home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Previous Section Next Section

3.1 Before You Begin, a Checklist

Before you begin the process of building sendmail you should consider obtaining and installing several important support packages. These packages are not needed to install sendmail, but they will make your system more convenient and safer. Typically, each takes 20 minutes to an hour to install, so you really are not facing a serious time commitment.

The packages we will discuss in this section are outlined in Table 3-1 and discussed in the sections that follow.

Table 3-1. Handy Packages in support of sendmail

Package

§

Description

tcpwrappers

Section 3.1.1

Access control at the TCP level (V8.8 and earlier)

Sleepycat DB

Section 3.1.2

For aliases and map files

Regex library

Section 3.1.3

Use regular expressions in maps

3.1.1 The tcpwrappers Package (V8.8 and Earlier)

Support for the tcpwrappers package is still included in V8.12 sendmail, but its functionality has been replaced by the access database (Section 7.5), introduced in V8.9. The current access database has completely replaced the need for this tcpwrappers package.

With this package you can monitor and filter incoming requests for the sendmail daemon. Specifically, you can restrict the systems that can connect to sendmail by editing and adding lines to a simple access list file, typically /etc/hosts.deny.

The important components from the tcpwrappers distribution that you will need to include are the tcpd.h file and the libwrap.a library. The first is typically installed in /usr/local/include, and the second in /usr/local/lib. Using those files and directories, you would include support for tcpwrappers like this:

APPENDDEF(`confINCDIRS', `-I/usr/local/include')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')
APPENDDEF(`conf_sendmail_ENVDEF', `-DTCPWRAPPERS')
APPENDDEF(`conf_sendmail_LIBS', `-lwrap')

3.1.2 The Sleepycat DB Library

The Sleepycat DB library was previously called the new BSD db library. Some versions of Unix come with this library preinstalled. If your version does not, or if you already have the db library installed but it is not version 2.0 or higher, you should upgrade now. If you lack db support, you should consider installing it now.

The Sleepycat DB library supports btree, extended linear hashing, and fixed and variable-length records. It also includes transactional support, database recovery, online backups, and separate access to locking, logging, and shared memory caching subsystems. In short, this is an extremely valuable library to possess, and it greatly improves the sendmail program's handling of aliases and map files.

This library is so key to sendmail that Build automatically includes support for it if it finds a libdb.a or libdb.so library in its search paths. All you have to do is download, compile, and install that library.

The db(3) source is available from http://www.sleepycat.com. But note that Sleepcat db V4.1.0 through V4.1.24 does not work with V8.12.6 and earlier versions of sendmail. For later sendmail versions, see the file RELEASE_NOTES.

The sendmail/README file contains important information, and you should read that file before installing the db library.

3.1.3 The regex Library

The powerful rules in the sendmail configuration file are a good defense against spam. One method of making these rules more flexible is to add the ability to use regular expressions with the regex library. Consider, for example, the desire to reject mail from users whose usernames are all numeric.[1] You could put a million rules such as the following in your configuration file:

[1] Consider such a policy carefully because all numeric names are actually legal.

LOCAL_RULESETS
S Local_check_nums
R $*                     $: $>Parse0 $>3 $1
R 1 @ < $* >             $#error $: 553 Header Error
R 2 @ < $* >             $#error $: 553 Header Error
R 3 @ < $* >             $#error $: 553 Header Error
etc 1 million times

Or you can construct a simple rule that makes use of the regex database map:

LOCAL_CONFIG
Kjustdigits regex -a@MATCH ^[0-9]+$

LOCAL_RULESETS
S Local_check_nums
R $*               $: $>Parse0 $>3 $1
R $+ @ < $* >      $: $(justdigits $1 $)
R @MATCH           $#error $: 553 Header Error

If your operating system currently lacks regular expression support, you can download the needed subroutines from:

ftp://ftp.gnu.org/pub/gnu/rx-*.tar.gz
ftp://ftp.gnu.org/pub/gnu/regex-*.tar.gz
ftp://ftp.funet.fi/pub/languages/C/spencer/regex.shar.gz

When you install your own regular expression library, avoid including the file regex.h from your standard /usr/include. If you do, sendmail will likely fail and dump core. Instead, be sure to include the regex.h from the distribution you downloaded.

    Previous Section Next Section