-->
Page 106
and the file /home/alphonse/homeboys.aliases contains
alphonse joe betty george
the effect is the same as the alias
homeboys: alphonse, joe, betty, george
This directive is handy for mailing lists that change frequently or those managed by users other than the postmaster. If you find a user is asking for frequent changes to a mail alias, you might want to put it under his or her control.
The aliases file also can be used to send the contents of e-mail to a program. For example, many mailing lists are set up so that you can get information about the list or subscribe to it by sending a letter to a special address, list-request. The letter usually contains a single word in its body, such as help or subscribe, which causes a program to mail an information file to the sender. Suppose that the gonzo mailing list has such an address called gonzo-request:
gonzo-request: |/usr/local/lib/auto-gonzo-reply
In this form of alias, the pipe symbol (|) tells sendmail to use the program mailer, which is usually defined as /bin/sh. (See "The M OperatorMailer Definitions" later in this chapter.) sendmail feeds the message to the standard input of /usr/local/lib/auto-gonzo-reply, and if it exits normally, sendmail considers the letter to be delivered.
You can also create an alias that causes sendmail to send mail to files. An example is the alias nobody, which is common on systems running the Network File System (NFS):
nobody: /dev/null
Aliases that specify files cause sendmail to append its message to the named file. Because the special file /dev/null is the UNIX bit bucket, this alias simply throws mail away.
The easiest way to show you how to set up sendmail is to use a concrete example.
First, you must obtain the source and compile sendmail. Next, you must choose a sendmail.cf file that closely models your site's requirements and tinker with it as necessary. Then you must test sendmail and its configuration file. Finally, you must install sendmail, sendmail.cf, and other auxiliary files.
Page 107
The preceding are the basic steps, but depending on where you install sendmail, you might also have to modify a file in the directory /etc/init.d so that sendmail will be started correctly when the system boots. In addition, if your system doesn't already have one, you must create an aliases file, often named /usr/lib/aliases or /etc/mail/aliases (the location of the aliases file is given in sendmail.cf, so you can put it wherever you want). You might also have to make changes to your system's DNS database, but that information is not covered here (see Chapter 13).
Red Hat Linux ships with sendmail 8.8.5, and an RPM version is available from the www.redhat.com Web site to bring this up to version 8.8.7. Unfortunately, this isn't the latest version, and sendmail 8.8.7 has a serious security flaw that was recently published in comp.security.announce. If you are concerned with security (and you should be!), you will want to download the latest version of sendmail, 8.8.8.
sendmail version 8.8.8 is on the Red Hat Linux Unleashed CD-ROM. This is the most recent version available as this book goes to press, and it is the version documented in the O'Reilly book sendmail, 2nd Ed. (ISBN 1-56592-222-0). This version of sendmail is available from the site at http://www.sendmail.org or via FTP at ftp://ftp.sendmail.org. Using FTP, take the following steps to download it:
[root@gonzo src]# ftp ftp.sendmail.org Connected to pub1.pa.vix.com. 220 pub1.pa.vix.com FTP server (Version wu-2.4(1) Fri Dec 29 06:15:49 GMT 1995) ready. Name (ftp.sendmail.org:root):anonymous 331 Guest login ok, send your complete e-mail address as password. Password: mylogin@gonzo.gov <--- this will not be echo'ed back to you. 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd ucb/src/sendmail 250-This directory contains sendmail 8.x source distributions. The latest 250-production version is in sendmail.${VER}.tar.{Z,gz,sig} -- the .Z file 250-is compressed, the .gz file is the same bits gzipped, and the .sig file 250-is a PGP signature for the uncompressed bits in either of the first two 250-files. Please take ONLY ONE of the .Z or .gz files. 250- 250-The status of various interesting ${VER}s is: 250-8.8.8 Many mostly minor fixes -- see RELEASE_NOTES for details. 250-8.8.7 Fixes a few problems where 8.8.6 was too paranoid. 250-8.8.6 Many mostly minor fixes -- see RELEASE_NOTES for details. 250-8.8.5 Fixes a critical security bug as well as several small problems. 250-8.8.4 Fixes several small bugs, including a potential security problem 250- on some systems allowing local users to get the group permissions 250- of other users, as well as a rare denial-of-service attack. It 250- also fixes the "HUP to smtpd" root shell vulnerability in 8.8.2 250- described in CERT Advisory CA-96.24. 250-
Page 108
250-The following versions are unsupported: 250-8.7.6 A security patch for CERT Advisory CA-96.20. 250- *** SEE ALSO sendmail.8.7.6.patch.1 *** 250- This version DOES NOT FIX the "HUP to smtpd" root shell problem. 250- 250-There is NO 8.6.* patch for CA-96.20. 8.6 is not supported, not secure, 250-and should not be run on any network-connected machine. 250- 250 CWD command successful. ftp> bin 200 Type set to I. ftp> get sendmail.8.8.8.tar.gz local: sendmail.8.8.8.tar.gz remote: sendmail.8.8.8.tar.gz 200 PORT command successful. 150 Opening BINARY mode data connection for sendmail.8.8.8.tar.gz (1026343 bytes ). 226 Transfer complete. 1026343 bytes received in 717 secs (1.4 Kbytes/sec) ftp> bye 221 Goodbye. [root@gonzo src]#
Note that the exact name of the files to download differs depending on the current version of V8 sendmail, in this case version 8.8.8. Also, because the files are compressed, you must give FTP the binary command before transferring them. Note, too, that you should include your complete e-mail address as the passwordfor example, mylogin@gonzo.gov.
Now that you've got the source, you need to unpack it. (If you're using the version from the CD-ROM and the sendmail RPM package files, these steps are not necessary.) Because it's a compressed tar image, you must first decompress it and then extract the individual files from the tar archive. For this example, I'll assume that the file is currently in /usr/local/src.
[root@gonzo src]# tar -xzf sendmail.8.8.8.tar.gz [root@gonzo src]# ls -l drwxr-xr-x 13 30005 ver 1024 Nov 4 20:34 sendmail-8.8.8 -rw-r--r-- 1 root root 1026343 Nov 4 20:33 sendmail.8.8.8.tar.gz
Now you're almost ready to compile sendmail, but first read the following files, which contain the latest news pertinent to the specific release of sendmail you've downloaded:
FAQ RELEASE_NOTES KNOWNBUGS READ_ME
Also take note that the Sendmail Installation and Operation Guide (SIOG) is in the doc/op subdirectory.
Now run cd and ls to see what files are in the source directory:
[root@gonzo src]# cd sendmail-8.8.8/src [root@gonzo src]# ls Makefile collect.c macro.c parseaddr.c srvrsmtp.c Makefiles conf.c mailq.0 pathnames.h stab.c