SUMMARY: Third-part relaying in Solaris 1 sendmail

From: Linda L. Cygan (lcygan@wpm.com)
Date: Thu Mar 09 2000 - 19:06:22 CST


Thanks to all that responded (list below) and for doing so with the speed
that allowed me to get us back up and running in just a few days. The
consensus was "Get the $%^&* off that version of sendmail. It is full of
security holes." Everyone pointed out that any time I spent would not be
wasted because I should do this on the new system and the configuration
files could be used my new 2.7 box.

I was able to compile sendmail 8.9.3 with only one small problem. I don't
have groff but another search of the SunManagers archives gave me the clue
to change the configure file to use nroff. I don't know if I can read the
man pages, but it allowed the compile to complete without errors which is
all I cared about. I had to add all my PC's to either the relay-domains
file or an access.db file so they would be allowed to relay mail through the
server. I created both because the first few I tested needed one or the
other so to save time I did both. Everyone uses some form of Outlook as
their email client with either POP3 or IMAP connections. I am going to do
some real testing over this weekend to see if I can't do away with some of
that.

I have only one other hurdle to overcome which is my roaming users. I have
the POPAUTH information from the Sendmail.org page which should allow this.
Some of the scripts I want to use are Perl and I can't get it to compile on
the SunOS 4.1.3 system. Since that is a separate issue I will be submitting
another question about that. I am also including links that I found very
helpful.

Thanks to:
Karl Vogel, Richard Bond, Brett Lymn, Richard Bond, Chris Marble, Rick
Kelly, Chad Price, Claudio Cuestas

Original Message:
------------------
We have a new Solaris 2.7 system we will be deploying in about two weeks
because we knew of the security issues but the spam mail jerks couldn't
wait. They got to us on Thursday and we have been put on some Blacklist
already. Is there any easy way to stop this using the current version of
sendmail that Sun distributes for Solaris 1. I believe it is 8.6. I have
downloaded 8.9.3 and will try to compile and configure it, but it just seems
like such a waste of time.

Helpful links:
----------------
RFC 2505: Anti-Spam Recommendations
   ftp://ftp.isi.edu/in-notes/rfc2505.txt

   Anti-Spam Provisions in Sendmail 8.8
   http://www.sendmail.org/antispam.html
       * Preventing relaying through your SMTP port
       * Refuse mail from selected hosts
       * Restrict mail acceptance from certain users to avoid mailbombing

   Blocking Email
   http://www.nepean.uws.edu.au/users/david/pe/blockmail.html
       * Do you or your users, receive "junk email" (aka., "spam")
       * Do you have Sendmail R8.8.5 running at your site?
       * Would you like to block known "junk email" senders' addresses?

   QMail source plus docs
   http://www.qmail.org/

   Sendmail source code
   ftp://ftp.cs.berkeley.edu/pub/sendmail

   BIND source code
   ftp://ftp.isc.org/isc/bind/

   SENDMAIL install script
   http://www.freshmeat.net
        search for install sendmail

   Instructions for Installing 8.8.8 and with anti-relay rules
   http://www3.hmc.edu/docs/coolstuff/sendmail

   SMAP - A public domain firewall toolkit
   www.fwtk.org
   http://www.fwtk.org/fwtk/patches/patches.html#2.2

--
Linda Cygan
Manager of System Administration
Western Printing Machinery Company      EMail: lcygan@wpm.com
9229 Ivanhoe Street                     Phone: (847) 678-1741 Ext.8620
Schiller Park, Il 60176                 Fax  : (847) 678-6176



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:04 CDT