Setting up sendmail on a firewall, Part 1

<font face="Courier">
cp sendmail.8.9.3.tar.sig /usr/local/src [or wherever you keep your source]
cp  sendmail.8.9.3.tar.gz   /usr/local/src  	
cd   /usr/local/src
gunzip    sendmail.8.9.3.tar.gz    

You'll want to download the sig file so you can verify the validity of the tar file. Downlaod the PGPKEYS file from in directory

<font face="Courier">/pub/sendmail</font>
. This file contains the signature keys for Greg Shapiro and Eric Allman of as well as the sendmail signing keys for 1997, 1998, and 1999. You must have the 1999 key for sendmail 8.9.3. You may want to include the older keys anyway if you're installing older versions of sendmail. PGP doesn't behave the same way in all versions. I used PGP Business 4.0.1 for Unix and discovered it doesn't like to have all the keys in the same file. It only wanted to install Greg Shapiro's key. I put each PGP key block into a separate file and then added them one at a time. You will want to certify the keys and check the fingerprints in the PGPKEYS file for each key against what the PGP software thinks the fingerprint is. If you're unfamiliar with PGP, you should refer to the documentation provided with your version of PGP. For Business 4.0.1, you would type the following command to add the key:

<font face="Courier">
	pgp -ka /tmp/key1

<font face="Courier">/tmp/key1</font>
is the name of the first key to add. Once you add the keys to your public key ring, you're ready to check sendmail's key. Type:

<font face="Courier">
	pgp sendmail.8.9.3.tar.sig

You must have

<font face="Courier">sendmail.8.9.3.tar</font>
in the same directory as the signature. PGP will verify the signature. If it's okay, it will tell you that the key used to sign the software is Sendmail Signing Key/1999. Once you have completed this step, you're ready to untar the software and begin installation.

<font face="Courier">
	tar xvf sendmail.8.9.3.tar

This will unload the tar file and create a top-level directory,

<font face="Courier">/usr/local/src/sendmail-8.9.3</font>
, which has everything you need to build and configure sendmail. You should review the README files for more information. In most cases, you can just run the build command without any configuration changes. Note that, by default, sendmail is compiled with DNS support. If you're not using DNS, sendmail will run very slowly until the DNS lookup times out. See the README file in the
<font face="Courier">src</font>
directory for configuring compile-time options. To use the defaults, type:

<font face="Courier">
cd  /usr/local/src/sendmail-8.9.3/src
./Build  -c


<font face="Courier">-c</font>
option to build ensures a clean compile from scratch. Alternatively, you can run make from the top-level directory (
<font face="Courier">/usr/local/src/sendmail-8.9.3</font>
) to build all the utilities provided with the release. It isn't necessary if you just want the sendmail binary, but you may want to use some of the included utilities such as makemap (for building an access database). Once the build has completed successfully, the binary will be in
<font face="Courier">/usr/local/src/sendmail-8.9.3/src/obj.[ostype].[release].[arch],

Next month

This concludes the first installment of this series. At this point, you should go through the sendmail source directories and review the README files. Decide which features support your site's policy. Next month, we'll continue building the sendmail config file.


Many thanks to Greg Shapiro at for his prompt and patient explanations. I'm beginning to wonder if he ever sleeps. Also thanks to my partner at Wizard's Keys, Jonathan Klein, for technical input and for running out to get wine when I got frustrated!

Disclaimer: The information and software in this article are provided as-is and should be used with caution. Each environment is unique and the reader is cautioned to investigate with his or her company as to the feasibility of using the information and software in the article. No warranties, implied or actual, are granted for any use of the information and software in this article and neither author nor publisher is responsible for any damages, either consequential or incidental, with respect to use of the information and software contained herein.

| 1 2 Page 3
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon