This is a detailed summary because this is important info and I really want to get this summary into the archives: I asked: > I have a sendmail question for the collective. I believe the problem > centers around the "new and improved" (harumph) sendmail shipped with > Solaris 9. > > I do not run sendmail in daemon (-bd) mode on clients; only the mailserver > will receive email. So on the client (Solaris 9 with patch 113575-04) I > have edited the submit.cf file in two places > change Cwlocalhost to Cwmailhost > and change D{MTAHost}localhost to D{MTAHost}mailhost. > I have edited the sendmail.cf file in one place > change the Cwlocalhost to Cwmailhost. > On the mailhost (an old Solaris 7 sparc 20, with patch 110615-09), I put > the local host name into the local-host-names file and restarted sendmail. > > Under Solaris 8 and older, this worked fine (and there was no submit.cf so > I didn't have to modify it...). With Solaris 9, there is this > new user smmnp, which will only send email to localhost. This is called > improving security -- forcing you to run a daemon that was previously > disabled... > > Has anyone gotten a Solaris 9 box to send email out without running it in > daemon mode? Summary: Ok, here is a recipe for running sendmail shipped with a Solaris 9 box in a secure fashion without running the daemon on the local system. * do not run sendmail in daemon mode. Create the file /etc/default/sendmail with the single line MODE= and then stop and restart sendmail. A typical ps after doing that will be smmsp 688 1 0 13:07:00 ? 0:00 /usr/lib/sendmail -Ac -q15m root 689 1 0 13:07:00 ? 0:00 /usr/lib/sendmail -q15m note that there is not a "-bd" in sight. * edit the /usr/lib/mail/cf/submit.mc file. change the last line from FEATURE(`msp', `[127.0.0.1]')dnl to FEATURE(`msp', `mailhost')dnl * compile the new submit.cf file cd /usr/lib/mail/cf m4 ../m4/cf.m4 submit.mc > submit.cf * copy this new submit.cf file into place cp /usr/lib/mail/cf/submit.cf /etc/mail/submit.cf * make sure that mailhost will accept mail from the server (may have to edit local_host_names and then restart sendmail on mailhost. * every time you apply a sendmail patch on this machine, rebuild the submit.cf file. * and by the way, Sun will tell you this cannot be done. They will say that you must run in daemon mode on every machine. +-----------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@tsg.cbot.com / \ anybody could become president. | | (312) 347-4901 O---O Now I'm beginning to believe it. | | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | +----------PGP public key available via finger or PGP keyserver---------+ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Jul 25 12:33:56 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:16 EST