Hello again, system admins,
I got a response to my original SUMMARY on upgrading sendmail.
It's got some good information in it relative to some of the
previous responses I posted in the SUMMARY. Hence, this SUMMARY-2.
Thanks very much to Juan Gallego for taking the time ...
Paul Youngblood
--------------------------------------------------------
>From Little.Boss_at_physics.mcgill.ca Tue Dec 9 16:39:16 1997
Date: Fri, 5 Dec 1997 09:36:22 -0500 (EST)
From: Juan Gallego <Little.Boss_at_physics.mcgill.ca>
To: "Paul N. Youngblood" <youngbp_at_email.uah.edu>
Subject: Re: SUMMARY: Advice on upgrading sendmail
Just a couple of small points regarding Steve VanDevender's and richard
n. frank's response's.
<snip>
> From: Steve VanDevender <stevev_at_hexadecimal.uoregon.edu>
>
> Subject: Advice on upgrading sendmail
>
> I am admittedly used to the intricacies of sendmail, but sendmail
> 8.8.8 is very easy to build for Digital UNIX. It pretty much
> works out of the box. You should look over
> sendmail-8.8.8/src/Makefiles/Makefile.OSF1 and make sure it uses
> the options you want (I recommend eliminating -DNDBM from the
> build flags so that it uses -DNEWDB instead). You will also need
be careful with this statement. If the machine you're installing v8.8.8
on happens to be NIS master, you must compile it with -DNDBM support. As
stated in the distributions src/READ_ME:
If NEWDB, NDBM, and NIS are all defined and the name of the file includes
the string "/yp/", sendmail will rebuild BOTH the NEWDB and NDBM format
alias files. However, it will only read the NEWDB file; the NDBM format
file is used only by the NIS subsystem. This is needed because the NIS
maps on an NIS server are built directly from the NDBM files.
If NDBM and NIS are defined (regardless of the definition of NEWDB),
and the filename includes the string "/yp/", sendmail adds the special
tokens "YP_LAST_MODIFIED" and "YP_MASTER_NAME", both of which are
required if the NDBM file is to be used as an NIS map.
<snip>
> From: "richard n. frank" <rootrnf_at_wolfram.llnl.gov>
>
> Subject: Re: Advice on upgrading sendmail
>
> Paul,
> I found it intimidating as well. It was actually easier than I thought it
> would be (still hard the first time). I read all the readme's but when I
> got around to making it, I did it with all the defaults. One gotcha is that
> DU 4.0x doesn't have groff so the 887 help files won't get processed. The help
> files are in the 887 set somewhere and can be copied to the appropriate place.
> You will need to edit/create an /ect/banned-domains and /etc/aliases file
> (it is optional what to put in them), and chmod 777 /var/spool/mqueue [...]
This is really bad advice (securitywise), and sendmail will blow all
sorts of bells and whistles if you try it. /var, /var/spool and
/var/spool/mqueue must be owner by root, group system and be writable
at most by root. See below why he was forced to change the directory
permissions.
<snip>
> copy the /usr/sbin/sendmail (887) to same location in OTHER_SYS
This is the problem. If you just copy it, it will end up with permissions
755, which are insuficient for sendmail to run when invoked by a
non-priviledged user. It must be setuid root. The best way to be sure all
programs and files are installed with the right permissions, is to run
make install.
--
Juan Gallego
Little ({sys,net}-{admin,hacker}) Boss
Received on Tue Dec 09 1997 - 23:47:47 NZDT