Configuring IP Blocking (External Sendmail Version)

PureMessage IP blocking can be configured for an external version of sendmail. To enable IP blocking, you must add an m4 file to your sendmail installation. The required file, sockmap.m4, is included in the version of sendmail that is bundled with PureMessage. You must temporarily install PureMessage sendmail, and then copy the sockmap.m4 file to your existing sendmail installation. Follow the steps in the order they are described below.

Note
As external/third party versions of sendmail are not quality-assured for integration with PureMessage, Sophos reserves the right not to provide support for an issue that appears to be related to any such custom configuration, and may recommend that you install the version of sendmail bundled with PureMessage to further a resolution.
  1. Check Sendmail Compilation: You must ensure that your version of sendmail has been compiled with the SOCKETMAP option. To check if SOCKETMAP was included, as the root user run:
    sendmail -d0.1 -bt < /dev/null

    If SOCKETMAP is included, it will be displayed among the list of compile options. If, however, SOCKETMAP is not there, you will need to recompile sendmail to enable SOCKETMAP support. Before you rebuild sendmail, add the following line to the /devtools/Site/site.config.m4 file:

    APPENDEF('confMAPDEF', '-DSOCKETMAP')
  2. Install PureMessage sendmail
    1. At the command line, as the root user, run:
      pmx-setup
      The PureMessage installer is launched.
    2. Select Install Additional Components, and press Enter .
    3. Under Select additional roles that should be installed, select Mail Transfer Agent.
    4. Select Install these roles, and press Enter .
    5. Select Sendmail, and then select Next Question. Ignore the sendmail configuration prompts, and continue selecting Next Question until sendmail has been installed.
    6. Select Back to main menu.
    7. Select Exit the installer.
  3. Copy the m4 file to your existing sendmail installation
    1. Copy /opt/pmx6/sendmail/cf/feature/sockmap.m4 from the version of PureMessage sendmail that you have just installed to the corresponding directory in your pre-existing sendmail installation.
    2. Add the following line to $PREFIX/sendmail/etc/mail/sendmail.mc.
      FEATURE(`sockmap',`inet:4466@localhost',,)

      If PureMessage is running on a different host, replace localhost with the hostname of the machine on which PureMessage is installed. This hostname must match the one that is specified in /opt/etc/pmx.d/blocklist.conf on the server that is running the IP Blocker service.

  4. Uninstall PureMessage sendmail
    1. Select Uninstall PureMessage Components.
    2. Select PureMessage Sendmail, and then select Uninstall these components.
    3. If prompted to stop PureMessage, select Yes.
    4. Click Yes to confirm the removal. When removal is complete, select OK.
    5. Exit the installer.
  5. Update the configuration cache by running pmx-config --validate-cache.
  6. Start the PureMessage IP Blocker service by running pmx-blocker start.
  7. Recompile sendmail with the following command:
    m4 sendmail.mc > /etc/sendmail.cf
  8. Restart sendmail.
  9. At the command line, as the "pmx6" user, run pmx start to restart PureMessage.
Note
By default, if sendmail is unable to contact PureMessage's IP Blocker service, the message is passed through. To change this behavior so that messages are tempfailed instead, see the comments in the sockmap.m4 file.