Jason Englander <jason at englanders dot us>
HOWTO: sendmail
Description: MTA (Mail Transport Agent)
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything
# sendmail 8.14.4
# ===============
# Versions included in Slackware packages:
# Slackware 12.0: sendmail, sendmail-cf 8.14.1
# Slackware 12.1: sendmail, sendmail-cf 8.14.2
# Slackware 12.2, 13.0: sendmail, sendmail-cf 8.14.3
# Prerequisites:
# m4
# OpenSSL (optional; for STARTTLS)
# Cyrus SASL (optional; for SMTP AUTH)
# OpenLDAP (optional; for LDAPMAP)
# Berkeley DB
# If you don't have user and group 'smmsp', add them:
su
getent group | grep "^smmsp:" > /dev/null || groupadd -g 25 smmsp
id smmsp > /dev/null 2>&1 || useradd -g 25 -u 25 smmsp
exit
cd
test -f installed/sendmail.8.14.4.tar.gz &&
mv installed/sendmail.8.14.4.tar.gz .
test ! -f sendmail.8.14.4.tar.gz &&
wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.4.tar.gz
# Verify tarball w/ md5sum:
echo "1b23d5000c8e7bfe82ec1a27f2f5fdc5 sendmail.8.14.4.tar.gz" | md5sum -c
# Verify tarball w/ sha1sum:
# (this one came from my gpg-verified tarball)
echo "ba192f9a5114437aaec952f503fa2f09ee6dbe57 sendmail.8.14.4.tar.gz" | \
sha1sum -c
# Verify tarball w/ gpg:
wget -O - http://www.sendmail.org/ftp/PGPKEYS | gpg --import
( gpg --list-keys 7093B841 > /dev/null 2>&1 || gpg --recv-keys 7093B841 ) &&
wget -nc ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.4.tar.gz.sig &&
gpg --verify sendmail.8.14.4.tar.gz.sig && rm sendmail.8.14.4.tar.gz.sig
# Create ~/src, it's used below
test ! -d ~/src && mkdir -p -m 0700 ~/src
# Back-up your existing sendmail configuration files.
#
# If your configuration files come from the 'sendmail-cf' Slackware package,
# in Slackware 9.0 they'll be in /usr/share/sendmail (I assume newer
# versions put them there too).
#
# If you have a source-installed sendmail in ~/src (where this howto puts
# it) with your sendmail.mc and submit.mc files in cf/cf/, you can run this
# blurb below to back them up for you. It assumes that you only have one
# version of sendmail's source in ~/src/.
#
# NOTE: be careful - if you keep your sendmail.mc and submit.mc in the
# last version's cf/cf/ dir and something goes wrong with this blurb,
# the next blurb will wipe them out along with the source tree.
# Make sure your old config files really do make it into
# ~/backup/sendmail/$OLDVER before you move past this part.
cd ~/src
OLDVER=`find -maxdepth 1 -type d -name "sendmail-*" 2> /dev/null | tail -1`
test -n "$OLDVER" && (
OLDVER=`basename $OLDVER` &&
mkdir -p -m 0700 ~/backup/sendmail/${OLDVER} &&
test -f ${OLDVER}/devtools/Site/site.config.m4 &&
cp -f ${OLDVER}/devtools/Site/site.config.m4 ~/backup/sendmail/${OLDVER}/
test -f ${OLDVER}/cf/cf/sendmail.mc &&
cp -f ${OLDVER}/cf/cf/sendmail.mc ~/backup/sendmail/${OLDVER}/
test -f ${OLDVER}/cf/cf/submit.mc &&
cp -f ${OLDVER}/cf/cf/submit.mc ~/backup/sendmail/${OLDVER}/
find ~/backup/sendmail/$OLDVER -type f -exec chmod 600 {} \;
)
