1# $FreeBSD$ 2 3 Sendmail Processes 4 5As of sendmail 8.12, in order to improve security, the sendmail binary no 6longer needs to be set-user-ID root. Instead, a set-group-ID binary 7accepts command line mail and relays it to a full mail transfer agent via 8SMTP. A group writable client mail queue (/var/spool/clientmqueue/ by 9default) holds the mail if an MTA can not be contacted. 10 11To accomplish this, under the default setup, an MTA must be listening on 12localhost port 25. If the rc.conf sendmail_enable option is set to "NO", 13a sendmail daemon will still be started and bound only to the localhost 14interface in order to accept command line submitted mail (note that this 15does not work inside jail(2) systems as jails do not allow binding to 16just the localhost interface). If this is not a desirable solution, it 17can be disabled using the sendmail_submit_enable rc.conf option. However, 18if both sendmail_enable and sendmail_submit_enable are set to "NO", you 19must do one of two things for command line submitted mail: 20 211. Designate an alternative host for the submission agent to contact 22 by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC 23 in /etc/make.conf to an alternate .mc file) and using 24 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line 25 to FEATURE(msp, hostname) where hostname is the fully qualified hostname 26 of the alternative host. 27 28Or: 29 302. Return to using a set-user-ID root sendmail binary by changing the 31 ownership and permissions on the sendmail binary and removing the 32 /etc/mail/submit.cf file: 33 chown root /usr/libexec/sendmail/sendmail 34 chmod 4755 /usr/libexec/sendmail/sendmail 35 rm /etc/mail/submit.cf 36 If you install from source, set the SENDMAIL_SET_USER_ID flag in 37 /etc/make.conf. 38 39Also, as of 8.12, a new queue-running daemon is started to make sure mail 40doesn't remain in the client mail queue. By default, it simply runs the 41client mail queue every 30 minutes. Its behavior can be adjusted by setting 42the sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. 43 44 45 Filtering out SPAM from your site 46 47Sendmail now includes excellent tools to block spam. These tools are 48available as FEATUREs that you can add to your site's .mc file. Proper use 49of these FEATUREs will prevent spammer from using your site as a relay as 50well as significantly decrease the amount of spam that arrives at your 51site. No set of anti-spam tools will block all spam without blocking some 52portion of legitimate mail as well. Therefore, these FEATUREs are designed 53to prevent as much spam as possible without blocking legitimate mail. 54 55These tools are discussed in /usr/share/sendmail/cf/README. Read the 56section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and 57additional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc. 58 59