Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
anti-spam sendmail
- Thread starter aix43
- Start date
Aix 4.3?
See /usr/samples/tcpip/sendmail/README for more information about
anti-spam features and general configuration methods.
Special Notices
Please use this information with care. IBM will not be responsible for damages of
any kind resulting from its use. The use of this information is the sole responsibility
of the customer and depends on the customer's ability to evaluate and integrate
this information into the customer's operational environment.
Configuring Anti-Spam in AIX 4.3.3
About this document
This document describes how to configure sendmail anti-relay.
The information in this document applies to AIX Version 4.3.3 and sendmail 8.9.3.
Related documentation
The product documentation library is also available at the following URL:
Updating sendmail.cf
1.Ensure that the bos.net.tcp.adt fileset is installed on your system.
If it is not, install it using SMIT. Check that the fileset is installed:
lslpp -l bos.net.tcp.adt
2.AIX 4.3.3 ships the necessary tools and macros to generate custom sendmail
configuration files. Once the fileset bos.net.tcp.adt is loaded, you can find the
tools in /usr/samples/tcpip/sendmail/cf. Enter:
cd /usr/samples/tcpip/sendmail/cf
3.The file aix433.mc is under this directory and contains the features that allow
for sendmail customization. The one that allowed for open relay is
FEATURE(promiscuous_relay)dnl. A typing error also exists in this file that
you must change. Before making changes, rename the file so that you do
not write over the original. Enter:
cp aix.mc aix433.norelay.mc
4.The original file looks like the example below, except for the comments.
Use the comments as a guide in editing the new file. Using your favorite editor,
open the file:
aix433.norelay.mc
NOTE: The .mc file can be edited for whatever FEATURES are needed for
your new sendmail.cf.
These features are documented at
Below is an example of a minimum .mc file:
divert(0)dnl
OSTYPE(aix43)dnl --->typing error 'aix43' changed to read 'aix433'
FEATURE(genericstable)dnl --->remove line if not needed
FEATURE(mailertable)dnl --->remove line if not needed
FEATURE(virtusertable)dnl --->remove line if not needed
FEATURE(domaintable)dnl --->remove line if not needed
FEATURE(allmasquerade)dnl
FEATURE(promiscuous_relay)dnl -->remove line to stop unauthorized relay
FEATURE(accept_unresolvable_domains)dnl --->remove this line to enhance security
FEATURE(accept_unqualified_senders)dnl --->remove this line to enhance security
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp) NOTE: If a line is not desired, it must be removed. Commenting them out does not work. The entry that is responsible for the relay is FEATURE(promiscuous_relay)dnl.
5.Here is a basic example that will deny unauthorized relay:
divert(0)dnl
OSTYPE(aix433)dnl --->note the edit to 'aix433'
FEATURE(allmasquerade)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
6.Rebuild the new sendmail.cf file using the new options. You must be under the
/usr/samples/tcpip/sendmail/cf directory, otherwise, it will not work. Enter:
m4 ../m4/cf.m4 aix433.norelay.mc > testmail.cf
7.Now you should have a new testmail.cf file under the /usr/samples/tcpip/sendmail/cf directory. Rename your old sendmail.cf
and replace it with the new one. Enter:
mv /etc/sendmail.cf /etc/sendmail.cf.orig
mv testmail.cf /etc/sendmail.cf
8.You must make at least one change to the new sendmail.cf.
Comment out the Fw-o /etc/sendmail.cw or create the /etc/sendmail.cw entry.
Also note the line in the new sendmail.cf that points to the file where
you specify the hosts or domains you want to allow to relay. Using your
favorite editor, open the following file:
/etc/sendmail.cf
Search for the following section and comment out the line as indicated below.
# file containing names of hosts for which we receive email
#Fw-o /etc/sendmail.cw
NOTE: This is the entry for the file that will allow hosts to relay. No need to
make any changes here.
#Hosts that will permit relaying ($=R)
FR-o /etc/mail/relay-domains
9.Now you must add the domains for which your server will allow relay.
Using your favorite editor, edit the following file:
/etc/mail/relay-domains
NOTE: You may have to create the /etc/mail directory. Below are some sample entries.
lab.net
test.com
lab.mail.edu
Update the sendmail daemon with the new configuration
Finally, you must refresh the sendmail daemon to put the new configuration into effect. Enter:
refresh -s sendmail
NOTE: If sendmail is not running, you need to check to see if it is active. Use the following command to complete this step.
lssrc -s sendmail
If sendmail is active, you will see information similar to the following:
Subsystem Group PID Status
sendmail mail 5424 active
If it is not active, start it up by issuing the following command:
startsrc -s sendmail -a "-bd -q30m"
Other troubleshooting information
This section explains what to do if sendmail fails to operate.
Using startsrc to start sendmail will hide error messages from you. To gain a hint as to why sendmail is failing to run, try starting sendmail like so:
sendmail -bd -q30m
Any error messages will be displayed to the console as sendmail is started.
[ TechDocs Ref: 95626186213426 Publish Date: Dec. 15, 2000 4FAX Ref: 8761 ]
See /usr/samples/tcpip/sendmail/README for more information about
anti-spam features and general configuration methods.
