Sendmail 8.14.3 Upgrade

I upgraded sendmail on a Solaris 7 server to version 8.14.3.

I checked the existing version of sendmail on the system.

Generic Category (English)120x600
# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.example.com ESMTP Sendmail 8.13.6/8.13.6; Sun, 28 Jun 2009 13:27:48 -0400 (EDT)
quit
221 2.0.0 mail.example.com closing connection
Connection closed by foreign host.

You can also check the version of sendmail with sendmail -d0.1 -bt < /dev/null

# /usr/lib/sendmail -d0.1 -bt < /dev/null
Version 8.13.6
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NDBM NETINET NETUNIX NIS NISPLUS PIPELINING SCANF
                XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = mail
  (canonical domain name) $j = mail.example.com
         (subdomain name) $m = example.com
              (node name) $k = mail
========================================================

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> #

I downloaded ftp://ftp.sendmail.org/pub/sendmail/sendmail-current.tar.gz. I then unzipped and untarred the file I downloaded.

# gunzip sendmail-current.tar.gz
# tar -xvf sendmail-current.tar.gz

The README file stated the following:

Sendmail often gets blamed for many problems that are actually the
result of other problems, such as overly permissive modes on directories.
For this reason, sendmail checks the modes on system directories and
files to determine if they can be trusted.  For sendmail to run without
complaining, you MUST execute the following command:

        chmod go-w / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
        chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue

So I checked the permissions on those directories.

# ls -ld / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue
drwxr-xr-x  36 root     root        1536 Jun 23 15:59 /
drwxr-xr-x  35 root     sys         4096 Jun 24 13:11 /etc
drwxr-xr-x   2 root     mail        1024 Jun 23 09:44 /etc/mail
drwxrwxr-x  32 root     sys         1024 May  3  2005 /usr
drwxr-xr-x  28 root     sys          512 Apr 26  2005 /var
drwxr-xr-x  15 root     bin          512 Mar 26 15:26 /var/spool
drwxr-x---   2 root     bin         3072 Jun 23 16:21 /var/spool/mqueue

The root account was already the owner for all of the directories, so there was no need to issue the chown root command for those directories. The README file indicated that group and others shouldn't have write permission on any of the directories. The sys group did have write permission on the /usr directory. I decided to leave the permissions as they were on that directory.

I made backup copies of the existing /etc/mail/sendmail.cf and /etc/mail/sendmail.mc files and then, as an extra precautionary measure, backed up everything in /etc/mail.

# cp -p /etc/mail/sendmail.cf /home/jsmith/sysinfo/sendmail.cf.062809
# cp -p /etc/mail/sendmail.mc /home/jsmith/sysinfo/sendmail.mc.062809
# tar -cvf /home/jsmith/sysinfo/etc-mail.tar /etc/mail
# gzip /home/jsmith/sysinfo/etc-mail.tar

The INSTALL file stated the following:

Please read sendmail/SECURITY before continuing; you have to create a new user smmsp and a new group smmsp for the default installation. Then install the sendmail binary built in step 3 by cd-ing back to sendmail/ and running "sh ./Build install".

The smmsp account and group already existed on the system.

# grep smmsp /etc/passwd
smmsp:x:1025:25:Sendmail:/home/smmsp:/bin/false
# grep smmsp /etc/group
smmsp::25:

I then executed the sh ./Build command from the directory where I had untarred the sendmail-current.tar file. After that process was completed I ran sh ./Build install from the same directory.