unset OLDVER
# If you're replacing a Slackware installed sendmail, make sure everything
# is backed up that needs to be, then run "removepkg sendmail sendmail-cf"
# (as root) to remove it. After removing the packages, you may still
# have a /usr/share/sendmail/cf/cf directory with your old .mc and .cf
# file in it.
# If you're upgrading, the old version's source directory may have files
# in it that are owned by root - like sendmail.cf and submit.cf This will
# make everything owned by your non-root user. Skip this if you're doing
# everything as root (directly, not using su/sudo).
find ~/src -maxdepth 1 -type d -name "sendmail-*" \
-exec su -c "chown -R $USER {}" \;
# This will make all files in the source of an old version writeable
# (u+w), otherwise you'll get something like this if you're not root:
# rm: remove write-protected regular file
# `./sendmail-8.14.4/cf/cf/generic-osf1.cf'?
find ~/src -maxdepth 1 -type d -name "sendmail-*" \
-exec chmod -R u+w {} \;
cd ~/src
find -maxdepth 1 -type d -name "sendmail-*" -exec rm -r {} \;
tar xzvf ~/sendmail.8.14.4.tar.gz
cd sendmail-8.14.4
test $UID = 0 && chown -R root:root .
# Before you configure the build and build it, make sure that
# /usr/lib/libdb.so and /usr/include/db.h are from the same version of
# Berkeley DB. ie. if you see that libdb.so is a symlink pointing to
# libdb-4.so and db.h is a symlink to /usr/include/db3/db.h, then you'll
# need to fix it.
#
# sendmail will only build with NEWDB (see notes about it in devtools/README
# and sendmail/README) if it can find libdb.so and db.h If you have yours
# installed as libdb-4.so (or something similar) and your include file is
# /usr/include/db4/db.h, create symlinks.
# Skip this section if you want to build a "normal" sendmail
#
# If you already have a site.config.m4 backed up for this version of
# sendmail, restore it and skip to the next section. If you don't
# have one for this version, it will get one for the previous
# version.
test -f ~/backup/sendmail/sendmail-8.14.4/site.config.m4 &&
cp ~/backup/sendmail/sendmail-8.14.4/site.config.m4 devtools/Site/
test ! -f devtools/Site/site.config.m4 &&
test -f ~/backup/sendmail/sendmail-8.14.3/site.config.m4 &&
cp ~/backup/sendmail/sendmail-8.14.3/site.config.m4 devtools/Site/
#
# See devtools/README and devtools/Site/site.config.m4.sample for
# more information about the _many_ available options
cd devtools/Site
#
# Add build settings to site.config.m4 to build sendmail with that
# particular feature. If this is not your first run through with this
# version of sendmail, make sure you wipe the existing site.config.m4
#
# Install unformatted man pages. Set this if your installed sendmail
# man pages have control codes showing in them like "[1msendmail"
# (If they were installed into /usr/man/catX, they would be OK, so you may
# want to look at confMANROOTMAN too)
echo "APPENDDEF(\`confINSTALL_RAWMAN')" >> site.config.m4
#
# MILTER (mimedefang, amavis, etc.)
echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DMILTER')" >> site.config.m4
echo "APPENDDEF(\`confLIBS', \`-lpthread')" >> site.config.m4
#
# SASL2 (smtp authentication)
echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSASL=2')" >> site.config.m4
echo "APPENDDEF(\`conf_sendmail_LIBS', \`-lsasl2')" >> site.config.m4
#
# STARTTLS (smtp + tls/ssl)
echo "APPENDDEF(\`confINCDIRS', \`-I/usr/local/ssl/include')" >> \
site.config.m4
echo "APPENDDEF(\`confLIBDIRS', \`-L/usr/local/ssl/lib')" >> site.config.m4
echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSTARTTLS')" >> site.config.m4
echo "APPENDDEF(\`conf_sendmail_LIBS', \`-lssl -lcrypto')" >> site.config.m4
#
# LDAPMAP (ldap mail routing - ie. aliases, virtusertable, etc. in LDAP)
echo "APPENDDEF(\`confMAPDEF', \`-DLDAPMAP')" >> site.config.m4
echo "APPENDDEF(\`confLIBS', \`-lldap -llber')" >> site.config.m4
#
# Berkeley DB 4.0.x
echo "APPENDDEF(\`confINCDIRS', \`-I/usr/local/BerkeleyDB.4.0/include')" \
>> site.config.m4
echo "APPENDDEF(\`confLIBDIRS', \`-L/usr/local/BerkeleyDB.4.0/lib')" \
>> site.config.m4
#
# Berkeley DB 4.1.x
echo "APPENDDEF(\`confINCDIRS', \`-I/usr/local/BerkeleyDB.4.1/include')" \
>> site.config.m4
echo "APPENDDEF(\`confLIBDIRS', \`-L/usr/local/BerkeleyDB.4.1/lib')" \
>> site.config.m4
#
# Berkeley DB 4.2.x
echo "APPENDDEF(\`confINCDIRS', \`-I/usr/local/BerkeleyDB.4.2/include')" \
>> site.config.m4
echo "APPENDDEF(\`confLIBDIRS', \`-L/usr/local/BerkeleyDB.4.2/lib')" \
>> site.config.m4
#
# SOCKETMAP
echo "APPENDDEF(\`confMAPDEF', \`-DSOCKETMAP')" >> site.config.m4
#
cd ../..
