HPE Community
Operating System - HP-UX
1751765 Members
4660 Online
108781 Solutions
New Discussion юеВ

Re: Sendmail

 
SOLVED
Go to solution
R Harris
Advisor

тАО11-17-2008 12:52 PM

тАО11-17-2008 12:52 PM

Sendmail

Hello,

I'm running HP-UX 11.11. I'm working on system security, and one of the recommendations from a recent security audit is to shutdown sendmail, if possible. I recently installed the 8.13.3 version of sendmail on our test server and configured the /etc/mail/submit.cf file to send mail out to our email server for delivery of mail. The sendmail daemon is not running. Delivery of outgoing mail works fine. However, local mail to root and other mail that should stay local does not get delivered to root on the local host.

I have created the smmsp user and group, and have tried several changes to the submit.cf file, but still cannot deliver local mail to the local host. All mail seems to get sent to our mail server instead. Mail for systems administrators should be sent to our mail server for delivery.

Does anyone know how to send local mail (like root mail) to the local and send other mail (eg. someuser@ourdomain.com) to our mail server?

Thanks,

Ray Harris.

0 Kudos
Reply
18 REPLIES 18
Armin Kunaschik
Esteemed Contributor

тАО11-18-2008 04:52 AM

тАО11-18-2008 04:52 AM

Re: Sendmail

You need a running sendmail to deliver local mail!
So deactivating sendmail is not always the best way of securing things.
You should modify the listening port in /etc/mail/sendmail.cf to listen only on 127.0.0.1 like
O ClientPortOptions=Family=inet, Address=127.0.0.1

With this setup everything should work fine again. From the security point of view you now have an open port 25 listening on localhost. But this does not matter because those users should be able to send mail anyway.

My 2 cents,
Armin

PS: Assign points if you find answers useful!
And now for something completely different...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-18-2008 05:01 AM

тАО11-18-2008 05:01 AM

Re: Sendmail

Shalom,

To answer your question, I'd need to at least see the DS directive in sendmail.cf

Take a look at /var/adm/mail.log to see whats going on with this mail.

Further it would be helpful to see the commands or cron job entries that are sending the mail to get some contest.

Normally, even if you relay all mail with a DS directive, local mail gets delivered.

However without sendmail running, it may be getting auto rejected.

Additional information required to give good help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

тАО11-18-2008 05:04 AM

тАО11-18-2008 05:04 AM

Re: Sendmail

I have to correct myself. It's not ClientPortOptions but DaemonPortOptions.

My 2 cents,
Armin
And now for something completely different...
0 Kudos
Reply
R Harris
Advisor

тАО11-18-2008 08:11 AM

тАО11-18-2008 08:11 AM

Re: Sendmail

Prior to upgrading sendmail I was able to send local main without sendmail running.

As for settings, I have:
O DaemonPortOptions=Family=inet, Address=127.0.0.1

and DS is:
DSlocalhost

Thanks,

Ray Harris
0 Kudos
Reply
R Harris
Advisor

тАО11-18-2008 08:12 AM

тАО11-18-2008 08:12 AM

Re: Sendmail

Prior to upgrading sendmail I was able to send local main without sendmail running.

As for settings, I have:
O DaemonPortOptions=Family=inet, Address=127.0.0.1

and DS is:
DSlocalhost

The last entry in the mail log is:
Nov 18 08:44:46 newpc sendmail[9213]: mAIDifNc009213: to=root, ctladdr=reharris (259/20), delay=00:00:05, xdelay=00:00:05, mailer=relay, pri=30129, relay=gwiaout.crhc.org. [198.212.6.44], dsn=2.0.0, stat=Sent (Ok)


Thanks,

Ray Harris
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

тАО11-18-2008 09:10 AM

тАО11-18-2008 09:10 AM

Re: Sendmail

I don't know what your old sendmail version was? There were some major changes after sendmail 8.9.3.
Now the configuration is splitted into 2 processes configured with sendmail.cf and submit.cf.
The sendmail.cf is responsible for receiving mail, submit.cf for sending mail. Local delivery is part of receiving, therefore you need a receiving configuration.
You need to modify DaemonPortOptions in sendmail.cf, not in submit.cf!

I don't see any reason why DSlocalhost makes any sense because it's implicitly localhost if not set.
The syslog entry looks OK. But it looks like DS is set to gwiaout.crhc.org or [198.212.6.44] in submit.cf.
For some reason your address is not recognized as local. Did you configure anything else?
From my point of view I'd start over from the beginning, and just change DaemonPortOptions and DS.

My 2 cents,
Armin

PS: Assign points if you find answers useful!
And now for something completely different...
0 Kudos
Reply
R Harris
Advisor

тАО11-18-2008 09:56 AM

тАО11-18-2008 09:56 AM

Re: Sendmail

The entrys from the previous post are from the sendmail.cf file.

In the submit.cf file, DS is:

DS

and the D{MTAHost} entry is:
D{MTAHost}[gwiaout.crhc.org]

Thanks,

Ray Harris
0 Kudos
Reply
Armin Kunaschik
Esteemed Contributor

тАО11-19-2008 02:01 AM

тАО11-19-2008 02:01 AM

Re: Sendmail

The documentation regarding MTAHost looks like:
"All messages will be forwarded to the ${MTAHost}."
This seems to work exactly as described.

There is still a DS available in 8.13.
Quick guess: Unset MTAHost and set the smart relay DS again.

My 2 cents,
Armin

PS: Assign points if you find answers useful!
And now for something completely different...
Reply
Armin Kunaschik
Esteemed Contributor

тАО11-19-2008 02:05 AM

тАО11-19-2008 02:05 AM

Re: Sendmail

>I have assigned points to 0 of 14 responses to my questions.

I want you to kindly remind you to follow the rules of this forum.

It might happen that you won't get any answers in the future if you ignore the efforts of those who answer your questions!
And now for something completely different...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.