Internet Services

 

Solaris Sendmail How to build and install sendail 8.12.7 with AUTH, STARTTLS, LDAP, NEWDB support: Install OpenSSL Create host keys With Openssl: Create CA cert Create Private Key Create Signed Cert Ensure all sasl and cert information are in a dir tree that is writable only by root. Target directory for this paper is /etc/mail/certs Install Cyrus SASL ./configure --enable-krb4=no --enable-login=yes Create /etc/sasldb with /usr/lib/sasl/bin/saslpasswd, chmod 400 Create /usr/lib/sasl/Sendmail.conf, chmod 400: pwcheck_method:pam Install /dev/urandom device or prngd Solaris /dev/random patch: 112438-01, 112439-01 for Intel Solaris If prng, use prngd -seed seedfile /var/run/egd-pool File permissions of egd-pool are not critical Install BerkeleyDB 4.1.25 This was very easy - just follow the instructions provided Install OpenLDAP: export CC LDFLAGS CPPFLAGS CC="gcc" LDFLAGS="-L/usr/local/ssl/lib -L/usr/local/lib -L/usr/local/BerkeleyDB.4.1/lib" LDFLAGS="$LDFLAGS -R/usr/local/ssl/lib:/usr/local/lib:/usr/local/BerkeleyDB.4.1/lib" CPPFLAGS="-I/usr/local/ssl/include -I/usr/local/include -I/usr/local/BerkeleyDB.4.1/include" ./configure --with-tls make make test make install Installing Sendmail: # Create devtools/Site/site_config.m4 # install with "milter" support APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')dnl # To include SASL support: APPENDDEF(`conf_sendmail_ENVDEF', `-DSASL')dnl APPENDDEF(`conf_sendmail_LIBS', `-lsasl')dnl APPENDDEF(`confINCDIRS', `-I/usr/local/include/sasl')dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')dnl # To include STARTTLS support: APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS')dnl APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')dnl # ssl support is needed for STARTTLS: APPENDDEF(`confINCDIRS', `-I/usr/local/ssl/include')dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/ssl/lib')dnl # Use as needed to include far flung runtime libraries # sendmail ignores LD_LIBRARY_PATH APPENDDEF(`confLIBDIRS', `-R/usr/local/lib')dnl # The next two definitions are exclusive - do not add both: # If no /dev/urandom is available, add support for egd APPENDDEF(`conf_sendmail_ENVDEF', `-DEGD')dnl # If /dev/urandom is available, add support for it APPENDDEF(`conf_sendmail_ENVDEF', `-DHASURANDOMDEV')dnl # To include ldap, if needed: APPENDDEF(`confMAPDEF', `-DLDAPMAP') APPENDDEF(`confLIBS', `-lldap') # And finally, BerkeleyDB - 4.1.x is not yet supported APPENDDEF(`conf_sendmail_ENVDEF', `-DNEWDB')dnl APPENDDEF(`confLIBS', `-ldb') APPENDDEF(`confLIBDIRS', `-L/usr/local/BerkeleyDB.3.2/lib')dnl APPENDDEF(`confINCDIRS', `-I/usr/local/BerkeleyDB.3.2/include')dnl # Create a sendmail.mc file: divert(-1) # # Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. # All rights reserved. # Copyright (c) 1983 Eric P. Allman. All rights reserved. # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # divert(0)dnl VERSIONID(`$Id: generic-solaris2.mc,v 8.11 1999/02/07 07:26:03 gshapiro Exp $') OSTYPE(solaris2)dnl DOMAIN(generic)dnl dnl General configuration definitions define(`confSMTP_LOGIN_MSG', `Welcome to My Place')dnl define(`confLOG_LEVEL', `14')dnl define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictmailq,restrictqrun')dnl define(`confTRUSTED_USERS',`majordom')dnl define(`LUSER_RELAY', `local:catchall')dnl define(`ALIAS_FILE',`/etc/mail/aliases,/etc/mail/majordomo.aliases')dnl dnl Performance options define(`confTO_QUEUERETURN', `3d')dnl define(`confMAX_DAEMON_CHILDREN',`90')dnl define(`QUEUE_DIR',`/var/spool/mqueue/q*')dnl dnl STARTTSL cert options define(`confRAND_FILE', `egd:/var/run/egd-pool')dnl Not needed if using /dev/urandom define(`confCACERT_PATH', `/etc/mail/certs')dnl define(`confCACERT', `/etc/mail/certs/CAcert.pem')dnl define(`confSERVER_CERT', `/etc/mail/certs/MYcert.pem')dnl define(`confSERVER_KEY', `/etc/mail/certs/MYkey.pem')dnl define(`confCLIENT_CERT', `/etc/mail/certs/MYcert.pem')dnl define(`confCLIENT_KEY', `/etc/mail/certs/MYkey.pem')dnl dnl AUTH methods define(`confAUTH_MECHANISMS', `GSSAPI CRAM-MD5 DIGEST-MD5 PLAIN')dnl dnl Features section FEATURE(`no_default_msa')dnl dnl Relay and Spam controls FEATURE(`delay_checks')dnl FEATURE(`virtusertable', `dbm /etc/mail/virtusertable')dnl use hash instead of dbm if not using BerkeleyDB FEATURE(`genericstable', `dbm /etc/mail/genericstable')dnl use hash instead of dbm if not using BerkeleyDB FEATURE(`access_db', `dbm /etc/mail/access')dnl use hash instead of dbm if not using BerkeleyDB dnl Real time black list servers FEATURE(dnsbl,`relays.visi.com', `554 Known spammer site see: http://relays.visi.com')dnl FEATURE(dnsbl,`bl.spamcop.net', `554 Spam blocked see: http://spamcop.net/bl.shtml?$&{client_addr}')dnl FEATURE(dnsbl,`dnsbl.njabl.org',`554 Message from $&{client_addr} rejected - see http://njabl.org/')dnl FEATURE(dnsbl, `relays.ordb.org', `554 Open spam relay - see http://ordb.org/')dnl FEATURE(dnsbl, `relays.osirusoft.com', `554 Open spam relay - see http://relays.osirusoft.com/')dnl FEATURE(`blacklist_recipients')dnl dnl Identification for outgoing mail - use as needed FEATURE(`always_add_domain')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`allmasquerade')dnl dnl Macro definitions section - use as needed MASQUERADE_AS(somedomain.com)dnl MASQUERADE_DOMAIN(somedomain.com)dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl TRUST_AUTH_MECH(`GSSAPI CRAM-MD5 DIGEST-MD5 PLAIN')dnl dnl Mailer section MAILER(local)dnl MAILER(smtp)dnl # Compile sendmail Build Build install Build sendmail.cf Edit /etc/mail/aliases Create /etc/mail/access include this line for STARTTLS (use info from cert creation - encode spaces with +20): CERTIssuer:/C=US/ST=California/O=endmail.org/OU=private/CN=Darth+20Mail+20+28Cert+29/Email=darth+2Bcert@endmail.org Create /etc/mail/relay-domains Create /etc/mail/genericstable Create /etc/mail/virtusertable Create /etc/mail/local-host-names Create /var/spool/mqueue/q1 - q8 Use makemap to generate db files for tables Create account for smmpd, 25:25:/:/bin/false Create group for smmpd Create /etc/init.d/sendmail, link to /etc/rc3.d Check all permissions.