Configuring Anti-Spam in AIX 4.3.3
Contents
About this document
Related documentation
Updating sendmail.cf
Update the sendmail daemon with the new configuration
Other troubleshooting information
About this document
This document describes how to configure sendmail anti-relay.
The information in this document applies to AIX Version 4.3.3 and sendmail
8.9.3.
Related documentation
The product documentation library is also available at the following URL:
http://www.rs6000.ibm.com/resource/Pubs/index.html
Updating sendmail.cf
- Ensure that the bos.net.tcp.adt fileset is installed on your system.
If it is not, install it using SMIT. Check that the fileset is installed:
lslpp -l bos.net.tcp.adt
- AIX 4.3.3 ships the necessary tools and macros to generate custom
sendmail configuration files. Once the fileset bos.net.tcp.adt
is loaded, you can find the tools in /usr/samples/tcpip/sendmail/cf.
Enter:
cd /usr/samples/tcpip/sendmail/cf
- The file aix433.mc is under this directory
and contains the features that allow for sendmail customization. The one that
allowed for open relay is FEATURE(promiscuous_relay)dnl.
A typing error also exists in this file that you must change. Before
making changes, rename the file so that you do not write over the
original. Enter:
cp aix.mc aix433.norelay.mc
- The original file looks like the example below, except for the comments.
Use the comments as a guide in editing the new file. Using your favorite
editor, open the file:
aix433.norelay.mc
NOTE: The .mc file can be edited for whatever FEATURES are
needed for your new sendmail.cf.
These features are documented at
http://www.sendmail.org/m4/features.html.
Below is an example of a minimum .mc file:
- divert(0)dnl
- OSTYPE(aix43)dnl --->typing error 'aix43' changed
to read 'aix433'
- FEATURE(genericstable)dnl --->remove line if not needed
- FEATURE(mailertable)dnl --->remove line if not needed
- FEATURE(virtusertable)dnl --->remove line if not needed
- FEATURE(domaintable)dnl --->remove line if not needed
- FEATURE(allmasquerade)dnl
- FEATURE(promiscuous_relay)dnl --->remove line to stop
unauthorized relay
- FEATURE(accept_unresolvable_domains)dnl --->remove this line to enhance
security
- FEATURE(accept_unqualified_senders)dnl --->remove this line to enhance
security
- DOMAIN(generic)dnl
- MAILER(local)dnl
- MAILER(smtp)dnl
- MAILER(uucp)
NOTE: If a line is not desired, it must be removed. Commenting them out
does not work. The entry that is responsible
for the relay is FEATURE(promiscuous_relay)dnl.
- Here is a basic example that will deny unauthorized relay:
- divert(0)dnl
- OSTYPE(aix433)dnl --->note the edit to 'aix433'
- FEATURE(allmasquerade)dnl
- DOMAIN(generic)dnl
- MAILER(local)dnl
- MAILER(smtp)dnl
- Rebuild the new sendmail.cf file using the new options. You must be under the /usr/samples/tcpip/sendmail/cf
directory, otherwise, it will not work. Enter:
m4 ../m4/cf.m4 aix433.norelay.mc > testmail.cf
- Now you should have a new testmail.cf file under the /usr/samples/tcpip/sendmail/cf
directory. Rename your old sendmail.cf and replace it with the new one.
Enter:
mv /etc/sendmail.cf /etc/sendmail.cf.orig
mv testmail.cf /etc/sendmail.cf
- You must make at least one change to the
new sendmail.cf. Comment out the Fw-o /etc/sendmail.cw or create
the /etc/sendmail.cw entry. Also note the line in the new sendmail.cf
that points to the file where you specify the hosts or domains you want to
allow to relay. Using your favorite editor, open the following file:
/etc/sendmail.cf
Search for the following section and comment out the
line as indicated below.
# file containing names of hosts for which we receive email
#Fw-o /etc/sendmail.cw
NOTE: This is the entry for the file that
will allow hosts to relay. No need to make any changes here.
#Hosts that will permit relaying ($=R)
FR-o /etc/mail/relay-domains
- Now you must add the domains for which your server
will allow relay. Using your favorite editor, edit the following file:
/etc/mail/relay-domains
NOTE: You may have to create the /etc/mail
directory. Below are some sample entries.
lab.net
test.com
lab.mail.edu
Update the sendmail daemon with the new
configuration
Finally, you must refresh the sendmail daemon
to put the new configuration into effect. Enter:
refresh -s sendmail
NOTE: If sendmail is not running, you need to check to see if it is active. Use the following command to complete
this step.
lssrc -s sendmail
If sendmail is active, you will see information similar to the following:
Subsystem Group PID Status
sendmail mail 5424 active
If it is not active, start it up by issuing the following command:
startsrc -s sendmail -a "-bd -q30m"
Other troubleshooting information
This section explains what to do if sendmail
fails to operate.
Using startsrc to start sendmail will
hide error messages from you. To gain a hint as to why sendmail is
failing to run, try starting sendmail like so:
sendmail -bd -q30m
Any error messages will be displayed to the console as sendmail is
started.
[ Doc Ref: 95626186213426 Publish Date: Dec. 15, 2000 4FAX Ref: 8761 ]