Sendmail has had a bit of a rough life because there are ways to abuse older versions of sendmail. The latest exploit involved sendmail and the kernel, and together they provided the attacker with a root shell--not a good thing. If you run sendmail for your SMTP agent, I would strongly suggest you upgrade to upgrade to the newest version. If you run older versions, you do so at your own risk.
This short step by step is designed to clarify the directions that are included with the sendmail sources and to attempt to fill in some of the gaps that exist because the authors assume you know some things and don't spell them out in the documentation. Portions of the sendmail documentation are quoted, but I'm only attempting to clarify the author's intent. This document was written after the install of sendmail 8.11.2.
The type of font that material is presented in will indicate the significance of said quoted material.
Quoted material from the sendmail documentation looks like this.Text like this is suggested commands for you to use from the commandline.
Download the latest version from
http://www.sendmail.org/8.11.html.
Extract the file. I usually extract it into the /usr/local/src directory.
tar -zxvf sendmail.8.11.2.tar.gz -C /usr/local/src
cd /usr/local/src/sendmail-8.11.2
1) Each directory has its own README file. The first step in the INSTALL file says to read a few specific READMEs. This is good advice.
Read all the README files noted in the INTRODUCTION section of the README file in this top level directory.
2) If you need to create some special configuration that pertains to your site only, you can use this step to do so. If you have to stop and think about whether you might need this, the answer is almost certainly no. Skip this step.
Create any necessary site configuration build files, as noted in devtools/Site/README.
3) The sendmail sources use a script named "Build" instead of configure/make to build the binaries.
In the sendmail/ directory, run "sh Build" (see sendmail/README for details)
4) When the following step talks about the file that "best matches your environment," it's safe to assume that generic-linux will be a good starting point.
Change to the cf/cf/ directory: Copy whichever *.mc file best matches your environment to config.mc.
Next tailor it as explained in cf/README. Then run "sh Build config.cf."
Now, there's a lot going on in the sentence which says to tailor it for your needs.
The short config.mc file is used by the m4 macro language to generate the long and
complex config.cf file (look at all the rewrite rules at the end of the generated
config.cf to see what I mean). You should read the cf/README file and find the options
that you need. There are so many FEATURES that can be added, how do you know which ones
to use? EASY!! Look at the top of your old sendmail.cf. In it will be comments listing
all the m4 macros that were used to create that sendmail.cf file. To add the desired
options, you'll modify the generic config.mc and add the features. The format is very
strict. For the RedHat sendmail, they seem to always enable virtusertable, but not
genericstable. I'd recommend adding that, but only if you need it for hosting virtual
domains.
ATTN: SECURITY Note that you must also not create a system that
is so wide open that spammers can relay mail through your system. You must pay some
attention to securing your system. There is a section titled "ANTI-SPAM CONFIGURATION
CONTROL" in cf/README. Read it a couple times, it's important.
cd /usr/local/src/sendmail-8.11.2/cf/cf
cp generic-linux.mc config.mc
vi config.mc (add the appropriate FEATUREs in)
sh Build config.cf
This is what my config.mc file looked like after I finished editing it. The only things I added were the lines that start with "FEATURE". Note that they must be located after the DOMAIN directive and before the MAILER directives.
VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $') OSTYPE(linux)dnl DOMAIN(generic)dnl FEATURE(`use_cw_file') FEATURE(`redirect') FEATURE(`always_add_domain') FEATURE(`local_procmail') FEATURE(`domaintable') FEATURE(`genericstable') FEATURE(`virtusertable') FEATURE(`smrsh') FEATURE(`access_db') FEATURE(`blacklist_recipients') FEATURE(`delay_checks') MAILER(local)dnl MAILER(smtp)dnl
Update! Alvin Oga posted an updated sendmail macro config file for sendmail 8.12.3. This macro file has better spam prevention than my macro file quoted above. I suggest that you use it. The biggest catch in this method is that you must make sure to choose an RBL site that is functional (ie maps is a subscriber based system, orbz shut down for a while after a stupid lawsuit that was quickly dropped once it was shown that the litigants were running a mail server that was non-conformant to standards, etc)
5) This is a personal preference thing, but I usually instruct people to make a
backup first. In our case, we only need to backup a few key files. I assume that
your current version of sendmail was installed by you from sources. If you installed
using RPM, then you will need to change /usr/sbin/sendmail in the next step to
/usr/lib/sendmail.
cd /root
tar -zcvf sendmail_backup.tar.gz /etc/sendmail* /usr/sbin/sendmail /etc/mail
6) If you've ever dealt with sendmail before, this next step might make you do a doubletake. All configuration files have moved to /etc/mail. And I mean ALL of them.
Install config.cf as /etc/mail/sendmail.cf and install the sendmail binary build in step 3
by cd-ing back to sendmail/ and running "sh Build install".
/etc/rc.d/init.d/sendmail stop
7) This next step kind of leads you in the wrong direction. Read the step that is in the README, then do it the easy way I have notated below.
For each of the associated sendmail utilities (makemap, mailstats, etc.), read the README
in the utility's directory. When you are ready to install it, back up your installed version and
type "sh Build install".
cd /usr/local/src/sendmail-8.11.2
In case you don't see what this does, it will compile and install all utilities. This is much easier than cd-ing into each utility's directory and installing.
8) Use the newly installed makemap to redo all the hash files in /etc/mail.
cd /etc/mail
rm *.db
make # This assumes there is a Makefile there to run makemap for you
9) Now you'll have to move your /etc/aliases file to /etc/mail/aliases. When you start
the sendmail daemon, it will automatically rebuild the aliases database.
mv /etc/aliases /etc/mail/aliases
/etc/rc.d/init.d/sendmail start
10) Test your system! Look in /var/log/maillog for messages showing the status of sendmail and mail connections to your machine. A hint for those of you who use Webmin: Webmin will still be configured to look at the old sendmail.cf in /etc, but the new one is in /etc/mail. Click on module configuration and adjust the path to sendmail.cf.
Sendmail website. Read the Sendmail FAQ.
Using the RBL (Real Time Blacklist).
Install Sendmail script by Cork LUG (Cork, Ireland). Untested by me.
Return to Home Page.