a25e3add85
and enable the usage by sendmail if sendmail is enabled. Include and document knobs to disable this feature and also set the Common Name of the certificate created. As the certificate is signed w/ a discarded key, it only helps prevent Eve, but not Malory from knowing the contents of the emails. This means that new installs (and people that use the updated freebsd.mc file) will automaticly have STARTTLS enabled allowing incoming email to be encrypted in most cases. Reviewed by: gshapiro MFC after: 3 days Security: Yes, please.
299 lines
6.8 KiB
Groff
299 lines
6.8 KiB
Groff
.\" Copyright (c) 1995
|
|
.\" Jordan K. Hubbard
|
|
.\" Copyright (c) 2002 The FreeBSD Project
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd October 19, 2013
|
|
.Dt RC.SENDMAIL 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm rc.sendmail
|
|
.Nd
|
|
.Xr sendmail 8
|
|
startup script
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
script is used by
|
|
.Pa /etc/rc
|
|
at boot time to start
|
|
.Xr sendmail 8 .
|
|
It is meant to be
|
|
.Xr sendmail 8
|
|
specific and not a generic script for all MTAs.
|
|
It is only called by
|
|
.Pa /etc/rc
|
|
if the
|
|
.Xr rc.conf 5
|
|
.Va mta_start_script
|
|
variable is set to
|
|
.Pa /etc/rc.sendmail .
|
|
.Pp
|
|
The
|
|
.Nm
|
|
script can take an optional argument specifying the action to
|
|
perform.
|
|
The available actions are:
|
|
.Bl -tag -width ".Cm restart-mspq"
|
|
.It Cm start
|
|
Starts both the MTA and the MSP queue runner.
|
|
.It Cm stop
|
|
Stops both the MTA and the MSP queue runner.
|
|
.It Cm restart
|
|
Restarts both the MTA and the MSP queue runner.
|
|
.It Cm start-mta
|
|
Starts just the MTA.
|
|
.It Cm stop-mta
|
|
Stops just the MTA.
|
|
.It Cm restart-mta
|
|
Restarts just the MTA.
|
|
.It Cm start-mspq
|
|
Starts just the MSP queue runner.
|
|
.It Cm stop-mspq
|
|
Stops just the MSP queue runner.
|
|
.It Cm restart-mspq
|
|
Restarts just the MSP queue runner.
|
|
.El
|
|
.Pp
|
|
If no action is specified,
|
|
.Cm start
|
|
is assumed.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
script is also used by
|
|
.Pa /etc/mail/Makefile
|
|
to enable the
|
|
.Pa Makefile Ns 's
|
|
.Cm start , stop ,
|
|
and
|
|
.Cm restart
|
|
targets.
|
|
.Sh RC.CONF VARIABLES
|
|
The following variables affect the behavior of
|
|
.Nm .
|
|
They are defined in
|
|
.Pa /etc/defaults/rc.conf
|
|
and can be changed in
|
|
.Pa /etc/rc.conf .
|
|
.Bl -tag -width indent
|
|
.It Va sendmail_enable
|
|
.Pq Vt str
|
|
If set to
|
|
.Dq Li YES ,
|
|
run the
|
|
.Xr sendmail 8
|
|
daemon at system boot time.
|
|
If set to
|
|
.Dq Li NO ,
|
|
do not run a
|
|
.Xr sendmail 8
|
|
daemon to listen for incoming network mail.
|
|
This does not preclude a
|
|
.Xr sendmail 8
|
|
daemon listening on the SMTP port of the loopback interface.
|
|
The
|
|
.Dq Li NONE
|
|
option is deprecated and should not be used.
|
|
It will be removed in a future release.
|
|
.It Va sendmail_cert_create
|
|
.Pq Vt str
|
|
If
|
|
.Va sendmail_enable
|
|
is set to
|
|
.Dq Li YES ,
|
|
create a signed certificate
|
|
.Pa /etc/mail/certs/host.cert
|
|
representing
|
|
.Pa /etc/mail/certs/host.key
|
|
by the CA certificate in
|
|
.Pa /etc/mail/certs/cacert.pem .
|
|
This will enable connecting hosts to negotiate STARTTLS allowing incoming
|
|
email to be encrypted in transit.
|
|
.Xr sendmail 8
|
|
needs to be configured to use these generated files.
|
|
The default configuration in
|
|
.Pa /etc/mail/freebsd.mc
|
|
has the required options in it.
|
|
.It Va sendmail_cert_cn
|
|
.Pq Vt str
|
|
If
|
|
.Va sendmail_enable
|
|
is set to
|
|
.Dq Li YES
|
|
and
|
|
.Va sendmail_cert_create
|
|
is set to
|
|
.Dq Li YES ,
|
|
this is the Common Name (CN) of the certificate that will be created.
|
|
If
|
|
.Va sendmail_cert_cn
|
|
is not set, the system's hostname will be used.
|
|
If there is no hostname set,
|
|
.Dq Li amnesiac
|
|
will be used.
