Very Computer

We have posted the i386.rpm, src.rpm, and patches on our WWW site at
http://www.affinity-systems.ab.ca/software/ for sendmail-8.9.3-1.  These
should work on Red Hat 5.0, 5.1, and 5.2 but were compiled under a relatively
stock Red Hat 5.2 system and Kernel 2.2.1.

Here is information on the package:
bash# rpm -qi sendmail-rhcn
Name        : sendmail-rhcn            Distribution: Red Hat Contrib|Net
Version     : 8.9.3                    Vendor: Affinity Systems Inc.
Release     : 1                        Build Date: Wed Feb 10 09:12:59 1999
Install date: Wed Feb 10 09:17:10 1999 Build Host: cafe.affinity-systems.ab.ca
Group       : Daemons                  Source RPM: sendmail-rhcn-8.9.3-1.src.rpm
Size        : 2269112                  License: BSD

URL         : http://www.sendmail.org/
Summary     : sendmail mail transport agent
Description :
Sendmail is a Mail Transport Agent, which is the program
that moves mail from one machine to another.  Sendmail implements a
general internetwork mail routing facility, featuring aliasing and
forwarding, automatic routing to network gateways, and flexible
configuration.

If you need the ability to send and receive mail via the internet
you'll need sendmail.

cafe:bash# rpm -q --changelog sendmail-rhcn

- updated to sendmail 8.9.3
- updated sendmail.cf and asi-redhat.mc to use newer m4 files

- added Obsoletes line to .spec header
- changed install to make files install as none root user if root doesn't do
the build (for SRPM), and added attr flags to files section for rhcn

- backed out the apache accept patch as accept is handled differently and
(according to the release info) this should fix the DOS attack resulting for    
sendmail sleeping for 5 seconds after a bad accept.  This release includes
the patch for mime buffer overflows as well.  If it still causes problems
due to the accept handling we will merge the apache accept patch back in.

- changed install script of spec file to create /var/spool/mqueue and
.hoststat with mail ownerships and mode 700.  This is wanted and needed if
people set the RunAsUser in sendmail.cf to the default mail user (mail
8:12) which is much safer then running sendmail as user root.  This should
help with certain security concerns.  

- modified the default sendmail.cf to set RunAsUser to mail.  Change this if
needed to a different UID.  Also changed DefaultUser to an equal number, now
it is 8:12 (these are redhat 5.1 default uid/gid for user mail).

- dropped MaxDaemonChildren down to 40 in the default sendmail.cf.  This
should help wee ppp sites like ours as they may not be able to handle 80
children that easily...  Bump this value up in the file
/usr/doc/sendmail-8.X.X/cf/cf/asi-redhat.mc and remake with M4 to change it.

- mail spool directory (/var/spool/mail) changed to root.root mode 1777.
This is for local delivery with procmail, and mail pickup with some pop
servers such as cucipop.  In these cases, the spool file is locked, copied
to a lock file (for pop), and then read etc all the while running as that
user instead of a privledged account.  Mail boxes can then be kept mode 600.

- changed ownership of /etc/aliases to be mail mode 644 as to do
AutoRebuilds this file must be writable by the sendmail daemon running as
user mail.

- tightened permissions on suid files /usr/libexec/mail.local and
/usr/sbin/sendmail to 4511

- Updated to sendmail-8.9.2 and rebuilt RPM.

- Applied sendmail-8.9.1a patch which fixes mime buffer overflows in some
        mail clients

Regards,
Jim

--

Affinity Systems Inc.         | WWW: http://www.affinity-systems.ab.ca
Everything Unix               | Linux:  The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration

Why don't you include virtusertable,relay-domains ?

alx

On Thu, 11 Feb 1999 10:58:37 +0100, Alexandre did say with great verbosity:
:Why don't you include virtusertable,relay-domains ?

You can, just add FEATURE(virtusertable,`hash -o /etc/virtusertable')dnl
to /usr/doc/sendmail-rhcn-8.9.3/cf/cf/asi-redhat.mc and remake with m4 do
add it.  All the default configuration files for sendmail are then,
including the .mc file to build the sendmail.cf that is installed with the
RPM.

Regards
Jim

:
:alx
:
:>
:> We have posted the i386.rpm, src.rpm, and patches on our WWW site at
:> http://www.affinity-systems.ab.ca/software/ for sendmail-8.9.3-1.  These
:> should work on Red Hat 5.0, 5.1, and 5.2 but were compiled under a relatively
:> stock Red Hat 5.2 system and Kernel 2.2.1.

