HPE Community
Operating System - HP-UX
1833268 Members
2768 Online
110051 Solutions
New Discussion

Re: Sendmail confusion and am I patched

 
SOLVED
Go to solution
Charles Holland
Trusted Contributor

‎04-09-2003 09:25 AM

‎04-09-2003 09:25 AM

Sendmail confusion and am I patched

Systems are HP-UX 11.0 on various models

Amoung all the recient flury about the problem with sendmail I upgraded from 8.9.3.1 (PHNE_2419+JAGae58098) to 8.11.1 Revision 1.2 - 2003/03/03 on one of the systems. Yet in this link

http://forums.itrc.hp.com/cm/QuestionAnswer/0,,0x82599c196a4bd71190080090279cd0f9,00.html

it appears that it may not be patched as it doesn't mat the output by Berlene. Does this mean that I'm missing something still?

In other sections of the same link Patrick Wallek talks about "turning sendmail off", and Jeff Schussele talks about "stopped accepting mail on servers that don't need to."

There is no reason that we want to "recive" email to our servers, but how/where do you set something so that it doesn't start at bootup. Testing this morning,I found out that I did not need sendmail to use mailx to send out email.
Questions:
1) Is the 8.11.1 patched on the one system, or do I need something.

2) How do you prevent sendmail from starting up at boot time.

3) If I let it startup at boot time it appears that I can set it to a "send only" situation. Is this correct?

Points awarded within 24 hours of posting.

Thanks.
"Not everything that can be counted counts, and not everything that counts can be counted" A. Einstein
0 Kudos
Reply
12 REPLIES 12
James R. Ferguson
Acclaimed Contributor

‎04-09-2003 09:51 AM

‎04-09-2003 09:51 AM

Solution

Re: Sendmail confusion and am I patched

Hi Charles:

If you wish to stop 'sendmail' from running at bootup, edit '/etc/rc.config.d/mailservs' and set SENDMAIL_SERVER=0.

Remember that startup scripts are found in the '/sbin/init.d/' directory; the sequencer scripts for these in the '/sbin/rc?.d/' directories; *and* the configurtion variables which control them in '/etc/rc.config.d/'.

Regards!

...JRF...
Reply
Paul Sperry
Honored Contributor

‎04-09-2003 10:38 AM

‎04-09-2003 10:38 AM

Re: Sendmail confusion and am I patched

If you dont' need sendmail

set your /etc/rc.config.d/mailservs


like this:

# more mailservs
#########################################
# Mail configuration. See sendmail(1m) #
#########################################
#
# @(#)B.11.11_LR
#
# BSD's popular message handling system
#
# SENDMAIL_SERVER: Set to 1 if this is a mail server and should
# run the sendmail deamon.
# SENDMAIL_SERVER_NAME: If this is not a mail server, but a client being
# served by another system, then set this variable
# to the name of the mail server system name so that
# site hiding can be performed.
#
export SENDMAIL_SERVER=0
export SENDMAIL_SERVER_NAME=

this will prevent it from starting at boot.

To stop it do the following as root:

cd /sbin/init.d
./sendmail stop





Reply
Stuart Abramson_2
Honored Contributor

‎04-09-2003 11:46 AM

‎04-09-2003 11:46 AM

Re: Sendmail confusion and am I patched

I have never heard about a "send only" sendmail.

And, I wonder about doing that, because my root account received mail all the time from legato, cron, etc.

So I don't think you want to limit sendmail to send only, because you want roo to receive mail.

Let me know if I'm wrong about this.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎04-09-2003 12:11 PM

‎04-09-2003 12:11 PM

Re: Sendmail confusion and am I patched

I think there is a bit of a misunderstanding about sendmail. If you have sendmail running on a machine, that enables that machine to receive mail from machines other than itself. If you stop sendmail on a machine you can still send mail from that machine to other places. Also, with sendmail stopped, you CAN send mail to users LOCAL to that machine.

So, to summarize, stopping sendmail does not effect sending mail to local users on a machine, nor does it effect sending mail outside that machine. It just keeps that machine from RECEIVING mail from others.

There is no way I know of to run sendmail in a "send only" mode. What you CAN do is put a job in cron to run "sendmail -q" occasionally to clear out the sendmail queue (you can see this by running the command 'mailq'). This queue though should only have something in it if the machine or domain you are sending to is not available. Normally this queue should be empty.

I stand by my recommendation in the other thread. If you don't need to receive mail from outside sources (other machines, internet) on a machine, disable sendmail!
Reply
someone_4
Honored Contributor

‎04-09-2003 02:33 PM

‎04-09-2003 02:33 PM

Re: Sendmail confusion and am I patched

Hi,
In addition to what Patrick said you can still use a smart relay ( the DS option) without sendmail running to send email to a smart relay.



Richard
0 Kudos
Reply
Charles Holland
Trusted Contributor

‎04-10-2003 10:45 AM

‎04-10-2003 10:45 AM

Re: Sendmail confusion and am I patched

I think that item 2 has been resolved enough and I'm posting a link to the Sendmail 8.11.1 Release Notes http://www.docs.hp.com/hpux/pdf/5969-4305.pdf
and reference pages 15-16. This is where I came up with the "send only". Apparently new feature in version 8.11.1. Haven't had many answers on item 1 so guess I'll just have to give up on that.

Thanks to all those who replied.
"Not everything that can be counted counts, and not everything that counts can be counted" A. Einstein
0 Kudos
Reply
someone_4
Honored Contributor

‎04-10-2003 12:57 PM

‎04-10-2003 12:57 PM

Re: Sendmail confusion and am I patched

1) Is the 8.11.1 patched on the one system, or do I need something.

To check your sendmail do
what /usr/sbin/sendmail
it should say:

Copyright (c) 1998 HEWLETT PACKARD COMPANY and its licensors,
including Sendmail, Inc., and the Regents of the
University of California. All rights reserved.
version.c 8.11.1 (Berkeley) - Revision 1.3_binary - 03/04/2003

That includes the latest revision that was posted on the forum.

Richard
0 Kudos
Reply
Charles Holland
Trusted Contributor

‎04-11-2003 04:45 AM

‎04-11-2003 04:45 AM

Re: Sendmail confusion and am I patched

Richard it looks a little short.... mine indicates
version.c 8.11.1 (Berkeley) - Revision 1.2 - 2003/03/03

where do I obtain your version
version.c 8.11.1 (Berkeley) - Revision 1.3_binary - 03/04/2003

If I go to
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=SMAIL811
which is where I downloaded the last version from... missed the part about having to follow up with "PHCO_22076 or a superseding patch".
But it talks about a "Version 2 (B.11.00.01.002) released in March 2003".

Anyone's thoughts are appreciated.
"Not everything that can be counted counts, and not everything that counts can be counted" A. Einstein
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

‎04-11-2003 05:11 AM

‎04-11-2003 05:11 AM

Re: Sendmail confusion and am I patched

>1) Is the 8.11.1 patched on >the one system, or do I need >something.

You don't appear to be patched for the latest vulnerability -

see
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0304-253

for patch retrieval.

>2) How do you prevent >sendmail from starting up at >boot time.

Earlier solutions in posts are correct.

>3) If I let it startup at >boot time it appears that I >can set it to a "send only" >situation. Is this correct?

Yes. "send only" is
sendmail -qNm

where N is the periodicity of queue processing in minutes.

To set at startup, edit /sbin/init.d/sendmail

or

you can run the command from the command line.
0 Kudos
Reply
Berlene Herren
Honored Contributor

‎04-11-2003 05:12 AM

‎04-11-2003 05:12 AM

Re: Sendmail confusion and am I patched

The web download of 8.11.1 does not yet contain the two security vulnerabilities that have surfaced since early March. If you install that, you will still have to get the binary mentioned in the security bulletin dated 4 April (HPSBUX0302-246). This binary contains both fixes for this vulnerability as well as the one dated 3 March.

As reported in the security bulletin, ff a fix has been installed the following command will list a 'version.c" line:

what /usr/sbin/sendmail | grep JAGae58098

For example,

what /usr/sbin/sendmail | grep JAGae58098
version.c 8.9.3.1 (Berkeley) 4/10/2002
PHNE_26305+JAGae58098).

Berlene

http://www.mindspring.com/~bkherren/dobes/index.htm
Reply
Berlene Herren
Honored Contributor

‎04-11-2003 05:13 AM

‎04-11-2003 05:13 AM

Re: Sendmail confusion and am I patched


As to the send or receive only, that is available with 8.11.1. You would generate a sendmail.cf.gen with either option 23 (send only - This option will generate a sendmail.cf file without check_compat ruleset.
This will allow only sending of mails and will not receive any mails.) or 24 (Receive_only: This option will generate a sendmail.cf file with check_compat ruleset. This will allow only reception of mails and not sending mails or even
queue processing.) However, you need to copy over another version of the /etc/rc.config/mailservs file from /usr/contrib/sendmail/usr/newconfig/etc/rc.config.d
and make appropriate changes.

export SENDMAIL_SERVER=1
export SENDMAIL_SERVER_NAME=
export SENDMAIL_RECVONLY=0
export SENDMAIL_SENDONLY=0

Berlene
http://www.mindspring.com/~bkherren/dobes/index.htm
Reply
Brian DelPizzo
Frequent Advisor

‎06-23-2003 10:45 AM

‎06-23-2003 10:45 AM

Re: Sendmail confusion and am I patched

Version 8.11.1 rev 4 is now available.

Use ftp site hprc.external.hp.com

user: sendmail
pw: sendmail
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.