Friday, February 03, 2006

Sendmail and SMTP Authenticated Relay


This document is to configure SMTP server on Fedora Core 4,
to use it from anywhere without the necessity of opening up
the relay for public use and hence subjecting yourself to the
possibility of being blacklisted or ending up in other databases such as ORBS.

DRAC and SMTP AUTH are two different approach which addresses this.

The Purpose of this document is to explain the process of installation and Configuration of sendmail with relay for roaming users, ie,relay based on authentication.

With SMTP-AUTH client may indicate an authentication mechanism to the server, perform an authentication protocol exchange, and optionally negotiate a security layer for subsequent protocol interactions. Thisextension is a profile of the Cyrus Simple Authentication and Security Layer [SASL].

Platform: Fedora Core 4, Sendmail 8.13.5

Installation of sendmail with SASL support

a) Download sendmail source package from:

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.5.tar.gz

This is downloaded into /usr/local/src directory.

b) tar -zxvf sendmail.8.13.5
c) cd sendmail-8.13.5
d) cd devtools/Site
e) joe site.config.m4
f) Add the following lines to it:
APPENDDEF(`confENVDEF', `-DSASL')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl')

g) cd /usr/local/src/sendmail-8.13.5/cf/cf
h) create a file called linux.mc with exactly the following lines:

OSTYPE(`linux')dnl
define(`confCONNECTION_RATE_THROTTLE',40)dnl
define(`confMAX_HOP',30)dnl
define(`confMAX_MESSAGE_SIZE',10000000)dnl
define(`confPRIVACY_FLAGS',`authwarnings,needmailhelo')dnl
define(`confQUEUE_LA',5)dnl
define(`confREFUSE_LA',10)dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTO_IDENT',0s)dnl
define(`confTO_QUEUEWARN', `12h')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`STATUS_FILE',`/etc/mail/sendmail.st')dnl
define(`ALIAS_FILE',`/etc/mail/aliases')dnl
FEATURE(`local_procmail', `/usr/bin/procmail')dnl
FEATURE(`always_add_domain')dnl
define(`confCW_FILE',` /etc/mail/local-host-names')dnl
FEATURE(`smrsh')dnl
define(`confEBINDIR',`/usr/lib/libexec')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`redirect')dnl
FEATURE(`virtusertable',` hash -o /etc/mail/virtusertable')dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 PLAIN LOGIN PAM')dnl
define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 PLAIN LOGIN PAM')dnl
MAILER(`smtp')dnl

i) run :
m4 ../m4/cf.m4 linux.mc > sendmail.cf
j) cp sendmail.cf /etc/mail
if /etc/mail does not exist , create it and then copy
k) cd /usr/local/src/sendmail-8.13.5/
l) groupadd -g smmsp; useradd -g smmsp smmsp
m) sh Build
n) sh Build install
o) create a file called /etc/rc.d/init.d/sendmail with following lines ( the standard redhat startup-script):

#!/bin/sh
#
#This shell script takes care of starting and stopping sendmail.
#
# chkconfig: 2345 80 30
# description: Sendmail is a Mail Transport Agent, which is the program # that moves mail from one machine to another.
# processname: sendmail
# config: /etc/sendmail.cf
# pidfile: /var/run/sendmail.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Source sendmail configureation.
if [ -f /etc/sysconfig/sendmail ] ; then
. /etc/sysconfig/sendmail
else
DAEMON=yes
QUEUE=1h
fi

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/sendmail ] || exit 0
RETVAL=0
# See how we were called.
case "$1" in

start)
# Start daemons.

echo -n "Starting sendmail: "
/usr/bin/newaliases > /dev/null 2>&1

for i in virtusertable access domaintable mailertable ; do
if [ -f /etc/mail/$i ] ; then
makemap hash /etc/mail/$i < /etc/mail/$i fi done daemon /usr/sbin/sendmail $([ "$DAEMON" = yes ] && echo -bd) \

$([ -n "$QUEUE" ] &&amp; echo -q$QUEUE)

RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sendmail
;;

stop)

# Stop daemons.
echo -n "Shutting down sendmail: "
killproc sendmail
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sendmail
;;

restart|reload)

$0 stop
$0 start
RETVAL=$?
;;

status)

status sendmail
RETVAL=$?
;;

*)

echo "Usage: sendmail {start|stop|restart|status}"
exit 1

esac

exit $RETVAL

********* End of start/stop sendmail script ************

0) use /etc/rc.d/init.d/sendmail start/stop to start/stop sendmail
p) cd /etc/mail
q) touch local-host-names access domaintable mailertable virtusertable
r) if not exist, create dir /var/spool/mqueue
Sendmail installation is complete

Authentication with PAM

Edit /usr/lib/sasl/Sendmail.conf. Add the following line to it:
pwcheck_method: PAM

Create /etc/pam.d/smtp with following lines:

#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so

Test your setup, by using clients like Outlook Express and relay mail through this server.

Taking Backups

I am Trying my hand on shell script.

What I wanted was I need to mention the name of file or directory
and it should take the back of that with Year, day, month, time etc...

Heres the script,

#!/bin/bash
echo Give the File or Directory Name for which Want you to take Backup :
read filename
if [ "$(tar czvf $filename.$(date +%Y%m%d-%H%M%S).tgz $filename)" ]; then
echo The Backup is taken
else
echo There is no Such File.
fi

and saved it as --- archive.sh

[root@mainproxy Unix_Shell]# ls
archive.sh doc

[root@mainproxy Unix_Shell]# ./archive.sh
Give the File or Directory Name for which Want you to take Backup :
doc
The Backup is taken

[root@mainproxy Unix_Shell]# ls
archive.sh doc doc.20060203-063542.tgz

Bash Programming can be found here and here.