HP-UX Internet Services HP-UX Mailing Solutions White Paper HP Part Number: 5992-5835 Published: October 2008 Edition: 1.
Legal Notices © Copyright 2008 Hewlett-Packard Company, L.P. Confidential Computer Software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.11 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Table of Contents Executive Summary................................................................................................................................7 Intended Audience.................................................................................................................................7 Introduction............................................................................................................................................7 Setting up the Mail Server...................
Configuring SpamAssassin on an HP-UX system................................................................36 Secure Mailing Solution........................................................................................................................39 SAFER Support ...............................................................................................................................39 Compartments....................................................................................................
List of Figures 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Pine Main Menu............................................................................................................................15 Pine Setup Option.........................................................................................................................16 Configuring Pine...........................................................................................................................
Executive Summary This white paper discusses how to setup the mail server using Sendmail in an HP-UX operating system and how to obtain additional security, anti-spamming, and antivirus features in the mail server using various products. The paper also includes selected usage models and examples, and the benefits of using these on HP-UX systems.
This section addresses the following topics: Prerequisites Following are the prerequisites for configuring Sendmail on an HP-UX operating system: • The Sendmail 8.13.3 software NOTE: • • Sendmail 8.13.3 is available in the core HP-UX 11i v3 operating system. The complete hostname of the system where the Sendmail server is installed. For example, system_name.domain_name.com. A well connected system.
3. Create a mail user account: Following is the procedure to create an email account named username@fullhostname: 1. 2. Create a user account called username in the mail server where Sendmail is installed. # useradd –m username Configure the password for the user account: # passwd username Verifying the Sendmail Mail Server Setup Follow this procedure to verify the Sendmail mail server setup: 1.
Prerequisites Following are the prerequisites to configure rmail on an HP-UX system: • The Sendmail 8.13.3 software NOTE: • Sendmail 8.13.3 is available in the core HP-UX 11i v3 operating system. The rmail software rmail is available as the default local mailer configuration in the sendmail.cf file in the core HP-UX 11i v3 operating system Configuring rmail as the Local Mailer To configure rmail as the local mailer, specify the following entry in the /etc/mail/ sendmail.
NOTE: Sendmail 8.13.3 is available in the core HP-UX 11i v3 operating system. If Sendmail 8.13.3 is installed on an HP-UX system, the swlist HPUX-MailServer command displays the following: HPUX-MailServer C.8.13.3.1 • HPUX Mail Server The UW-IMAP Software You must install the latest UW-IMAP software (A.11.00-2007a.002 and above) from http:// www.software.hp.com for the HP-UX 11i v3 operating system.
3. Check the user's mailbox on the IMAP server. 1. Create an account on the mail server that requires a mail service: #useradd –m 2. -c "UW-IMAP test" username Set the password for the username: #passwd username Changing password for username New password: ******** Re-enter new password: ******** Passwd successfully changed 3. Establish a telnet connection to the IMAP server and login using the user's account to check the user's mailbox: # telnet 0 143 Trying... Connected to 0.
Prerequisites Following are the prerequisites for configuring POP3 on an HP-UX system: • The Sendmail 8.13.3 Software NOTE: Sendmail 8.13.3 is available in the core HP-UX 11i v3 operating system. If Sendmail 8.13.3 is installed on an HP-UX system, the swlist HPUX-MailServer command displays the following: HPUX-MailServer C.8.13.3.1 • HPUX Mail Server The POP3 Software You must install the latest UW-IMAP software (A.11.00-2007a.002 and above) from http:// www.software.hp.
+OK Sayonara Connection closed by foreign host. 3. Check the user's mailbox on the POP3 server. a. Create an account on the mail server that requires a mail service: # useradd –m b. -c "UW-IMAP test" username Set the password for the username: # passwd username Changing password for username New password: password Re-enter new password: password Passwd successfully changed c. Establish a telnet connection from your system to the POP server on the local host: # telnet 0 110 Trying... Connected to 0.
The Pine Mail Client Pine is a tool for reading, sending, and managing electronic messages. It is a freeware, text-based email client developed at the University of Washington. Pine was initially developed for inexperienced email users but Pine has evolved to support many advanced features, configuration, and personal-preference options. Pine is available for UNIX and also for personal systems running a Microsoft operating system.
Figure 2 Pine Setup Option 3. Choose C to configure Pine as a client for the UW-IMAP server. Figure 3 Configuring Pine 4.
Figure 4 Configuring the User's Mailbox 5. Compose a message using the compose option (C) from the Main Menu. The compose message window is displayed. Figure 5 Composing a Message in Pine You can compose and send the email message from this window. 6. To view all the message in your inbox, select the FOLDER LIST->INBOX option from the Main Menu. The Message Index window is displayed.