## I haven't tried this lately
# If you want to patch sendmail to work with libspf (install it first), run
# this (if you have the libspf source, the same patch should be in
# ~/src/libspf-1.0.0-RC5/patches/Sendmail/8.13.x/ on your system):
wget -nc http://englanders.cc/pub/linux/patches/notmine/\
sendmail-8.13.1-libspf-1.0-RC5.diff &&
patch -p1 < sendmail-8.13.1-libspf-1.0-RC5.diff
# Build sendmail
./Build
## If sendmail failed to build with errors like this:
# /usr/lib/gcc-lib/i486-slackware-linux/3.3.6/../../../libdb.so: undefined
# reference to `pthread_condattr_setpshared'
## tell it to build it with libpthread by doing this and then tell it to
## re-build (-c):
echo "APPENDDEF(\`confLIBS', \`-lpthread')" >> devtools/Site/site.config.m4
./Build -c
# Now become root, which is necessary for installing everything
su
# Don't use this on HP-UX or Solaris! - see the README in mail.local/
# (that is why 'force-install' is run). If you use Cyrus, make that your
# local mailer (don't use mail.local). If building mail.local (to use
# instead of procmail):
( cd mail.local ; ./Build ; ./Build force-install )
# If building milter (this won't do anything if it's not configured to build):
grep '\-DMILTER' devtools/Site/site.config.m4 > /dev/null 2>&1 &&
( cd libmilter ; ./Build ; ./Build install )
# Install it
./Build install
# Make sure your non-root user can remove the source later
chown -R $USER .
chmod -R u+w .
# If you don't have an aliases file, install a sample. Make sure you run
# 'newaliases' once you have a working sendmail configuration to create
# /etc/mail/aliases.db (which is what sendmail actually uses).
test ! -f /etc/mail/aliases && cp sendmail/aliases /etc/mail/
# If you don't have a local-host-names file, install a blank one:
test ! -e /etc/mail/local-host-names &&
echo -e "# names of hosts for which we receive email\n" \
> /etc/mail/local-host-names
# Create directories, update permissions
mkdir -p /var/spool/clientmqueue /var/spool/mqueue
chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
find /etc/mail -type f -name "*.db" -exec chown root:root {} \;
test -f /etc/mail/aliases.db && chown root:smmsp /etc/mail/aliases.db
find /etc/mail -type f -name "*.db" -exec chmod 640 {} \;
