| Index | Directory | Calendar | Contact ASU | Campuses: Main West East Extended |  |
|---|
 Unix Network Users Group |
|
|
|
2. Sendmail notes
Most, if not all, Unix systems out of the box come with a copy of Sendmail ready to go. However, usually this version of Sendmail is old and may contain security holes. If you will not be receiving mail on your system, Sendmail should be disabled. Unlike other daemons, Sendmail is not controlled through inetd. Usually, it is initiated in a system’s startup scripts. Configuring your system to not start up Sendmail is a matter of commenting out a few lines from the appropriate script. For example, on a Solaris 2.5 (or newer) system, edit or remove the /etc/rc2.d/S88sendmail file accordingly. If you must run Sendmail, it is usually best to get the latest version (currently that is version 8.9). Also, if you only send out mail and don’t receive any mail, you can run Sendmail from a cron job that checks the out-bound directory (/var/spool/mqueue) for any out-going mail. For example, the following entry in crontab will check for mail every 30 minutes: 0,30 * * * * /usr/lib/sendmail –q 1>/dev/null 2>&1 Since Sendmail runs as root and is listening on port 25 for incoming mail, it can be dangerous if anything besides standard SMTP protocol mail is sent to that port. A safer way to accept mail is a small program that reads the mail and stores it immediately to disk but does not process it. Later, Sendmail can process the mail and may not have to be running as root. For the program that does this and more information on how to set it up see the Sendmail documentation. Sendmail 8.9 comes with a configuration that also defends against many types of spam (unsolicited junk e-mail). If you are running an older version you may use this the following macro file and process it with m4 according to the Sendmail documentation. This will stop spammers from using your system as a gateway to spam other sites (the default for version 8.9): divert(-1) divert(0)dnl include(`../m4/cf.m4') # set smart host to ASU's post office define(`SMART_HOST', smtp:smtp.asu.edu) # set the architecture below. OSTYPE(solaris2)dnl # turn off uucp FEATURE(nouucp)dnl MAILER(local)dnl MAILER(smtp)dnl # Rules to prevent spammers from using us as a relay. Taken from the Sendmail # site at http://www.sendmail.org. LOCAL_RULESETS FR-o /etc/sendmail.cR Scheck_rcpt # anything terminating locally is ok R<$+ @ $=w
>
$@ OK R<$+ @ $=R
>
$@ OK # anything originating locally is ok R$* $: $(dequote "" $&{client_name} $) R$=w
$@ OK R$=R
$@ OK R$@ $@ OK # anything else is bogus R$* $#error $: "550 Relaying Denied" # For information on the latest version of Sendmail, take a look at http://www.sendmail.org. Also, the book titled “Sendmail, 2nd Edition” by Bryan Costales & Eric Allman (ISBN 1-56592-222-0) is a very handy resource for all aspects of Sendmail. Often times, systems with older versions (or “out-of-the-box” versions) of Sendmail are victims or break-ins or attempted break-ins. Even if a system is running the latest version of Sendmail, it is a very good practice to have Sendmail logging turned on (and of course, for the system administrator to monitor those logs). Sendmail uses the syslog facility to log it’s information (the default is /var/log/syslog). Through the appropriate configuration of the /etc/syslog.conf file, the amount of information and where the information should be sent to can be set. More information on how Sendmail uses the syslog facility is available in Chapter 26 of “Sendmail, 2nd Edition” (see 2 above). |
| ||||