Figure 6 The Message Index Window Following is a sample output of a message on the IMAP server on the mail server: Figure 7 Sample Message on the IMAP Sever NOTE: Pine is compatible only with UW-IMAP and not with Cyrus-IMAP. The Microsoft Outlook Mail Client Microsoft Office Outlook is a personal information manager from Microsoft and is part of the Microsoft Office suite.
Configuring Microsoft Outlook on a Microsoft Windows System Follow this procedure to configure Microsoft Outlook on a Microsoft Windows system: 1. Follow this procedure to create an IMAP/POP email account for the user: a. Open the Microsoft Outlook application and choose Tools->E-mail Accounts. Figure 8 Configuring Microsoft Outlook b. Choose Add a new email-account and click Next. Figure 9 Configuring Email Account c. Choose the server type as POP3 or IMAP and click Next.
Figure 10 Choosing the Server Type d. Set the POP or IMAP account for the user. Figure 11 denotes sample configuration for a test user. Figure 11 Setting User Account 2. 20 You can test the POP3 connection on the mail server as displayed Figure 12.
Figure 12 Testing the POP3 Connection This output indicates that the POP3 connection is established properly on the mail server. Similarly, you can test the IMAP connection by establishing a telnet connection to port 143. 3. Figure 13 displays the interface to read mails in Microsoft Outlook. Figure 13 Reading Mails in Microsoft Outlook The Thunderbird Mail Client Mozilla Thunderbird is a freeware, open source, cross-platform email and news client developed by the Mozilla Foundation.
Figure 14 Configuring Thunderbird The Account Settings window is displayed. b. Click Add Account in the Account Settings window to add an email account on the mail client. Figure 15 Adding User Account The Account Wizard window is displayed. c.
Figure 16 The New Account Setup Window d. Enter the account details as denoted in Figure 17. Figure 17 Account Details e. Choose the mail server type as POP or IMAP. Figure 18 Server Information Window f. Click Finish to confirm the details provided for the user account.
Figure 19 Account Wizard Window 2. Figure 20 displays the interface to read an email in the Thunderbird mail client. Figure 20 Thunderbird Inbox Anti-Spam and Anti-Virus Solutions in HP-UX Sendmail This section discusses the “milter” functionality in Sendmail and the procedure to configure mail systems with various Milter programs. These programs enable a mail client to block, verify, and sort incoming mails and provide an effective mailing solution.
• • “Procmail Support” (page 35) “SpamAssassin Support” (page 36) Milters With the growth in email volumes and the prevalence of threats like spam, viruses, and targeted attacks (denial of service, directory attacks), Sendmail is enhanced to provide the mail filter (milter) functionality. The milter functionality is available in Sendmail 8.13.3 on all versions of the supported HP-UX 11i operating systems.
Prerequisites The Sendmail 8.13.3 software must be installed on the HP-UX system. NOTE: Sendmail 8.13.3 is available in the core HP-UX 11i v3 operating system. Compiling and Installing the Filter Follow this procedure to compile and instal the filter on an HP-UX system: 1. 2. 3. Write the filter program, for example milter_prog.c, according to your requirements. For a sample filter program, see https://www.milter.org/developers/sample.
2: Relay Options 3: Anti Spamming Options 4: Security Options 5: Generate sendmail.cf 6: Generate submit.
NOTE: If you are conversant with the macros in the sendmail.cf file, you can manually edit the /etc/mail/sendmail.cf file to enable the milter functionality. 9. Restart the Sendmail daemons: # /sbin/init.d/sendmail stop # /sbin/init.d/sendmail start Verifying the Sendmail Configuration Complete the following checks to verify the Sendmail milter configuration: • • • Ensure that the output of the mtail command does not contain any errors or warnings. Send a test mail and verify if the mail is delivered.
Configuring Sendmail with Clam-AV Milter This section discusses the prerequisites and procedure to configure Sendmail with Clam-AV milter on an HP-UX system. Prerequisites Following are the prerequisites for configuring the Clam-AV milter: • The Sendmail 8.13.3 software NOTE: • Sendmail 8.13.3 is available in the core HP-UX 11i v3 operating system. The Clam-AV software NOTE: at: You can install the latest Clam-AV software from the HP-UX Internet Express suite http://www.software.hp.
main.cvd is up to date (version: 30, sigs: 31086, f-level: 4, builder: tkojm) daily.cvd is up to date (version: 845, sigs: 2207, f-level: 4, builder: ccordes) 2. Start the clamd daemon: a. Edit the entries as follows in the /opt/iexpress/clamav/etc/clamd.conf configuration file: #Example User root b. Specify the socket name: LocalSocket /var/run/clamav/clamd.sock The clamd.sock socket is an example. You can specify any socket name. c.
The Selected Options are: milter Do you want to continue and build the confuguration file Press any key to continue or [n/N] to unset all options 5. Enter y to add the Clam-AV milter as a filter program. ----------------------------------------------------------------Sendmail Configuration File generator : ----------------------------------------------------------------1: General Features 2: Relay Options 3: Anti Spamming Options 4: Security Options 5: Generate sendmail.cf 6: Generate submit.
