Install and Configure Sendmail 8.15.2 due to Solaris 11.2 update messed-up

[cah]

After upgrading to Solaris 11.2, sendmail stopped working.

I found out Solaris 11.2 installed its own version of sendmail 11.4.9+Sun that does not work with previous configuration.

I had to re-compile the latest version of sendmail (8.15.2)\, came out 07/03/2015) and started my testing.

Sendmail rebuild

This needs several steps to get it to work:



1. Download the latest stable version:

Code: Select all

wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz

2. Unzip & untar it to the working directory

Code: Select all

cd /work/system_apps
gzcat sendmail.8.15.2.tar.gz | tar xf -

3. Create a "site.config.m4" file in "<sendmail_src>/devtools/Site" and add the following entries(may or may not need the bottom 2 lines, I don't need them on cahtoh01). This is to add SASL parameter.

Code: Select all

APPENDDEF(`confENVDEF', `-DSASL=2')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
APPENDDEF(`confLIBDIRS', `-L/usr/local/lib')
APPENDDEF(`confINCDIRS', `-I/usr/local/include') 

Or, just copy from old version:

Code: Select all

cp -p /work/system_apps/sendmail-8.14.6/devtools/Site/site.config.m4 /work/system_apps/sendmail-8.15.2/devtools/Site

4. Chang to the directory and build sendmail

Code: Select all

cd /work/system_apps/sendmail-8.15.2/
sh Build (or make)

5. Archive /etc/mail/cf directory (Solaris 11.2 update messed up the directory)

Code: Select all

mv /etc/mail/cf /etc/mail/cf.8.14.6_9

6. Create and modify sendmail.cf

Code: Select all

cp -rp /work/system_apps/sendmail-8.15.2/cf/ /etc/mail/

6.1. Make sure /etc/mail/cf/m4/cf.m4 has "/etc/mail/cf" in there.

From:

Code: Select all

`define(`_CF_DIR_', `../')',

To:

Code: Select all

`define(`_CF_DIR_', `/etc/mail/cf/')',

Code: Select all

m4 /etc/mail/sendmail.mc_AUTH > /etc/mail/sendmail.cf.8.14.6

6.2. Compare the new sendmail.cf with the existing sendmail.cf and modify the new sendmail.cf accordingly (use diff to do the comparison).

NOTICE: it is now "dbm" instead of the old "hash".

6.3. Replace existing sendmail.cf with this new sendmail.cf.8.15.2.

Code: Select all

cp -p sendmail.cf.8.15.2 sendmail.cf

7. Copy submit.cf to /etc/mail

Code: Select all

mv submit.cf submit.cf.8.14.6
cp /work/system_apps/sendmail-8.15.2/cf/cf/submit.cf /etc/mail

Uncomment "MeToo" in submit.cf

8. Backup existing binary

Code: Select all

cd /usr/lib
mv sendmail sendmail.8.14.5_AUTH

9. Backup /etc/mail/statistics if the historic mailstats data wants to be kept.
otherwise, a new statistics file with 0 byte will replace the old one.

Code: Select all

mv /etc/mail/statistics /etc/mail/statistics_ori

10. Install the new binary

Code: Select all

cd /work/system_apps/sendmail-8.15.2
make install

11. Move statistics file back

Code: Select all

mv /etc/mail/statistics_ori /etc/mail/statistics

12. Restart sendmail

Code: Select all

/etc/init.d/sendmail restart

Start testing sending and receiving email to validate the new mail server.

[cah]

After successfully installing and configuring sendmail 8.15.2, the receiving part of sendmail worked.
However, sending was having issues.

It will wait for 3 to 4 minutes and dropped the connection.

Code: Select all

Jul  6 19:36:27 cahtoh02 sendmail[2242]: [ID 801593 mail.info] t66NaR11002242: from=<cah@hsiao.net>, size=377, class=0, nrcpts=1, msgid=<20150706233618.M80947@hsiao.net>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Jul  6 19:40:07 cahtoh02 sendmail[2244]: [ID 801593 mail.info] t66NaR11002242: to=<chang_an@yahoo.com>, ctladdr=<cah@hsiao.net> (1001/4), delay=00:03:40, xdelay=00:03:40, mailer=relay, pri=120377, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]

This looked like the situation I experienced in February 2015 when Verizon forced TCLv1 connection.
Strange thing is, it still behaved like this even after I added "sslVersion = TLSv1" in stunnel.conf.

I then checked the backup and found the stunnel.conf that was dated at 23:58 on 02/26/2015.

Code: Select all

client = yes
# The following parameters are used for troubleshooting
#debug = 7
#foreground = yes

# Default log file is /var/adm/messages
# daemon.notice (debug = 5) --> refer to /etc/syslog.conf
output = /var/log/stunnel.log

[smtps]
# Starting at Feb 25 02:03:21 EST, stunnel stopped working. SSLv3 was having
# handshake failure with smtp.verizon.net:465 so I forced TLSv1.
# It worked.  CAH 02/26/2015 11:40 PM PST
# Refer to http://bbs.hsiao.net/viewtopic.php?f=7&t=999
sslVersion = TLSv1
#accept=relay.hsiao.net:55555
accept=55555
connect=smtp.verizon.net:465

After I restored it and restarted stunnel, all started to work normally.
I could send and receive email messages again.

[cah]

Starting in late December 2015 after we came back from USA to Taiwan, the sendmail was having issues.

Code: Select all

Jan  1 17:54:47 cahtoh02 sendmail[26743]: [ID 801593 mail.info] tBUG3vIs017304: to=<hsinnish@gmail.com>,<liebe_steffi@yahoo.com.tw>, ctladdr=<cah@hsiao.net> (1001/4), delay=2+06:50:49, xdelay=00:00:00, mailer=relay, pri=19981222, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection reset by [127.0.0.1]

I then checked stunnel.log, I found:

Code: Select all

2016.01.01 18:01:16 LOG4[26711:6]: Service [smtps] REFUSED by libwrap from 127.0.0.1:44831

libwrap looks to be the TCP wrapper issue.
After comparing to the old /etc/hosts.allow file, one line is missing:

Code: Select all

smtps: localhost, 127.0.0.1, 192.168.1.

After adding it back, it started to work.

Not sure why the file got changed.....Strange...
It could be I accidentally removed the last line (smtps) when I updated 2F 259's IP address for ssh.