At the end of the build install process, I saw the following:

../../devtools/bin/install.sh -c -o bin -g bin -m 555 smrsh /usr/lib
../../devtools/bin/install.sh -c -o bin -g bin -m 444 smrsh.0 /usr/share/man/cat8/smrsh.8
cp: cannot create /usr/share/man/cat8/smrsh.8: No such file or directory
make[1]: *** [install-docs] Error 1
make[1]: Leaving directory `/home/jsmith/sendmail-8.14.3/obj.SunOS.5.7.sun4/smrs
h'
Making all in:
/home/jsmith/sendmail-8.14.3/vacation
Configuration: pfx=, os=SunOS, rel=5.7, rbase=5, rroot=5.7, arch=sun4, sfx=, var
iant=optimized
Making in /home/jsmith/sendmail-8.14.3/obj.SunOS.5.7.sun4/vacation
make[1]: Entering directory `/home/jsmith/sendmail-8.14.3/obj.SunOS.5.7.sun4/vac
ation'
../../devtools/bin/install.sh -c -o bin -g bin -m 555 vacation /usr/bin
../../devtools/bin/install.sh -c -o bin -g bin -m 444 vacation.0 /usr/share/man/cat1/vacation.1
cp: cannot create /usr/share/man/cat1/vacation.1: No such file or directory
make[1]: *** [install-docs] Error 1
make[1]: Leaving directory `/home/jsmith/sendmail-8.14.3/obj.SunOS.5.7.sun4/vaca
tion'
make: *** [all] Error 2
#

When I attempted to check the version of sendmail, I saw the following:

# telnet 127.0.0.1 25
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

I was able to start sendmail successfully afterwards, though and /usr/lib/sendmail -d0.1 -bt < /dev/null showed the version number for sendmail to be 8.14.3

# /etc/init.d/sendmail start
# /usr/lib/sendmail -d0.1 -bt < /dev/null
Version 8.14.3
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NDBM NETINET NETUNIX NIS NISPLUS PIPELINING SCANF
                XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = mail
  (canonical domain name) $j = mail.example.com
         (subdomain name) $m = example.com
              (node name) $k = mail
========================================================

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> #

However, when I used telnet to connect to the SMTP port and check the version number, I saw two versions listed: 8.14.3/8.13.6.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.example.com ESMTP Sendmail 8.14.3/8.13.6; Sun, 28 Jun 2009 14:10:29 -04
00 (EDT)
quit
221 2.0.0 mail.example.com closing connection
Connection closed by foreign host.

I realized that was because I had kept the existing /etc/mail/sendmail.cf file rather than using one for the new version of sendmail. I had skipped the steps listed below, which were in the INSTALL file.

4. Change to the cf/cf/ directory (that's not a typo): Copy whichever .mc
   file best matches your environment to sendmail.mc.  Next, tailor it
   as explained in cf/README.  Then run
   "sh ./Build sendmail.cf".

5. Back up your current /etc/mail/sendmail.cf and the sendmail binary (whose
   location varies from operating system to operating system, but is usually
   in /usr/sbin or /usr/lib).

6. Install sendmail.cf as /etc/mail/sendmail.cf and submit.cf as
   /etc/mail/submit.cf.  This can be done in the cf/cf by using
   "sh ./Build install-cf".

The sendmail.cf file is generated from a sendmail.mc file, so I checked the contents of the sendmail.mc on the system. I found it was created from an even earlier version of sendmail than the one that was running on the system when I started the upgrade to version 8.14.3.

# cat /etc/mail/sendmail.mc
divert(0)dnl
VERSIONID(`$Id: sendmail.mc,v 8.12.9 10/20/2005 20:49 jim Exp $')dnl
OSTYPE(solaris2)dnl
DOMAIN(generic)dnl
FEATURE(`relay_hosts_only')dnl
define(`confPRIVACY_FLAGS',`authwarnings,noexpn,novrfy')dnl
MAILER(local)dnl
MAILER(smtp)dnl

So changed the working directory to the cf/cf directory beneath the directory where I had untarred the new version of sendmail and checked the .mc files there for the one that would be appropriate to the operating system version on this server.

# pwd
/home/jsmith/sendmail-8.14.3/cf/cf
# ls
Build                   generic-hpux9.cf        huginn.cs.mc
Makefile                generic-hpux9.mc        knecht.mc
README                  generic-linux.cf        mail.cs.mc
chez.cs.mc              generic-linux.mc        mail.eecs.mc
clientproto.mc          generic-mpeix.cf        mailspool.cs.mc
cs-hpux10.mc            generic-mpeix.mc        python.cs.mc
cs-hpux9.mc             generic-nextstep3.3.cf  s2k-osf1.mc
cs-osf1.mc              generic-nextstep3.3.mc  s2k-ultrix4.mc
cs-solaris2.mc          generic-osf1.cf         submit.cf
cs-sunos4.1.mc          generic-osf1.mc         submit.mc
cs-ultrix4.mc           generic-solaris.cf      tcpproto.mc
cyrusproto.mc           generic-solaris.mc      ucbarpa.mc
generic-bsd4.4.cf       generic-sunos4.1.cf     ucbvax.mc
generic-bsd4.4.mc       generic-sunos4.1.mc     uucpproto.mc
generic-hpux10.cf       generic-ultrix4.cf      vangogh.cs.mc
generic-hpux10.mc       generic-ultrix4.mc

The generic-solaris.mc one seemed the most appropriate for the server, since it is running Solaris 7. I checked the contents of the generic-solaris.mc file. It contained the following lines:

divert(0)dnl
VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro Exp $')
OSTYPE(solaris2)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl

I decided to use the m4 command to create a new version of /etc/mail/sendmail.cf from it, but I saw an error message afterwards when I tried restarting sendmail.

# m4 generic-solaris.mc > /etc/mail/sendmail.cf
# /etc/init.d/sendmail restart
Usage: /etc/init.d/sendmail { start | stop }
# /etc/init.d/sendmail stop
# /etc/init.d/sendmail start
554 5.0.0 /etc/mail/sendmail.cf: line 1: invalid argument to V line: "ERSIONID(I
d: generi"
554 5.0.0 No local mailer defined
554 5.0.0 QueueDirectory (Q) option must be set

So I decided to follow the steps in the INSTALL file, instead.

# cp generic-solaris.mc sendmail.mc
# sh ./Build sendmail.cf
Using M4=/usr/ccs/bin/m4
rm -f sendmail.cf
/usr/ccs/bin/m4 ../m4/cf.m4 sendmail.mc > sendmail.cf || ( rm -f sendmail.cf &&
 exit 1 )
echo "### sendmail.mc ###" >>sendmail.cf
sed -e 's/^/# /' sendmail.mc >>sendmail.cf
chmod 444 sendmail.cf
# sh ./Build install-cf
Using M4=/usr/ccs/bin/m4
../../devtools/bin/install.sh -c -o root -g bin -m 0444 sendmail.cf /etc/mail/se
ndmail.cf
../../devtools/bin/install.sh -c -o root -g bin -m 0444 submit.cf /etc/mail/subm
it.cf
# /etc/init.d/sendmail stop
# /etc/init.d/sendmail start
#

When I then checked the sendmail version information, I saw only 8.14.3 listed.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.example.com ESMTP Sendmail 8.14.3/8.14.3; Sun, 28 Jun 2009 15:11:45 -04
00 (EDT)
# /usr/lib/sendmail -d0.1 -bt < /dev/null
Version 8.14.3
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
                NAMED_BIND NDBM NETINET NETUNIX NIS NISPLUS PIPELINING SCANF
                XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = mail
  (canonical domain name) $j = mail.example.com
         (subdomain name) $m = example.com
              (node name) $k = mail
========================================================

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> #

I then checked to make sure that sendmail was listening on all interfaces, since the system has multiple network interfaces. It was listening on all interfaces.

# netstat -a | grep smtp
      *.smtp               *.*                0      0     0      0 LISTEN
localhost.smtp       localhost.36959      32768      0 32768      0 TIME_WAIT

I then realized I hadn't disabled the vrfy and expn commands, which I had previously disabled as a security measure.