Special Notices
Please use this information with care. IBM will not be responsible for damages of
any kind resulting from its use. The use of this information is the sole responsibility
of the customer and depends on the customer's ability to evaluate and integrate
this information into the customer's operational environment.
Configuring Anti-Spam in AIX 4.3.3
About this document
This document describes how to configure sendmail anti-relay.
The information in this document applies to AIX Version 4.3.3 and sendmail 8.9.3.
Related documentation
The product documentation library is also available at the following URL:
Updating sendmail.cf
1.Ensure that the bos.net.tcp.adt fileset is installed on your system.
If it is not, install it using SMIT. Check that the fileset is installed:
lslpp -l bos.net.tcp.adt
2.AIX 4.3.3 ships the necessary tools and macros to generate custom sendmail
configuration files. Once the fileset bos.net.tcp.adt is loaded, you can find the
tools in /usr/samples/tcpip/sendmail/cf. Enter:
cd /usr/samples/tcpip/sendmail/cf
3.The file aix433.mc is under this directory and contains the features that allow
for sendmail customization. The one that allowed for open relay is
FEATURE(promiscuous_relay)dnl. A typing error also exists in this file that
you must change. Before making changes, rename the file so that you do
not write over the original. Enter:
cp aix.mc aix433.norelay.mc
4.The original file looks like the example below, except for the comments.
Use the comments as a guide in editing the new file. Using your favorite editor,
open the file:
aix433.norelay.mc
NOTE: The .mc file can be edited for whatever FEATURES are needed for
your new sendmail.cf.
These features are documented at
Below is an example of a minimum .mc file:
divert(0)dnl
OSTYPE(aix43)dnl --->typing error 'aix43' changed to read 'aix433'
FEATURE(genericstable)dnl --->remove line if not needed
FEATURE(mailertable)dnl --->remove line if not needed
FEATURE(virtusertable)dnl --->remove line if not needed
FEATURE(domaintable)dnl --->remove line if not needed
FEATURE(allmasquerade)dnl
FEATURE(promiscuous_relay)dnl -->remove line to stop unauthorized relay
FEATURE(accept_unresolvable_domains)dnl --->remove this line to enhance security
FEATURE(accept_unqualified_senders)dnl --->remove this line to enhance security
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp) NOTE: If a line is not desired, it must be removed. Commenting them out does not work. The entry that is responsible for the relay is FEATURE(promiscuous_relay)dnl.
5.Here is a basic example that will deny unauthorized relay:
divert(0)dnl
OSTYPE(aix433)dnl --->note the edit to 'aix433'
FEATURE(allmasquerade)dnl
DOMAIN(generic)dnl
MAILER(local)dnl
MAILER(smtp)dnl
6.Rebuild the new sendmail.cf file using the new options. You must be under the
/usr/samples/tcpip/sendmail/cf directory, otherwise, it will not work. Enter:
m4 ../m4/cf.m4 aix433.norelay.mc > testmail.cf
7.Now you should have a new testmail.cf file under the /usr/samples/tcpip/sendmail/cf directory. Rename your old sendmail.cf
and replace it with the new one. Enter:
mv /etc/sendmail.cf /etc/sendmail.cf.orig
mv testmail.cf /etc/sendmail.cf
8.You must make at least one change to the new sendmail.cf.
Comment out the Fw-o /etc/sendmail.cw or create the /etc/sendmail.cw entry.
Also note the line in the new sendmail.cf that points to the file where
you specify the hosts or domains you want to allow to relay. Using your
favorite editor, open the following file:
/etc/sendmail.cf
Search for the following section and comment out the line as indicated below.
# file containing names of hosts for which we receive email
#Fw-o /etc/sendmail.cw
NOTE: This is the entry for the file that will allow hosts to relay. No need to
make any changes here.
#Hosts that will permit relaying ($=R)
FR-o /etc/mail/relay-domains
9.Now you must add the domains for which your server will allow relay.
Using your favorite editor, edit the following file:
/etc/mail/relay-domains
NOTE: You may have to create the /etc/mail directory. Below are some sample entries.
lab.net
test.com
lab.mail.edu
Update the sendmail daemon with the new configuration
Finally, you must refresh the sendmail daemon to put the new configuration into effect. Enter:
refresh -s sendmail
NOTE: If sendmail is not running, you need to check to see if it is active. Use the following command to complete this step.
lssrc -s sendmail
If sendmail is active, you will see information similar to the following:
Subsystem Group PID Status
sendmail mail 5424 active
If it is not active, start it up by issuing the following command:
startsrc -s sendmail -a "-bd -q30m"
Other troubleshooting information
This section explains what to do if sendmail fails to operate.
Using startsrc to start sendmail will hide error messages from you. To gain a hint as to why sendmail is failing to run, try starting sendmail like so:
sendmail -bd -q30m
Any error messages will be displayed to the console as sendmail is started.
[ TechDocs Ref: 95626186213426 Publish Date: Dec. 15, 2000 4FAX Ref: 8761 ]
Guest_imported
New member
- Jan 1, 1970
- 0
'have it done in one of my server and works great!
- Status