From: Christopher L. Barnard (cbar44@tsg.cbot.com)
Date: Fri Jul 25 2003 - 12:28:50 EDT
This is a detailed summary because this is important info and I really want
to get this summary into the archives:
I asked:
> I have a sendmail question for the collective. I believe the problem
> centers around the "new and improved" (harumph) sendmail shipped with
> Solaris 9.
>
> I do not run sendmail in daemon (-bd) mode on clients; only the mailserver
> will receive email. So on the client (Solaris 9 with patch 113575-04) I
> have edited the submit.cf file in two places
> change Cwlocalhost to Cwmailhost
> and change D{MTAHost}localhost to D{MTAHost}mailhost.
> I have edited the sendmail.cf file in one place
> change the Cwlocalhost to Cwmailhost.
> On the mailhost (an old Solaris 7 sparc 20, with patch 110615-09), I put
> the local host name into the local-host-names file and restarted sendmail.
>
> Under Solaris 8 and older, this worked fine (and there was no submit.cf so
> I didn't have to modify it...). With Solaris 9, there is this
> new user smmnp, which will only send email to localhost. This is called
> improving security -- forcing you to run a daemon that was previously
> disabled...
>
> Has anyone gotten a Solaris 9 box to send email out without running it in
> daemon mode?
Summary:
Ok, here is a recipe for running sendmail shipped with a Solaris 9 box in a
secure fashion without running the daemon on the local system.
* do not run sendmail in daemon mode. Create the file /etc/default/sendmail
with the single line
MODE=
and then stop and restart sendmail. A typical ps after doing that will be
smmsp 688 1 0 13:07:00 ? 0:00 /usr/lib/sendmail -Ac -q15m
root 689 1 0 13:07:00 ? 0:00 /usr/lib/sendmail -q15m
note that there is not a "-bd" in sight.
* edit the /usr/lib/mail/cf/submit.mc file. change the last line from
FEATURE(`msp', `[127.0.0.1]')dnl
to
FEATURE(`msp', `mailhost')dnl
* compile the new submit.cf file
cd /usr/lib/mail/cf
m4 ../m4/cf.m4 submit.mc > submit.cf
* copy this new submit.cf file into place
cp /usr/lib/mail/cf/submit.cf /etc/mail/submit.cf
* make sure that mailhost will accept mail from the server (may have to
edit local_host_names and then restart sendmail on mailhost.
* every time you apply a sendmail patch on this machine, rebuild the submit.cf
file.
* and by the way, Sun will tell you this cannot be done. They will say that
you must run in daemon mode on every machine.
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:48 EDT