220 mail.example.com ESMTP Sendmail 8.14.3/8.14.3; Sun, 28 Jun 2009 15:44:3
7 -0400 (EDT)
help
214-2.0.0 This is sendmail version 8.14.3
214-2.0.0 Topics:
214-2.0.0       HELO    EHLO    MAIL    RCPT    DATA
214-2.0.0       RSET    NOOP    QUIT    HELP    VRFY
214-2.0.0       EXPN    VERB    ETRN    DSN     AUTH
214-2.0.0       STARTTLS
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation see
214-2.0.0       http://www.sendmail.org/email-addresses.html
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
vrfy jsmith
250 2.1.5 John Smith <jsmith@mail.example.com>

The following lines had been in the previous sendmail.mc file, but I hadn't included it in the new one.

FEATURE(`relay_hosts_only')dnl
define(`confPRIVACY_FLAGS',`authwarnings,noexpn,novrfy')dnl

The FEATURE(`relay_hosts_only')dnl line allowed some relaying through the server. Domains from which you are willing to allow relaying can be placed in the file /etc/mail/relay-domains. Email from anything listed in this file will be accepted for relaying. But by using FEATURE(`relay_hosts_only'), only specific hosts will be allowed to relay. Since I no longer want any system to be able to relay mail through the server, I don't need that line now.

But I do need define(`confPRIVACY_FLAGS',`authwarnings,noexpn,novrfy') in sendmail.mc, since I want to disable the use of the expn and vrfy commands, which can be used by spammers to verify email addresses on the system. So copied cf/cf/generic-solaris.mc to sendmail.mc again. Then I added the line to the bottom of sendmail.mc, so it now contained the following lines:

divert(0)dnl
VERSIONID(`$Id: generic-solaris.mc,v 8.13 2001/06/27 21:46:30 gshapiro Exp $')
OSTYPE(solaris2)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
define(`confPRIVACY_FLAGS',`authwarnings,noexpn,novrfy')dnl

I then overwrote the sendmail.mc in /etc/mail with the new one, so I would have it readily available for generating a new /etc/mail/sendmail.cf file, if needed.

I tried m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf, which I normally use on my Linux sendmail server, again, but, as before, I got an error message, so followed the instructions listed in the INSTALL file again after sendmail wouldn't start

# cp sendmail.mc /etc/mail/sendmail.mc
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# /etc/init.d/sendmail stop
# /etc/init.d/sendmail start
554 5.0.0 /etc/mail/sendmail.cf: line 1: invalid argument to V line: "ERSIONID(I
d: generi"
554 5.0.0 No local mailer defined
554 5.0.0 QueueDirectory (Q) option must be set

I was able to successfully restart sendmail after following the instructions in the INSTALL file that came with this version of sendmail.

# pwd
/home/jsmith/sendmail-8.14.3/cf/cf
# sh ./Build sendmail.cf
Using M4=/usr/ccs/bin/m4
rm -f sendmail.cf
/usr/ccs/bin/m4 ../m4/cf.m4 sendmail.mc > sendmail.cf || ( rm -f sendmail.cf &&
exit 1 )
echo "### sendmail.mc ###" >>sendmail.cf
sed -e 's/^/# /' sendmail.mc >>sendmail.cf
chmod 444 sendmail.cf
# sh ./Build install-cf
Using M4=/usr/ccs/bin/m4
../../devtools/bin/install.sh -c -o root -g bin -m 0444 sendmail.cf /etc/mail/se
ndmail.cf
../../devtools/bin/install.sh -c -o root -g bin -m 0444 submit.cf /etc/mail/subm
it.cf
# ls -l /etc/mail/sendmail.cf
-r--r--r--   1 root     bin        41671 Jun 28 16:31 /etc/mail/sendmail.cf
# /etc/init.d/sendmail stop
# /etc/init.d/sendmail start
#

I then verified that the vrfy and expn commands no longer worked.

# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mail.example.com ESMTP Sendmail 8.14.3/8.14.3; Sun, 28 Jun 2009 16:37:44 -04
00 (EDT)
ehlo laptop
250-mail.example.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
vrfy jsmith
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
expn somelist
502 5.7.0 Sorry, we do not allow this operation

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px