1a19eda1fSBrian Somers 25cd5c25eSGregory Neil Shapiro Sendmail Processes 35cd5c25eSGregory Neil Shapiro 45cd5c25eSGregory Neil ShapiroAs of sendmail 8.12, in order to improve security, the sendmail binary no 55cd5c25eSGregory Neil Shapirolonger needs to be set-user-ID root. Instead, a set-group-ID binary 65cd5c25eSGregory Neil Shapiroaccepts command line mail and relays it to a full mail transfer agent via 78b637659SGregory Neil ShapiroSMTP. A group writable client mail queue (/var/spool/clientmqueue/ by 85cd5c25eSGregory Neil Shapirodefault) holds the mail if an MTA can not be contacted. 95cd5c25eSGregory Neil Shapiro 105cd5c25eSGregory Neil ShapiroTo accomplish this, under the default setup, an MTA must be listening on 11aaf24e10SGregory Neil Shapirolocalhost port 25. If the rc.conf sendmail_enable option is set to "NO", 125cd5c25eSGregory Neil Shapiroa sendmail daemon will still be started and bound only to the localhost 13b9888709SGregory Neil Shapirointerface in order to accept command line submitted mail (note that this 14b9888709SGregory Neil Shapirodoes not work inside jail(2) systems as jails do not allow binding to 15b9888709SGregory Neil Shapirojust the localhost interface). If this is not a desirable solution, it 16b9888709SGregory Neil Shapirocan be disabled using the sendmail_submit_enable rc.conf option. However, 17b9888709SGregory Neil Shapiroif both sendmail_enable and sendmail_submit_enable are set to "NO", you 18b9888709SGregory Neil Shapiromust do one of two things for command line submitted mail: 195cd5c25eSGregory Neil Shapiro 2084481e5eSGregory Neil Shapiro1. Designate an alternative host for the submission agent to contact 2184481e5eSGregory Neil Shapiro by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC 2284481e5eSGregory Neil Shapiro in /etc/make.conf to an alternate .mc file) and using 2384481e5eSGregory Neil Shapiro 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line 2484481e5eSGregory Neil Shapiro to FEATURE(msp, hostname) where hostname is the fully qualified hostname 2584481e5eSGregory Neil Shapiro of the alternative host. 265cd5c25eSGregory Neil Shapiro 275cd5c25eSGregory Neil ShapiroOr: 285cd5c25eSGregory Neil Shapiro 295cd5c25eSGregory Neil Shapiro2. Return to using a set-user-ID root sendmail binary by changing the 305cd5c25eSGregory Neil Shapiro ownership and permissions on the sendmail binary and removing the 3132564f75SRuslan Ermilov /etc/mail/submit.cf file: 325cd5c25eSGregory Neil Shapiro chown root /usr/libexec/sendmail/sendmail 335cd5c25eSGregory Neil Shapiro chmod 4755 /usr/libexec/sendmail/sendmail 345cd5c25eSGregory Neil Shapiro rm /etc/mail/submit.cf 355cd5c25eSGregory Neil Shapiro If you install from source, set the SENDMAIL_SET_USER_ID flag in 365cd5c25eSGregory Neil Shapiro /etc/make.conf. 375cd5c25eSGregory Neil Shapiro 385cd5c25eSGregory Neil ShapiroAlso, as of 8.12, a new queue-running daemon is started to make sure mail 3932564f75SRuslan Ermilovdoesn't remain in the client mail queue. By default, it simply runs the 4032564f75SRuslan Ermilovclient mail queue every 30 minutes. Its behavior can be adjusted by setting 415cd5c25eSGregory Neil Shapirothe sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. 425cd5c25eSGregory Neil Shapiro 435cd5c25eSGregory Neil Shapiro 44c38876e3SJonathan M. Bresler Filtering out SPAM from your site 45c38876e3SJonathan M. Bresler 46e3f84e3eSGregory Neil ShapiroSendmail now includes excellent tools to block spam. These tools are 4731923af7SGregory Neil Shapiroavailable as FEATUREs that you can add to your site's .mc file. Proper use 4831923af7SGregory Neil Shapiroof these FEATUREs will prevent spammer from using your site as a relay as 4931923af7SGregory Neil Shapirowell as significantly decrease the amount of spam that arrives at your 5031923af7SGregory Neil Shapirosite. No set of anti-spam tools will block all spam without blocking some 5131923af7SGregory Neil Shapiroportion of legitimate mail as well. Therefore, these FEATUREs are designed 5231923af7SGregory Neil Shapiroto prevent as much spam as possible without blocking legitimate mail. 5331923af7SGregory Neil Shapiro 5431923af7SGregory Neil ShapiroThese tools are discussed in /usr/share/sendmail/cf/README. Read the 5531923af7SGregory Neil Shapirosection entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and 5631923af7SGregory Neil Shapiroadditional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc. 57c38876e3SJonathan M. Bresler 58