Configuring Anti-Spam in AIX 4.3.3


About this document
    Related documentation
Update the sendmail daemon with the new configuration
Other troubleshooting information

About this document

This document describes how to configure sendmail anti-relay.

The information in this document applies to AIX Version 4.3.3 and sendmail 8.9.3.

Related documentation

The product documentation library is also available at the following URL:


  1. Ensure that the fileset is installed on your system. If it is not, install it using SMIT. Check that the fileset is installed:
    	lslpp -l
  2. AIX 4.3.3 ships the necessary tools and macros to generate custom sendmail configuration files. Once the fileset is loaded, you can find the tools in /usr/samples/tcpip/sendmail/cf. Enter:
    	cd /usr/samples/tcpip/sendmail/cf
  3. The file is under this directory and contains the features that allow for sendmail customization. The one that allowed for open relay is FEATURE(promiscuous_relay)dnl. A typing error also exists in this file that you must change. Before making changes, rename the file so that you do not write over the original. Enter:
  4. The original file looks like the example below, except for the comments. Use the comments as a guide in editing the new file. Using your favorite editor, open the file:

    NOTE: The .mc file can be edited for whatever FEATURES are needed for your new

    These features are documented at

    Below is an example of a minimum .mc file:

    OSTYPE(aix43)dnl                                                             --->typing error 'aix43' changed                                                                                                                to read 'aix433'
    FEATURE(genericstable)dnl                                           --->remove line if not needed
    FEATURE(mailertable)dnl                                                --->remove line if not needed
    FEATURE(virtusertable)dnl                                           --->remove line if not needed
    FEATURE(domaintable)dnl                                                --->remove line if not needed
    FEATURE(promiscuous_relay)dnl                                     --->remove line to stop                                                                                                                  unauthorized relay
    FEATURE(accept_unresolvable_domains)dnl                  --->remove this line to enhance                                                                                                                   security
    FEATURE(accept_unqualified_senders)dnl                     --->remove this line to enhance                                                                                                                    security
    MAILER(uucp) NOTE: If a line is not desired, it must be removed. Commenting them out does not work. The entry that is responsible for the relay is FEATURE(promiscuous_relay)dnl.

  5. Here is a basic example that will deny unauthorized relay:

    OSTYPE(aix433)dnl                                             --->note the edit to 'aix433'

  6. Rebuild the new file using the new options. You must be under the /usr/samples/tcpip/sendmail/cf directory, otherwise, it will not work. Enter:

    	m4 ../m4/cf.m4 >
  7. Now you should have a new file under the /usr/samples/tcpip/sendmail/cf directory. Rename your old and replace it with the new one. Enter:

    	mv /etc/ /etc/
    	mv /etc/
  8. You must make at least one change to the new Comment out the Fw-o /etc/ or create the /etc/ entry. Also note the line in the new that points to the file where you specify the hosts or domains you want to allow to relay. Using your favorite editor, open the following file:


    Search for the following section and comment out the line as indicated below.

          # file containing names of hosts for which we receive email
          #Fw-o /etc/

    NOTE: This is the entry for the file that will allow hosts to relay. No need to make any changes here.

    	#Hosts that will permit relaying ($=R)
    	FR-o /etc/mail/relay-domains
  9. Now you must add the domains for which your server will allow relay. Using your favorite editor, edit the following file:

    NOTE: You may have to create the /etc/mail directory. Below are some sample entries.


Update the sendmail daemon with the new configuration

Finally, you must refresh the sendmail daemon to put the new configuration into effect. Enter:

	refresh -s sendmail
NOTE: If sendmail is not running, you need to check to see if it is active. Use the following command to complete this step.
	lssrc -s sendmail
If sendmail is active, you will see information similar to the following:
	Subsystem	Group	  PID    Status
	sendmail	mail	  5424   active
If it is not active, start it up by issuing the following command:
	startsrc -s sendmail -a "-bd -q30m"

Other troubleshooting information

This section explains what to do if sendmail fails to operate.

Using startsrc to start sendmail will hide error messages from you. To gain a hint as to why sendmail is failing to run, try starting sendmail like so:

        sendmail -bd -q30m

Any error messages will be displayed to the console as sendmail is started.

[ Doc Ref: 95626186213426     Publish Date: Dec. 15, 2000     4FAX Ref: 8761 ]