--

Affinity Systems Inc.         | WWW: http://www.affinity-systems.ab.ca
Everything Unix               | Linux:  The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration

Is there some reason for putting this under /usr/doc instead of
/usr/lib/sendmail-cf where the original redhat version lives?
Also, is there any explanation for the items in the mc file
that differ from the redhat version.  I appreciate having the
rpm package but I still like to know what it is doing and why.

 Les Mikesell

On 13 Feb 1999 14:32:07 -0600, Leslie Mikesell did say with great verbosity:
:Is there some reason for putting this under /usr/doc instead of
:/usr/lib/sendmail-cf where the original redhat version lives?

Instead of building it as a different package (as redhat did) we have
included it in the main RPM as we feel you *need* to have these files to
install/run sendmail properly.  As for their placement *shrug*.

Under /usr/doc/sendmail-rhcn-%version it works equally as well, and does not
get killed/overwritten when you upgrade from one version to the next (your
changes will remain in /usr/doc/sendmail-rhcn-%version/cf/cf).

:Also, is there any explanation for the items in the mc file
:that differ from the redhat version.  I appreciate having the
:rpm package but I still like to know what it is doing and why.

the cf/README file and sendmail ops manual explain all the options fully.
The configuration we provide is proven to work well on most systems, and in
the case of busy servers or not-included features will you have to tweak
some of the values, inwhich case the .mc file is also provided...

It is a good point though, and maybe in the next version we shall include a
README with the .mc file to detail the settings we have.

Hope that helps answer your questions.

: Les Mikesell

Regards
Jim

--

Affinity Systems Inc.         | WWW: http://www.affinity-systems.ab.ca
Everything Unix               | Linux:  The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration

The only problem is that you end up with 2 copies, one of which is
outdated.

Quote:>:Also, is there any explanation for the items in the mc file
>:that differ from the redhat version.  I appreciate having the
>:rpm package but I still like to know what it is doing and why.

>the cf/README file and sendmail ops manual explain all the options fully.
>The configuration we provide is proven to work well on most systems, and in
>the case of busy servers or not-included features will you have to tweak
>some of the values, inwhich case the .mc file is also provided...

>It is a good point though, and maybe in the next version we shall include a
>README with the .mc file to detail the settings we have.

>Hope that helps answer your questions.

Yes, thanks.  There are about a billion ways to set up sendmail.  What
I'd really like to see is the reasoning behind the choices where you
are different from the stock version and perhaps pointers to the
details on how to use the features.  For example, your anti-relay
configuration is completely different and caused me a bit of trouble
because I forgot that my DNS wasn't set up to reverse-resolve some
DHCP-assigned addresses that can originate mail.  That isn't your
config's fault, but a mention of how yours was different might have
jogged my memory about how my other setup allowed relaying from
the address range.  And I still haven't found what the
confPRIVACY_FLAGS settings mean.

  Les Mikesell

On 15 Feb 1999 00:17:01 -0600, Leslie Mikesell did say with great verbosity:

:The only problem is that you end up with 2 copies, one of which is
:outdated.

Ahh, yes.  We need an Obsolete line for sendmail-cf.  Thanks for pointing
that one out.

:Yes, thanks.  There are about a billion ways to set up sendmail.  What
:I'd really like to see is the reasoning behind the choices where you
:are different from the stock version and perhaps pointers to the
:details on how to use the features.

sendmail.cf in our package only differs as much as the 8.8.7(?) rpm .cf that
comes with RH 5.2 stock...  umm, to say the least, that's a lot.

Main differences are the access database, RunAsUser, PrivacyFlags,
localprocmail, and relay_based_on_MX (which actually works in 8.9.3 :)

:For example, your anti-relay
:configuration is completely different and caused me a bit of trouble
:because I forgot that my DNS wasn't set up to reverse-resolve some
:DHCP-assigned addresses that can originate mail.  That isn't your
:config's fault, but a mention of how yours was different might have
:jogged my memory about how my other setup allowed relaying from
:the address range.

That's in the access database (/etc/mail/access) and because of 8.9.3's
hardline stance on relaying is likely a default too.  Add your 24/16/18 bit
address (without the trailing 0) to get it to accept mail from the entire
class C/B/A.

:And I still haven't found what the confPRIVACY_FLAGS settings mean.

Page 51 of the ops manual explains all of the PrivacyFlags
(/usr/doc/sendmail-rhcn-8.9.3/doc/op/op.ps

Regards,
Jim

:
:  Les Mikesell

--

Affinity Systems Inc.         | WWW: http://www.affinity-systems.ab.ca
Everything Unix               | Linux:  The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration