1999-08-27 23:37:10 +00:00
|
|
|
# $FreeBSD$
|
1998-09-02 01:34:57 +00:00
|
|
|
|
2002-02-17 22:14:29 +00:00
|
|
|
Sendmail Processes
|
|
|
|
|
|
|
|
|
|
As of sendmail 8.12, in order to improve security, the sendmail binary no
|
|
|
|
|
longer needs to be set-user-ID root. Instead, a set-group-ID binary
|
|
|
|
|
accepts command line mail and relays it to a full mail transfer agent via
|
2002-05-08 05:17:46 +00:00
|
|
|
SMTP. A group writable client mail queue (/var/spool/clientmqueue/ by
|
2002-02-17 22:14:29 +00:00
|
|
|
default) holds the mail if an MTA can not be contacted.
|
|
|
|
|
|
|
|
|
|
To accomplish this, under the default setup, an MTA must be listening on
|
2002-03-21 06:09:20 +00:00
|
|
|
localhost port 25. If the rc.conf sendmail_enable option is set to "NO",
|
2002-02-17 22:14:29 +00:00
|
|
|
a sendmail daemon will still be started and bound only to the localhost
|
2002-05-22 16:37:32 +00:00
|
|
|
interface in order to accept command line submitted mail (note that this
|
|
|
|
|
does not work inside jail(2) systems as jails do not allow binding to
|
|
|
|
|
just the localhost interface). If this is not a desirable solution, it
|
|
|
|
|
can be disabled using the sendmail_submit_enable rc.conf option. However,
|
|
|
|
|
if both sendmail_enable and sendmail_submit_enable are set to "NO", you
|
|
|
|
|
must do one of two things for command line submitted mail:
|
2002-02-17 22:14:29 +00:00
|
|
|
|
2002-04-14 19:24:28 +00:00
|
|
|
1. Designate an alternative host for the submission agent to contact
|
|
|
|
|
by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
|
|
|
|
|
in /etc/make.conf to an alternate .mc file) and using
|
|
|
|
|
'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line
|
|
|
|
|
to FEATURE(msp, hostname) where hostname is the fully qualified hostname
|
|
|
|
|
of the alternative host.
|
2002-02-17 22:14:29 +00:00
|
|
|
|
|
|
|
|
Or:
|
|
|
|
|
|
|
|
|
|
2. Return to using a set-user-ID root sendmail binary by changing the
|
|
|
|
|
ownership and permissions on the sendmail binary and removing the
|
2002-02-27 14:43:55 +00:00
|
|
|
/etc/mail/submit.cf file:
|
2002-02-17 22:14:29 +00:00
|
|
|
chown root /usr/libexec/sendmail/sendmail
|
|
|
|
|
chmod 4755 /usr/libexec/sendmail/sendmail
|
|
|
|
|
rm /etc/mail/submit.cf
|
|
|
|
|
If you install from source, set the SENDMAIL_SET_USER_ID flag in
|
|
|
|
|
/etc/make.conf.
|
|
|
|
|
|
|
|
|
|
Also, as of 8.12, a new queue-running daemon is started to make sure mail
|
2002-02-27 14:43:55 +00:00
|
|
|
doesn't remain in the client mail queue. By default, it simply runs the
|
|
|
|
|
client mail queue every 30 minutes. Its behavior can be adjusted by setting
|
|
|
|
|
the sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options.
|
2002-02-17 22:14:29 +00:00
|
|
|
|
|
|
|
|
|
1998-02-25 22:06:34 +00:00
|
|
|
Filtering out SPAM from your site
|
1999-05-11 03:29:04 +00:00
|
|
|
|
2000-11-04 03:49:13 +00:00
|
|
|
Sendmail now includes excellent tools to block spam. These tools are
|
2000-10-10 18:08:19 +00:00
|
|
|
available as FEATUREs that you can add to your site's .mc file. Proper use
|
|
|
|
|
of these FEATUREs will prevent spammer from using your site as a relay as
|
|
|
|
|
well as significantly decrease the amount of spam that arrives at your
|
|
|
|
|
site. No set of anti-spam tools will block all spam without blocking some
|
|
|
|
|
portion of legitimate mail as well. Therefore, these FEATUREs are designed
|
|
|
|
|
to prevent as much spam as possible without blocking legitimate mail.
|
|
|
|
|
|
|
|
|
|
These tools are discussed in /usr/share/sendmail/cf/README. Read the
|
|
|
|
|
section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and
|
|
|
|
|
additional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc.
|
1997-10-19 16:40:10 +00:00
|
|
|
|
