19b7a44a6SPeter Wemm# $FreeBSD$ 2a19eda1fSBrian Somers 35cd5c25eSGregory Neil Shapiro Sendmail Processes 45cd5c25eSGregory Neil Shapiro 55cd5c25eSGregory Neil ShapiroAs of sendmail 8.12, in order to improve security, the sendmail binary no 65cd5c25eSGregory Neil Shapirolonger needs to be set-user-ID root. Instead, a set-group-ID binary 75cd5c25eSGregory Neil Shapiroaccepts command line mail and relays it to a full mail transfer agent via 85cd5c25eSGregory Neil ShapiroSMTP. A group writable client mail queue (/var/spool/client-mqueue/ by 95cd5c25eSGregory Neil Shapirodefault) holds the mail if an MTA can not be contacted. 105cd5c25eSGregory Neil Shapiro 115cd5c25eSGregory Neil ShapiroTo accomplish this, under the default setup, an MTA must be listening on 12aaf24e10SGregory Neil Shapirolocalhost port 25. If the rc.conf sendmail_enable option is set to "NO", 135cd5c25eSGregory Neil Shapiroa sendmail daemon will still be started and bound only to the localhost 145cd5c25eSGregory Neil Shapirointerface in order to accept command line submitted mail. If this is not 155cd5c25eSGregory Neil Shapiroa desirable solution, it can be disabled using the sendmail_submit_enable 165cd5c25eSGregory Neil Shapirorc.conf option. However, if both sendmail_enable and sendmail_submit_enable 17aaf24e10SGregory Neil Shapiroare set to "NO", you must do one of two things for command line submitted 185cd5c25eSGregory Neil Shapiromail: 195cd5c25eSGregory Neil Shapiro 205cd5c25eSGregory Neil Shapiro1. Designate an alternative MTA for the submission agent to contact 215cd5c25eSGregory Neil Shapiro by altering /etc/mail/submit.mc and using 'make submit.cf' in 225cd5c25eSGregory Neil Shapiro /etc/mail/. Change the FEATURE(msp) line to FEATURE(msp, hostname) 235cd5c25eSGregory Neil Shapiro where hostname is the fully qualified hostname of the alternative MTA. 245cd5c25eSGregory Neil Shapiro 255cd5c25eSGregory Neil ShapiroOr: 265cd5c25eSGregory Neil Shapiro 275cd5c25eSGregory Neil Shapiro2. Return to using a set-user-ID root sendmail binary by changing the 285cd5c25eSGregory Neil Shapiro ownership and permissions on the sendmail binary and removing the 2932564f75SRuslan Ermilov /etc/mail/submit.cf file: 305cd5c25eSGregory Neil Shapiro chown root /usr/libexec/sendmail/sendmail 315cd5c25eSGregory Neil Shapiro chmod 4755 /usr/libexec/sendmail/sendmail 325cd5c25eSGregory Neil Shapiro rm /etc/mail/submit.cf 335cd5c25eSGregory Neil Shapiro If you install from source, set the SENDMAIL_SET_USER_ID flag in 345cd5c25eSGregory Neil Shapiro /etc/make.conf. 355cd5c25eSGregory Neil Shapiro 365cd5c25eSGregory Neil ShapiroAlso, as of 8.12, a new queue-running daemon is started to make sure mail 3732564f75SRuslan Ermilovdoesn't remain in the client mail queue. By default, it simply runs the 3832564f75SRuslan Ermilovclient mail queue every 30 minutes. Its behavior can be adjusted by setting 395cd5c25eSGregory Neil Shapirothe sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. 405cd5c25eSGregory Neil Shapiro 415cd5c25eSGregory Neil Shapiro 42c38876e3SJonathan M. Bresler Filtering out SPAM from your site 43c38876e3SJonathan M. Bresler 44e3f84e3eSGregory Neil ShapiroSendmail now includes excellent tools to block spam. These tools are 4531923af7SGregory Neil Shapiroavailable as FEATUREs that you can add to your site's .mc file. Proper use 4631923af7SGregory Neil Shapiroof these FEATUREs will prevent spammer from using your site as a relay as 4731923af7SGregory Neil Shapirowell as significantly decrease the amount of spam that arrives at your 4831923af7SGregory Neil Shapirosite. No set of anti-spam tools will block all spam without blocking some 4931923af7SGregory Neil Shapiroportion of legitimate mail as well. Therefore, these FEATUREs are designed 5031923af7SGregory Neil Shapiroto prevent as much spam as possible without blocking legitimate mail. 5131923af7SGregory Neil Shapiro 5231923af7SGregory Neil ShapiroThese tools are discussed in /usr/share/sendmail/cf/README. Read the 5331923af7SGregory Neil Shapirosection entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and 5431923af7SGregory Neil Shapiroadditional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc. 55c38876e3SJonathan M. Bresler 56