<<USE COURIER REGULAR 10 FONT IF YOU WOULD LIKE TO PRINT THIS DOCUMENT>>

Trend Micro, Inc                                     March 5, 2001

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             InterScan VirusWall version 3.6 for Solaris
                   Configuring Open Source Sendmail
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   	      (c) Copyright Trend Micro Inc., 1997-2001

        INDEX
        =================================================
        1. Introduction
        2. Compiling Sendmail with Mail Filtering Enabled
        3. Building the libmilter.so Shared Library
        4. Configure Sendmail to Route Messages to InterScan
        5. On the InterScan Side...
        =================================================

1. Introduction
==========================================================================
After installing the InterScan Sendmail Switch Edition program files, you
need to build the Milter API shared library (libmilter.so) and make some
configuration changes to sendmail for virus scanning to function properly.
This document describes the procedures to configure sendmail to use
InterScan Sendmail Switch Edition and instructions to build the Milter 
API shared library libmilter.so. The InterScan Sendmail Switch Edition
only works with open source sendmail 8.11.3 or later (Milter API v2.0 or
later). In order to work properly with the InterScan Sendmail Switch
Edition, sendmail needs to be compiled with special flags in order to 
include the static libmilter library module in the build.

Note: Trend Micro does not provide support for configuring sendmail. The
following material is provided to assist customers in building and
configuring sendmail with the Milter library. Any technical support issues
should be directed to sendmail.net.

2. Compiling Sendmail with Mail Filtering Enabled
=================================================
The sendmail Mail Filter API (Milter) is designed to allow third-party
programs access to mail messages as they are being processed in order
to filter meta-information and content.

To compile sendmail so that it is able to run a filter such as InterScan
Sendmail Switch Edition (i.e., ISVW's virus scanning service), you need to do
the following:

1) Go to the SRC_DIR/devtools/Site directory and then create a file named
   av.config.m4.

2) Choose either one of two macros below: 
    - If you are compiling the Sendmail version 8.11.x, add these 3 lines to the file              av.config.m4:

	dnl Milter
	APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_MILTER=1')
	APPENDDEF(`conf_libmilter_ENVDEF', `-D_FFR_MILTER=1')

    - If you are compiling the Sendmail version 8.12.x, add these 3 lines to the file                    av.config.m4:

        dnl Milter
	APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER=1')
	APPENDDEF(`conf_libmilter_ENVDEF', `-DMILTER=1')

3) Go to the SRC_DIR/sendmail directory and execute the following
   commands:

        ./Build -Q av

   You should now have the sendmail binary with the ability to run InterScan
   Sendmail Switch Edition as a Milter under the following directory:

        SRC_DIR/obj.av.[your_os_version]/sendmail


After successfully compiling the sendmail MTA with Milter enabled, the 
next step is to build the libmilter.so shared library.

3. Building the libmilter.so Shared Library
=============================================

1) Execute ./Build -Q av under the SRC_DIR/libmilter. This will generate
   Makefile, obj files and libmilter.a under the 
   SRC_DIR/obj.av.[your_os_version]/libmilter directory. 

2) Now go to SRC_DIR/obj.av.[your_os_version]/libmilter and run either one of two set of 
   following commands to generate libmilter.so:
   - If you are compiling the Sendmail version 8.11.x, do a and b:
        a. gcc -c main.c engine.c listener.c handler.c comm.c smfi.c signal.c sm_gethost.c -I. -I../../sendmail -I../../include -DSOLARIS=20700 -D_FFR_MILTER=1 -DXP_MT

        b. gcc -G -o libmilter.so main.o engine.o listener.o handler.o comm.o smfi.o signal.o sm_gethost.o ../libsmutil/libsmutil.a -lpthread

   - If you are compiling the Sendmail version 8.12.x, do c and d:
        c. gcc -c main.c engine.c listener.c handler.c comm.c smfi.c signal.c sm_gethost.c -I. -I../../sendmail -I../../include -DSOLARIS=20700 -DMILTER=1 -DXP_MT

        d. gcc -G -o libmilter.so main.o engine.o listener.o handler.o comm.o smfi.o signal.o sm_gethost.o ../libsmutil/libsmutil.a ../libsm/libsm.a -lpthread

----------------------------------------------
Note:
When using Solaris 2.6, -DSOLARIS=20600
When using Solaris 2.7, -DSOLARIS=20700
When using Solaris 2.8, -DSOLARIS=20800

The above script is not provided by open source sendmail. It’s for your
reference only. Users are responsible for making the necessary changes in
order to successfully build the libmilter.so library used by InterScan
Sendmail Switch Edition. 
----------------------------------------------

3) After building libmilter.so, copy it to the /usr/lib directory and
   change the permissions to "read/executable to all".

4. Configure Sendmail to Route Messages to InterScan
====================================================

For sendmail to pass messages to InterScan for virus scanning, you must
modify the sendmail.cf file using the m4 macro. Using the m4 macro is
the safest way to update the sendmail.cf file for mail filtering. After
configuring sendmail, you will need to restart sendmail for the changes
to take effect.

1) Go to the SRC_DIR/cf/cf directory and choose the appropriate .mc 
   file matching your OS and copy it to a new .mc file, for example
   av.mc, and choose either one of two macros below to add to this new av.mc file:
   
   - If you are compiling the Sendmail version 8.11.x, add two following entries:
     define(`_FFR_MILTER', `INPUT_MAIL_FILTER')
     INPUT_MAIL_FILTER(`ismilter', `S=inet:3333@localhost, F=T, T=S:2m;R:2m;E:5m')dnl

   - If you are compiling the Sendmail version 8.12.x, add two following entries:
     define(`MILTER', `INPUT_MAIL_FILTER')
     INPUT_MAIL_FILTER(`ismilter', `S=inet:3333@localhost, F=T, T=S:2m;R:2m;E:5m')dnl

2) Use m4 to generate the sendmail.cf file from this directory. For
   example:

   m4 ../m4/cf.m4 av.mc > /tmp/sendmail.cf

   The above command would create a new sendmail.cf file in the tmp
   directory.

If you have correctly updated the sendmail.cf file, you should now have
the following parameters in your sendmail.cf file. There may be small
differences depending on your configuration.

MAIL FILTER DEFINITIONS
#####
######################################################################
######################################################################

Xismilter, S=inet:3333@localhost, F=T, T=S:2m;R:2m;E:5m
# Input mail filters
O InputMailFilters=ismilter

# Milter options
O Milter.macros.connect=j, _, {daemon_name}, {if_name}, {if_addr}
O Milter.macros.helo={tls_version}, {cipher}, {cipher_bits}, 
{cert_subject}, {cert_issuer}
O Milter.macros.envfrom=i, {auth_type}, {auth_authen}, {auth_ssf}, 
{auth_author}, {mail_mailer}, {mail_host}, {mail_addr}
O Milter.macros.envrcpt={rcpt_mailer}, {rcpt_host}, {rcpt_addr}


5. On the InterScan Side...
===========================

By default, InterScan VirusWall Sendmail Edition will create the following
parameters in the [ismilter] section of the intscan.ini file:

svcport=inet:3333
logfile=/etc/iscan/log

The email scanning services will start automatically with the default
configuration after the installation. If you change the default values in the 
sendmail.cf file, you will need to modify the values in the intscan.ini 
file and restart the InterScan service.