|
|
.It Va sendmail_flags
|
|
.Pq Vt str
|
|
If
|
|
.Va sendmail_enable
|
|
is set to
|
|
.Dq Li YES ,
|
|
these are the flags to pass to the
|
|
.Xr sendmail 8
|
|
daemon.
|
|
.It Va sendmail_submit_enable
|
|
.Pq Vt bool
|
|
If set to
|
|
.Dq Li YES
|
|
and
|
|
.Va sendmail_enable
|
|
is set to
|
|
.Dq Li NO ,
|
|
run
|
|
.Xr sendmail 8
|
|
using
|
|
.Va sendmail_submit_flags
|
|
instead of
|
|
.Va sendmail_flags .
|
|
This is intended to allow local mail submission via
|
|
a localhost-only listening SMTP service required for running
|
|
.Xr sendmail 8
|
|
as a non-set-user-ID binary.
|
|
Note that this does not work inside
|
|
.Xr jail 2
|
|
systems, as jails do not allow binding to just the localhost interface.
|
|
.It Va sendmail_submit_flags
|
|
.Pq Vt str
|
|
If
|
|
.Va sendmail_enable
|
|
is set to
|
|
.Dq Li NO
|
|
and
|
|
.Va sendmail_submit_enable
|
|
is set to
|
|
.Dq Li YES ,
|
|
these are the flags to pass to the
|
|
.Xr sendmail 8
|
|
daemon.
|
|
.It Va sendmail_outbound_enable
|
|
.Pq Vt bool
|
|
If set to
|
|
.Dq Li YES
|
|
and both
|
|
.Va sendmail_enable
|
|
and
|
|
.Va sendmail_submit_enable
|
|
are set to
|
|
.Dq Li NO ,
|
|
run
|
|
.Xr sendmail 8
|
|
using
|
|
.Va sendmail_outbound_flags
|
|
instead of
|
|
.Va sendmail_flags .
|
|
This is intended to allow local mail queue management
|
|
for systems that do not offer a listening SMTP service.
|
|
.It Va sendmail_outbound_flags
|
|
.Pq Vt str
|
|
If both
|
|
.Va sendmail_enable
|
|
and
|
|
.Va sendmail_submit_enable
|
|
are set to
|
|
.Dq Li NO
|
|
and
|
|
.Va sendmail_outbound_enable
|
|
is set to
|
|
.Dq Li YES ,
|
|
these are the flags to pass to the
|
|
.Xr sendmail 8
|
|
daemon.
|
|
.It Va sendmail_msp_queue_enable
|
|
.Pq Vt bool
|
|
If set to
|
|
.Dq Li YES ,
|
|
start a client (MSP) queue runner
|
|
.Xr sendmail 8
|
|
daemon at system boot time.
|
|
As of sendmail 8.12, a separate queue is used for command line
|
|
submissions.
|
|
The client queue runner ensures that nothing is
|
|
left behind in the submission queue.
|
|
.It Va sendmail_msp_queue_flags
|
|
.Pq Vt str
|
|
If
|
|
.Va sendmail_msp_queue_enable
|
|
is set to
|
|
.Dq Li YES ,
|
|
these are the flags to pass to the
|
|
.Xr sendmail 8
|
|
daemon.
|
|
.El
|
|
.Pp
|
|
These variables are used to determine how the
|
|
.Xr sendmail 8
|
|
daemons are started:
|
|
.Bd -literal -offset indent
|
|
# MTA
|
|
if (${sendmail_enable} == NONE)
|
|
# Do nothing
|
|
else if (${sendmail_enable} == YES)
|
|
start sendmail with ${sendmail_flags}
|
|
else if (${sendmail_submit_enable} == YES)
|
|
start sendmail with ${sendmail_submit_flags}
|
|
else if (${sendmail_outbound_enable} == YES)
|
|
start sendmail with ${sendmail_outbound_flags}
|
|
endif
|
|
|
|
# MSP Queue Runner
|
|
if (${sendmail_enable} != NONE &&
|
|
[ -r /etc/mail/submit.cf] &&
|
|
${sendmail_msp_queue_enable} == YES)
|
|
start sendmail with ${sendmail_msp_queue_flags}
|
|
endif
|
|
.Ed
|
|
.Pp
|
|
To completely prevent any
|
|
.Xr sendmail 8
|
|
daemons from starting, you must
|
|
set the following variables in
|
|
.Pa /etc/rc.conf :
|
|
.Bd -literal -offset indent
|
|
sendmail_enable="NO"
|
|
sendmail_submit_enable="NO"
|
|
sendmail_outbound_enable="NO"
|
|
sendmail_msp_queue_enable="NO"
|
|
.Ed
|
|
.Sh SEE ALSO
|
|
.Xr rc.conf 5 ,
|
|
.Xr rc 8 ,
|
|
.Xr sendmail 8
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
file appeared in
|
|
.Fx 4.6 .
|