NOTE: Default timeouts have been added for filter: milter_prog Building sendmail.cf.gen... 6. Copy the created sendmail.cf.gen file as /etc/mail/sendmail.cf file, preserving any site-specific customized configuration or add the following to the /etc/mail/ sendmail.cf file. # Input mail filters O InputMailFilters=, clamav-milter You may need to add clamav-milter to already defined milters separated with a comma …………………….. # Milter options #O Milter.LogLevel O Milter.macros.
1. Start the Regex daemon: #/sbin/init.d/regex-init start The daemon starts and listens on the /var/milter-regex/milter-regex.sock socket. NOTE: You must not run the milter program as a superuser. A new user regex is created for the milter-regex tool and the new user regex runs as a regex user. 2. Edit the /opt/iexpress/milter-regex/conf/milter-regex.conf file as per your requirement.
O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, {auth_author}, {mail_mailer}, {mail_host}, {mai l_addr} O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr} O Milter.macros.
Procmail Support Procmail is a mail delivery agent (MDA) or mail filter to process incoming emails. It is invoked from an MTA like Sendmail or Postfix. Procmail provides the following features: • • • Creates mail-servers and mailing lists Sorts incoming mail into separate folders or files Preprocess email, start any programs upon mail arrival (for example, to generate different chimes on your workstation for different types of mail) or selectively forward certain incoming mail automatically.
5. Send a test mail with subject as test to the superuser: #echo “ Testing Procmail” | mailx –s “test” root 6. The folder folder-name now contains the msg.50B message. # ls msg.50B # cat msg.50B SpamAssassin Support SpamAssassin is an extensible and intelligent email filter, which uses a diverse range of tests to identify unsolicited bulk email, commonly known as "spam". These tests are applied to email headers and content to classify email using advanced statistical methods.
By default, spamd listens on the TCP port 783. You can verify if spamd is listening properly on this port: # netstat -an | grep 783 tcp 0 0 127.0.0.1.783 2. *.* LISTEN Follow this procedure to setup spamc the SpamAssassin client: NOTE: The following sample setup is for the user abtuser with user ID (uid) 7140 (abtuser) and group ID (gid) 714(abt). a. b. Login as abtuser. Change the directory to the root directory: # cd ~ c. Create the .spamassassin directory and change to that directory: # mkdir .
| /usr/bin/spamc :0: * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\* spam10 :0: * ^X-Spam-Status: Yes spamassassin-spam #Spamassassin end The rules :0fw:spamassassin.lock and | /usr/bin/spamc feed the entire message to spamc, which sends the message to spamd for spam score calculation. spamd also adds and modifies headers to indicate that the message is spam. It adds a X-Spam-Status: Yes header for any messages with a spam score 5.
autolearn=no version=3.2.4 Received: (from root@localhost) by itan.hp.com (@(#)Sendmail version 8.13.3 - Revision 1.000 - 1st August,2006/8.13.3) id m7M6KfRZ025089 for abtuser; Fri, 22 Aug 2008 11:50:41 +0530 (IST) Date: Fri, 22 Aug 2008 11:50:41 +0530 (IST) From: root@itan.hp.com Message-Id: <200808220620.m7M6KfRZ025089@itan.hp.com> To: abtuser@itan.hp.com Subject: improved Mime-Version: 1.
Figure 23 Parent and Handler Processes in a Compartment Running a Sendmail Process in a Compartment Follow this procedure to run a Sendmail process in a compartment on an HP-UX system: 1. Check if the compartmentalization feature is already enabled on the system: # cmpt_tune Examining the kernel configuration. Please be patient. Compartmentalization is disabled in running configuration. 2. If feature is disabled, enable the compartments feature: # cmpt_tune –e Enabling compartmentalization feature.
interface lan904 } Please edit /etc/cmpt/iface.rules before rebooting. Reboot to enable compartmentalization. 3. 4. Reboot the system. This step is mandatory to enable compartmentalization. Copy the /etc/cmpt/examples/sendmail.example file to a .rules file to create a new compartment called sendmail for the Sendmail application. # cp /etc/cmpt/examples/sendmail.example /etc/cmpt/sendmail.rules The SAFER tool contains an example of rule sets for the Sendmail product.
cmpt= sendmail euid= zero 2. Verify the Sendmail functionality by receiving a mail from a different system. itan3# sendmail root@inet.hp.com Hello, . inet is the mail-server where sendmail is running in a compartment. inet# mailx mailx Revision: 1.179.214.2 Date: 98/12/01 01:29:55 Type ? for help. "/var/mail/root": 1 message 1 new >N 1 root@itan. Tue Sep 9 16:08 13/709 ? 1 Message 1: From root@itan.hp.com Tue Sep 9 16:08:22 IST 2008 Received: from itan.hp.com (root@itan.hp.com [15.146.224.79]) by inet.hp.
