HPE Community
Operating System - HP-UX
1834227 Members
2790 Online
110066 Solutions
New Discussion

sendmail configure

 
SOLVED
Go to solution
GK_5
Regular Advisor

‎10-08-2003 06:03 AM

‎10-08-2003 06:03 AM

sendmail configure

I have to configure a sendmail server as relay in DMZ. Any source for best practices or configuration guide?
Thanks
-GK-
IT is great!
0 Kudos
Reply
3 REPLIES 3
Steven E. Protter
Exalted Contributor

‎10-08-2003 06:10 AM

‎10-08-2003 06:10 AM

Solution

Re: sendmail configure

This guide is a good one.

http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90685/B2355-90685_top.html&con=/hpux/onlinedocs/B2355-90685/00/00/41-con.html&toc=/hpux/onlinedocs/B2355-90685/00/00/41-toc.html&searchterms=configuration%7csendmail&queryid=2003988-120704


I would make sure the box is very secure, running Bastille first:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA


To relay off this server.

For relay, you need to modify the DS directive in /etc/mail/sendmail.cf

DS

changes to:

DShostname

or

DS
[IP address]



There is a file called /etc/mail/access
This must specify what servers are allowed to relay mail based on ip address.

ip_address RELAY

The file is tab delimited.

There is a program named gen_cf that allows you to build databases and configure sendmail according to a set of predefined options.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
GK_5
Regular Advisor

‎10-08-2003 06:17 AM

‎10-08-2003 06:17 AM

Re: sendmail configure

Thanks SEP
I have that document. Also I'm reading documents and while papers about securing HPUX at
http://www.hp.com/products1/unix/operating/security/index.html

Any other source?
IT is great!
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-08-2003 06:24 AM

‎10-08-2003 06:24 AM

Re: sendmail configure

Security Software
So sendmail has to run and its possible to direct mail at this exploit with a telnet session.

So we installed the latest sendmail 8.11.1 patch and will be installed the new binaries after making sure the patch didn't do anything bad.

Here is how we keep up on these security issues.

Fist we subscribe to itrc security bulletins, which you apparently already do.

Next we use the following tools to harden security on our system and notify us of security patches.

Bastille Security hardening
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

Perl which the above needs.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL

Security Patch Check
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA

TCP Wrappers

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP

IDS/9000 (Intrusion Detection Sytstem)

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

Get all these products working you'll be quite secure.

Secure shell
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA

Others will contribute, though you might want to create a security thread.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.