New Version of sendmail

The HP-UX 11.0 Extension Pack contains a new version of sendmail (version 8.8.6) that provides a group of rulesets to obstruct mail "spamming" (the sending of unsolicited mail to large numbers of users) and to prevent mail "spammers" from using your host as a mail relay.

sendmail 8.8.6 provides four named rulesets (in the sendmail.cf file) to check and reject unsolicited mail messages:

`check_mail`	Accept or reject mail according to the sender's address in the SMTP MAIL command.
`check_rcpt`	Check the recipient address to prevent spammers from using your machine as a mail gateway.
`check_relay`	Accept or reject SMTP connections according to incoming hostname, domain or IP address.
`check_compat`	Allow/prevent mail transfers between specified sender/recipient pairs.

NOTE: System administrators may wish to test the new rulesets before using them in production systems, as follows:

Edit the sendmail.cf file to include the following ruleset at the beginning of the anti-spamming rulesets.
SStart R$* $$| $* $: $1 $| $2 fake for -bt mode.
This ruleset will interpret correctly the expression $| as a single operator.
Execute the following command:
sendmail -bt
The command will display the following:
ADDRESS TEST MODE Enter <ruleset><address> >
At the > prompt, test the ruleset under consideration.

Other New sendmail Features

The following new configuration options are provided in the sendmail.cf file. They must be enabled explicitly to be used.

`AllowBogusHELO`	Used to accept connection from sites that do not conform to the protocol of giving the hostname.
`MustQuoteChars`	Used to add characters that must be quoted in the non-address information portion of a mail address. By default, the characters '`@,;:\()[].`' must be quoted.
`RunAsUser`	Enables sendmail to run as a user, rather than as root, for additional security on firewalls.
`Timeout.iconnect`	Sets timeout for initial network connection with another host. For example, set to allow sendmail a shorter first attempt to deliver a message than for subsequent attempts.
`Timeout.hoststatus`	Used to curb the amount of time sendmail spends before attempting to deliver a message to a previously inoperative host.
`SingleLineFromHeader`	Used to enable sendmail to handle properly headers that contain newlines (as in Lotus Notes' SMTP mail gateway).
`UnsafeGroupWrites`	Used as a safeguard for sendmail to trust group write permissions.
`MaxDaemonChildren`	Used to limit the number of child processes accepting (incoming) mail.
`ConnectionRateThrottle`	Used to limit the number of incoming SMTP connections permitted in a single second.
`SingleThreadDelivery`	Prevents two sendmail messages on a local machine to open conections to the same remote host at the same time.
`HostStatusDirectory`	Used to keep track of persistent host status.

Enhancements have been made to the following existing Flags/options:

`F=equate`	Used to tell sendmail how the delivery agent will behave. Two new values have been added to this flag: `F=9` is used to determine whether to convert messages back to original 8-bit form. `F=0` is used to turn off MX lookups.
`QueueSortOrder`	Used to set mail sorting by priority, submission time, or using an enhanced sort.

Following are the new command line options:

`-U`	Indicates the initial MUA-to-MTA submission.
`-bD`	Causes sendmail to run as a daemon but prevents it from running in the background.
`-bh`	Prints the status of hosts that have had recent connections.
`-bH`	Purges the host status database.

Miscellaneous Options:

`ETRN`	Triggers a mechanism for a client to request that a server start processing waiting mail queues.
`Delivery Status Notification` (DSN)	A function of Message Transport Agent (MTA) by which an SMTP client specifies delivery status information.
`MX Records`	The limitation on the number of MX records for a single host has been increased to 100, to handle huge service providers.
IPv6-style Domain Literals	Support for syntax of IPv6-style domain literals.

Changes to the sendmail Configuration File

Customers currently using sendmail version 8.7.5 or later (shipped with HP-UX 10.30 and later) and who do not want to take advantage of the new features provided by version 8.8.6 can use the existing sendmail.cf configuration file, which is still compatible with sendmail 8.8.6. However customers are urged to use /usr/newconfig/etc/mail/sendmail.cf as the base with any required site-specific modifications. /usr/newconfig/etc/mail/sendmail.cf contains documentation on how to make site-specific changes.

The functionality of the DL macro found in version 8.7 sendmail.cf file has changed in this new version:

In version 8.7, if the DL macro was specified, all mail messages for its specified domain were delivered directly, rather than through the relay host specified in DS.
As of version 8.8.6, the DL macro is used to specify the address to which mail messages to unknown users are forwarded.

In version 8.7, if the DL macro was specified, all mail messages for its specified domain were delivered directly, rather than through the relay host specified in DS.

The old functionality of the DL macro is retained in sendmail.cf through the use of the Dm macro. Even if Dm is not explicitly specified in sendmail.cf, it derives its value from the $j macro.

Thus, sendmail 8.8.6 behaves as follows, by default:

If DS is set, sendmail forwards all mail messages to the value of DS (that is, smart host).
If the user wants sendmail to deliver directly all messages destined for hosts in the local domain (as defined by the value of the Dm macro) and to forward external mail messages to the smart host, the user should uncomment the following rule in ruleset 0:

# See if we are supposed to deliver to hosts in the local domain
#R$* < @ $* > $* $: $>check_local <$m> $1 < @ $2 > $3 Local Domain?

Also, the user should ensure that $m is defined. This can be done by executing the following command:

sendmail -bt 
> $m

This should display the value of the local domain. If it is not set, it must be specified in the sendmail.cf file. For example, if your local domain is india.hp.com, in the sendmail.cf file you would define $m as Dmindia.hp.com.

Effects on Use of OpenMail

People using OpenMail will be affected due to a change in the default end-of-string for all SMTP commands in sendmail 8.8.6. Whereas the default end-of-string for the previous version of sendmail was \n, all delivery agents that communicate SMTP in sendmail 8.8.6 now have \r\n for their default end-of-string.

To ensure that sendmail-8.8.6 operates properly with OpenMail, make sure the mailer definition for OpenMail in sendmail.cf denotes E=\n, as follows:

Mopenmail, P=/opt/openmail/bin/unix.in, F=DFLMXmnu, E=\n, S=15, R=25, A=unix.in

Performance and Size Impacts

The 8.8.6 version of sendmail does not visibly change the system's performance, nor does it require additional space.

Further Information

sendmail administrators may find the book sendmail useful. It is by Bryan Costales with Eric Allman, published by O'Reilly and Associates, Inc. The second edition deals with version 8.7.