test ! -f /etc/mail/statistics && touch /etc/mail/statistics
chmod 640 /etc/mail/aliases /etc/mail/statistics
touch /etc/mail/sendmail.cf /etc/mail/submit.cf
chown root:wheel /etc/mail/sendmail.cf /etc/mail/submit.cf
chmod 444 /etc/mail/sendmail.cf /etc/mail/submit.cf
test -f /var/run/sendmail.pid && chmod 600 /var/run/sendmail.pid
chown smmsp:smmsp /var/spool/clientmqueue
chmod 770 /var/spool/clientmqueue
chown -R root:wheel /var/spool/mqueue
chmod -R 700 /var/spool/mqueue
ln -sf /usr/sbin/sendmail /usr/lib/sendmail
# If you patched sendmail for libspf, add a "FEATURE(spf)dnl" line to your
# sendmail.mc, re-create a sendmail.cf, and restart sendmail. See the libspf
# docs for more info.
# If you need a /etc/rc.d/rc.sendmail startup script, I have the script
# from Slackware here (the same script is in at least 9.0 through 10.2):
# http://englanders.cc/pub/linux/misc/notmine/rc.sendmail
#
# And if you want another one that'll handle starting/stopping/restarting
# sendmail, MIMEDefang, clamd, sophie, trophie, etc., grab this one:
cd /etc/rc.d
test -f rc.sendmail &&
( mv -f rc.sendmail rc.sendmail.old ; chmod 600 rc.sendmail.old )
wget http://englanders.cc/pub/linux/misc/rc.sendmail
chmod 700 rc.sendmail
# If you want a Makefile so you can just run 'make' to update access.db,
# aliases.db, domaintable.db, mailertable.db, and virtusertable.db (whichever
# one(s) have updated text file counterparts):
cd /etc/mail
test -f Makefile &&
( mv -f Makefile Makefile.old ; chmod 600 Makefile.old )
wget http://englanders.cc/pub/linux/misc/notmine/Makefile-etc-mail \
-O Makefile
# Become yourself again:
exit
# Restore backed up config files for this version if you already have them,
# from the previous version if not:
cd cf/cf
mv -f submit.mc submit.mc.old
for smver in 8.14.4 8.14.3 8.14.2 8.14.1; do
test ! -f ./sendmail.mc &&
test -f ~/backup/sendmail/sendmail-${smver}/sendmail.mc &&
cp -f ~/backup/sendmail/sendmail-${smver}/sendmail.mc .
test ! -f ./submit.mc &&
test -f ~/backup/sendmail/sendmail-${smver}/submit.mc &&
cp -f ~/backup/sendmail/sendmail-${smver}/submit.mc .
done
# After (re-)setting your sendmail.mc and submit.mc in
# ~/src/sendmail-8.14.4/cf/cf/, run this to generate the .cf files and
# install them into /etc/mail:
su -c "make install-cf"
cd
mkdir -p -m 0700 installed
rm -f installed/sendmail.*.tar.*
mv sendmail.8.14.4.tar.gz installed/
# SSL Certs
# =========
# To create SSL certs for sendmail, first follow the instructions at the
# bottom of the OpenSSL howto, then come back here
#
# Now that you've created the certs, become root and put them in place:
cd
su
mkdir -p -m 0700 /etc/mail/certs
cp demoCA/cacert.pem /etc/mail/certs/CAcert.pem
cp newcert.pem /etc/mail/certs/cert.pem
cp newkey.pem /etc/mail/certs/key.pem
chmod 600 /etc/mail/certs/*
exit
# MSP Usage (all should be run as root)
# =========
# Run this from cron every so often (every 15 minutes?) to flush
# the client queue. Do this if you don't want/need to have a sendmail
# daemon running like the next example.
/usr/sbin/sendmail -Ac -q
# Run as an msp daemon with submit.cf The -L part will make it log
# 'sm-msp-queue' as the program name in syslog instead of 'sendmail'.
# -Ac means use submit.cf instead of sendmail.cf The -q part tells it
# to flush the queue every 30 minutes. This one will fork a process
# to run the queue.
/usr/sbin/sendmail -L sm-msp-queue -Ac -q30m
# Start a persistant queue runner (see -qp in the sendmail man page) using
# submit.cf, 'sm-msp-queue' program name for syslog, sleep time of 1 minute.
# This one will have one persistant queue runner process that sleeps for
# a minute in between runs.
/usr/sbin/sendmail -L sm-msp-queue -Ac -qp1m
# View the msp mail queue:
/usr/sbin/sendmail -bp -Ac
# MTA Usage (all should be run as root)
# =========
# Run from cron to flush the mta queue:
/usr/sbin/sendmail -q
# Run as an mta daemon with sendmail.cf Use 'sm-mta' as the program
# name in syslog, flush the queue every 15 minutes.
/usr/sbin/sendmail -L sm-mta -bd -q15m
# View the mta mail queue(s):
# (they all do the same thing)
/usr/sbin/sendmail -bp -Am
/usr/sbin/sendmail -bp
/usr/bin/mailq
|
Last updated: Fri, 26 Mar 2010 13:18:56 -0400 Jason Englander <jason at englanders dot us> |
|