Setting up sendmail on your client

Summary

This document contains the directions for installing, configuring and running Berkeley's sendmail on your Unix client. While this covers several aspects of setting this up on most platforms, there are always exceptions to rules which may complicate the process. I will attempt to address all pertinent issues.

The current version of Sendmail from Berkeley is 8.8.8. This version has security enhancments for all known sendmail bugs.

Before installing and configuring the daemon, you need to determine what function you would like the sendmail process to perform. The basic disinction here is whether you want your computer to accept/deliver mail (full client) or just handoff mail (nullclient) to a smart host, in our case, smtp.ncsa.uiuc.edu.

Most people choose to have their sendmail client act as a nullclient. This means that all mail that is generated on your machine is handed off to a smart host (NCSA's internal mail server) that can deliver to other hosts. Being a nullclient means that any mail generated on that machine has a return address of @ncsa.uiuc.edu appended to any user that sends mail from that machine. Also, being a nullclient adds an extra level of security since your sendmail daemon does not run in daemon (accept) mode.

If you choose to have a fullclient, you can choose to have your return address include your host's fully qualified domain name. For example, on host foo, your return address would be user@foo.ncsa.uiuc.edu. Being a full client means that you must be responsible for the mailer on the machine (making sure it's running, maintaining an alias file if necessary, etc).

IMPORTANT: If you want to run a fullclient you must verify that your host has an MX record of 0. This can be accomplished by using nslookup.

Type nslookup on your Unix machine.
At the > prompt, type: set type=mx
At the > prompt, type: <your machine name>.

This machine does NOT have an MX record pointing to itself.

rasputin.ncsa.uiuc.edu  preference = 100, mail exchanger = ex1.ncsa.uiuc.edu
rasputin.ncsa.uiuc.edu  preference = 500, mail exchanger = ex2.ncsa.uiuc.edu

This machine HAS an MX records pointing to itself.

wolrab.ncsa.uiuc.edu    preference = 0, mail exchanger = wolrab.ncsa.uiuc.edu
wolrab.ncsa.uiuc.edu    preference = 100, mail exchanger = ex1.ncsa.uiuc.edu
wolrab.ncsa.uiuc.edu    preference = 500, mail exchanger = ex2.ncsa.uiuc.edu

To request an MX record of 0, visit the DNSForm . Choose "Any other type of DNS request".

Install the Sendmail Binary

The first step is to install the sendmail binary on your machine. As root:

cd /afs/ncsa/src/mail/sendmail/current/
Of the directories listed, choose what platform and operating system that best suits your needs. NOTE: On IRIX, choosing the O/S revision will most likely work without regard to platform.
cd to the directory that best suits your situation
cp sendmail /usr/lib/sendmail
cp sendmail.h* /usr/lib/
chmod 4551 /usr/lib/sendmail
chown root /usr/lib/sendmail
chgrp daemon /usr/lib/sendmail
chmod 644 /usr/lib/sendmail.h*

Permissions

Permissions are very important!!! Here are a few guidelines:

chmod 700 /usr/spool/mqueue

chown root /usr/spool/mqueue

chmod 4551 /usr/lib/sendmail

chmod 644 /usr/lib/sendmail.h*

Choosing and Installing the Configuration File

Here's the directions for a nullclient.

cd /afs/ncsa.uiuc.edu/src/mail/sendmail/current/cf
ls -l *hand*.cf
Choose the file which matches your architecture
cp architecture-handoff.cf /etc/sendmail.cf
chmod 644 /etc/sendmail.cf

Here's the directions for a fullclient.

cd /afs/ncsa.uiuc.edu/src/mail/sendmail/sendmail-8.8.8/cf/cf
ls -l ncsa*
Choose the file which matches your architecture
cp ncsa-architecture.cf /etc/sendmail.cf
chmod 644 /etc/sendmail.cf

Starting the Sendmail daemon

nullclient

/usr/lib/sendmail -q15m

fullclient

/usr/lib/sendmail -bd -q15m

** alter the rc script to start the daemon in the proper mode **

If you are running the binary in daemon mode (accepting mail) and you would like to implement rulesets to bounce unsolicited electronic mail click here .