB */
# endif /* ! NDBM */
and type sh Build again.
7. Changes need to be done in
the config files.
cd cf/cf
cp generic-linux.mc sendmail.mc
Edit sendmail.mc and add
INPUT_MAIL_FILTER(`spamfilter', `S=local:/etc/spamfilter/spamfilter.sock,
T=C:15m;S:4m;R:4m;E:10m')
at the end. Add any other commands
as needed.
Notes:
1. Socket file location and
name MUST be exactly the same as in spamcatcher.conf
file that comes with the installation. It may be
different for different platforms.
2. "T=C:15m;S:4m;R:4m;E:10m" are timeout values
and can be customized as you see fit.
3. Connection method (S=protocol:location)
- protocol is one of inet, inet6, unix, or
local (same as unix)
- location is port@host for inet and inet6
and a path name for unix and local
4. Flags (F=)
- If no flags specified and filter not available,
run as if filter wasn't configured
|
Flag
|
Description |
|
R
|
Reject connection if filter unavailable
|
|
T
|
Temporary fail connection if
filter unavailable |
5. Timeouts (T=)
- Individual timeouts separated by semicolons
- Only need to specify those that are different
than default
|
Letter
|
Meaning |
Default
|
|
S
|
Timeout for sending information
from the MTA to a filter |
10s
|
|
R
|
Timeout for reading reply from
the filter |
10s
|
|
E
|
Overall timeout between sending
end-of-message to filter and waiting for the
final acknowledgment |
5m
|
After editing the sendmail.mc file,
build and install Sendmail configuration as follows:
sh Build sendmail.cf
sh Build install-cf
8. Install Sendmail.
cd ../..
su
sh Build install
Scroll back through the output and make sure there
were no errors. If it says:
install: invalid group `smmsp'
make[1]: *** [install-sendmail] Error 1
you must fix the groups and repeat.
9. Next, install the config files
manually. Sometimes the installation script installs
them for you, and sometimes it doesn't.
cd cf/cf
cp config.cf /etc/mail/sendmail.cf
cp /etc/sendmail.cw /etc/mail/local-host-names
cp submit.cf /etc/mail/
If local-host-names doesn't exist, create one. It
should contain a single line:
myhost.mydomain.org
If the server has more than one name, add them to
this file, one per line.
10. Set the correct permissions
and ownerships:
mkdir /var/spool/clientmqueue
chown smmsp:smmsp /var/spool/clientmqueue
chmod 770 /var/spool/clientmqueue
chmod 700 /var/spool/mqueue
chown root.root /var/spool/mqueue
chmod 777 /var/spool/mail
chown root.root /var/spool/mail
chmod 2555 /usr/sbin/sendmail
chown root.smmsp /usr/sbin/sendmail
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
Note: /var/spool/mail must be world read/write, otherwise
clients can't open their inbox. Check to make sure
of the following:
-r-xr-sr-x root smmsp /usr/sbin/sendmail
drwxrwx--- smmsp smmsp /var/spool/clientmqueue
drwx------ root root /var/spool/mqueue
-r--r--r-- root root /etc/mail/sendmail.cf
-r--r--r-- root root /etc/mail/submit.cf
The submit.cf file is not copied automatically if
it already exists. If you try to use an old version
of submit.cf, when you start Sendmail it will say:
sendmail-client[19515]: NOQUEUE: SYSERR(root): can
not chdir(/var/spool/clientmqueue/): Permission denied
This error can also occur if Sendmail is running as
the wrong user or group.
11. Test the installation.
newaliases
cd /etc/init.d
./sendmail start
If 'newaliases' says:
Cannot rebuild aliases: no database format defined
Cannot create datase for alias file /etc/mail/aliases
it means Sendmail couldn't find libdb. If you don't
have libdb on your system ('locate libdb'), get it
from www.sleepycat.com
and install it. If libdb is on your system, do the
following (as root):
cd /usr/include/
cp db2/* .
cd /usr/lib/
ln -s libdb2.so libdb.so
ln -s libdb2.a libdb.a
ldconfig
Next, create a devtools/Site/site.config.m4 file in
the Sendmail source tree containing:
APPENDDEF(`confMAPDEF', `-DNEWDB')dnl
APPENDDEF(`confINCDIRS', `-I/usr/include/db2')
APPENDDEF(`confLIBDIRS', `-L/usr/lib')
APPENDDEF(`confLIBS', `-ldb')
Change the paths to indicate wherever the libdb libraries
and include files are located.
Then, run
sh Build -c
The -c option rebuilds all the files to include your
changes. It should automatically add the correct options
to the commands, for example:
cc -O2 -I. -I../../sendmail -I../../include -I/usr/include/db2
-DNEWDB -DNEWDB -DNOT_SENDMAIL -c -o vacation.o vacation.c
Finally, run
./Build -install
again. The 'newaliases' command should now work.
12. Restart inetd to make sure
imap and pop3 aren't crashing.
13. Make sure Sendmail is running.
Unlike earlier versions, it sometimes now has 2 entries:
ps -aux | grep mail
smmsp 19886 0.0 0.2 3328 1416 ? S 21:58 0:00 sendmail:
Queue runner@00:30:00 for /var/spool/clientmqueue
root 19890 0.0 0.2 3352 1472 ? S 21:58 0:00 sendmail:
accepting connections
14. Test to make sure users can
send and receive mail in all of the following:
1. smtp client (e.g. Pine)
2. http (e.g. SquirrelMail via browser)
3. pop3 client (e.g. Windows)
4. imap4 client (e.g. Windows)
Also, check the system logs to make sure there are
no weird error messages.
15. If you want to change sendmail.cf,
the easiest way is to edit sendmail.mc and then create
it using:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
|
