因為暫無升級OS的計畫,又感於spam的日益猖獗,浪費了很多效能與頻寬。
得知sendmail自8.13版起,有一些很好的功能可以使用,操作設定參考於:
http://www.technoids.org/dossed.html因為這是一部過濾spam的mail gateway,於是就想試著直接升級sendmail,利用其新的功能來抵擋spam,幾經嚐試之後,個人即假設在同樣的環境底下,所需耗費的功夫應該會少一點。
原始環境:
OS:Fedora Core 2
sendmail:8.12.11-4.26.legacy
所需檔案:
sendmail.8.13.8.tar.gz
sendmail-8.12.11-4.26.legacy.src.rpm
1.安裝rpm-build套件yum install rpm-build2.安裝sendmail source rpmrpm -ivh sendmail-8.12.11-4.26.legacy.src.rpm
3.修改specvi /usr/src/redhat/SPECS/sendmail.spec原始檔案請參考source rpm中的sendmail.spec
在此僅列出異動的部份:
未與LDAP整合,未來的使用可能性不高;
Version要與sendmail.8.13.8.tar.gz檔案配合;
Release是你自行定義的;
Patch當然就不需要了;
NIS也不需要;
直接定義access.db的預設值,設定GreetPause、ClientConn、ClientRate;
--- sendmail-my.spec 2006-08-28 15:13:57.000000000 +0800
+++ sendmail.spec 2006-03-23 11:31:24.000000000 +0800
@@ -4,7 +4,7 @@
%define with_sasl1 no
%define with_sasl2 yes
%define with_milter yes
-%define with_ldap no
+%define with_ldap yes
%define with_mysql no
%define enable_pie yes
@@ -17,8 +17,8 @@
Summary: A widely used Mail Transport Agent (MTA).
Name: sendmail
-Version: 8.13.8
-Release: 2.1.my
+Version: 8.12.11
+Release: 4.26.legacy
License: Sendmail
Group: System Environment/Daemons
Provides: smtpdaemon
@@ -32,17 +32,17 @@
Source6: sendmail-redhat.mc
Source7: Sendmail-sasl1.conf
Source8: sendmail.pam
-#Source9: sendmail-8.12.5-newconfig.readme
-#Source10: makecert.sh
+Source9: sendmail-8.12.5-newconfig.readme
+Source10: makecert.sh
Source11: Sendmail-sasl2.conf
-#Patch3: sendmail-8.12.2-makemapman.patch
-#Patch4: sendmail-8.12.11-smrsh-paths.patch
-#Patch5: sendmail-8.12.2-movefiles.patch
-#Patch7: sendmail-8.12.5-pid.patch
-#Patch9: sendmail-8.12.7-hesiod.patch
-#Patch10: sendmail-8.12.7-manpage.patch
-#Patch11: sendmail-8.12.9-dynamic.patch
-#Patch12: sendmail-8.12-VU#834865.patch
+Patch3: sendmail-8.12.2-makemapman.patch
+Patch4: sendmail-8.12.11-smrsh-paths.patch
+Patch5: sendmail-8.12.2-movefiles.patch
+Patch7: sendmail-8.12.5-pid.patch
+Patch9: sendmail-8.12.7-hesiod.patch
+Patch10: sendmail-8.12.7-manpage.patch
+Patch11: sendmail-8.12.9-dynamic.patch
+Patch12: sendmail-8.12-VU#834865.patch
Buildroot: %{_tmppath}/%{name}-root
BuildRequires: tcp_wrappers
BuildRequires: db4-devel
@@ -126,20 +126,19 @@
%prep
%setup -q
-#%patch3 -p1 -b .makemapman
-#%patch4 -p1 -b .smrsh_paths
-#%patch5 -p1 -b .movefiles
-#%patch7 -p1 -b .pid
-#%patch9 -p1 -b .hesiod
-#%patch10 -p1 -b .manpage
-#%patch11 -p1 -b .dynamic
-#%patch12 -p1 -b .VU#834865
+%patch3 -p1 -b .makemapman
+%patch4 -p1 -b .smrsh_paths
+%patch5 -p1 -b .movefiles
+%patch7 -p1 -b .pid
+%patch9 -p1 -b .hesiod
+%patch10 -p1 -b .manpage
+%patch11 -p1 -b .dynamic
+%patch12 -p1 -b .VU#834865
%build
# generate redhat config file
-#define(\`confMAPDEF', \`-DNEWDB -DNIS -DHESIOD -DMAP_REGEX')
cat > redhat.config.m4 << EOF
-define(\`confMAPDEF', \`-DNEWDB -DHESIOD -DMAP_REGEX')
+define(\`confMAPDEF', \`-DNEWDB -DNIS -DHESIOD -DMAP_REGEX')
define(\`confOPTIMIZE', \`${RPM_OPT_FLAGS}')
define(\`confENVDEF', \`-I/usr/include/db4 -I/usr/kerberos/include -Wall -DXDEBUG=0 -DTCPWRAPPERS -DNETINET6 -DHES_GETM
AILHOST -DUSE_VENDOR_CF_PATH=1 -D_FFR_WORKAROUND_BROKEN_NAMESERVERS -D_FFR_SMTP_SSL')
define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}')
@@ -285,8 +284,8 @@
cp smrsh/README $DOC/README.smrsh
cp libmilter/README $DOC/README.libmilter
cp cf/README $DOC/README.cf
-#cp %{SOURCE9} $DOC/README.redhat
-#cp %{SOURCE10} $DOC/makecert.sh
+cp %{SOURCE9} $DOC/README.redhat
+cp %{SOURCE10} $DOC/makecert.sh
# Install the cf files for the sendmail-cf package.
cp -ar cf/* $RPM_BUILD_ROOT/%{sendmailcf}
@@ -340,14 +339,6 @@
localhost RELAY
127.0.0.1 RELAY
-ClientRate:127.0.0.1 0
-ClientRate: 10
-
-ClientConn:127.0.0.1 0
-ClientConn: 10
-
-GreetPause:127.0.0.1 0
-
EOF
for map in virtusertable access domaintable mailertable ; do
touch $RPM_BUILD_ROOT/etc/mail/${map}
4.製作rpmrpmbuild -ba /usr/src/redhat/SPECS/sendmail-my.spec
等編譯完成後,確認沒有錯誤訊息的話,
就到/usr/src/redhat/RPMS/i386/底下試試自製的rpm,
同時在/usr/src/redhat/SRPMS/底下也會有修正過的source rpm檔,
下次拿此檔直接修改即可。
由於個人對於spec的詳細設定尚未研究透徹,
不知這樣是否會有後遺症或是不良影響,
園內高手眾多,望請略微指導一、二?
只不過,
自從上了新版sendmail之後,
系統的承載明顯降低許多,
擋掉許多以程式發信的spam,
未來就看何時它們又突破了再說。
