SUMMARY: sendmail on solaris 9 woes

From: Christopher L. Barnard <cbar44_at_tsg.cbot.com>
Date: Fri Jul 25 2003 - 12:28:50 EDT
This is a detailed summary because this is important info and I really want
to get this summary into the archives:

I asked:

> I have a sendmail question for the collective.  I believe the problem
> centers around the "new and improved" (harumph) sendmail shipped with
> Solaris 9.
> 
> I do not run sendmail in daemon (-bd) mode on clients; only the mailserver
> will receive email.  So on the client (Solaris 9 with patch 113575-04) I
> have edited the submit.cf file in two places 
> change Cwlocalhost to Cwmailhost
> and change D{MTAHost}localhost to D{MTAHost}mailhost.
> I have edited the sendmail.cf file in one place
> change the Cwlocalhost to Cwmailhost.
> On the mailhost (an old Solaris 7 sparc 20, with patch 110615-09), I put
> the local host name into the local-host-names file and restarted sendmail.
> 
> Under Solaris 8 and older, this worked fine (and there was no submit.cf so
> I didn't have to modify it...).  With Solaris 9, there is this
> new user smmnp, which will only send email to localhost.  This is called
> improving security -- forcing you to run a daemon that was previously
> disabled...
> 
> Has anyone gotten a Solaris 9 box to send email out without running it in
> daemon mode?

Summary:

Ok, here is a recipe for running sendmail shipped with a Solaris 9 box in a
secure fashion without running the daemon on the local system.

* do not run sendmail in daemon mode.  Create the file /etc/default/sendmail
with the single line
MODE=
and then stop and restart sendmail.  A typical ps after doing that will be
   smmsp   688     1  0 13:07:00 ?        0:00 /usr/lib/sendmail -Ac -q15m
    root   689     1  0 13:07:00 ?        0:00 /usr/lib/sendmail -q15m
note that there is not a "-bd" in sight.

* edit the /usr/lib/mail/cf/submit.mc file.  change the last line from
FEATURE(`msp', `[127.0.0.1]')dnl
to
FEATURE(`msp', `mailhost')dnl

* compile the new submit.cf file
cd /usr/lib/mail/cf
m4 ../m4/cf.m4 submit.mc > submit.cf

* copy this new submit.cf file into place
cp /usr/lib/mail/cf/submit.cf /etc/mail/submit.cf

* make sure that mailhost will accept mail from the server (may have to
  edit local_host_names and then restart sendmail on mailhost.

* every time you apply a sendmail patch on this machine, rebuild the submit.cf
  file.

* and by the way, Sun will tell you this cannot be done.  They will say that
  you must run in daemon mode on every machine.

+-----------------------------------------------------------------------+
| Christopher L. Barnard         O     When I was a boy I was told that |
| cbarnard@tsg.cbot.com         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Jul 25 12:33:56 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:16 EST