1*545f1377SJohn Marino# $FreeBSD: src/etc/mail/README,v 1.8.2.6 2002/05/22 17:01:32 gshapiro Exp $ 2*545f1377SJohn Marino 3*545f1377SJohn Marino Sendmail Processes 4*545f1377SJohn Marino 5*545f1377SJohn MarinoAs of sendmail 8.12, in order to improve security, the sendmail binary no 6*545f1377SJohn Marinolonger needs to be set-user-ID root. Instead, a set-group-ID binary 7*545f1377SJohn Marinoaccepts command line mail and relays it to a full mail transfer agent via 8*545f1377SJohn MarinoSMTP. A group writable client mail queue (/var/spool/clientmqueue/ by 9*545f1377SJohn Marinodefault) holds the mail if an MTA can not be contacted. 10*545f1377SJohn Marino 11*545f1377SJohn MarinoTo accomplish this, under the default setup, an MTA must be listening on 12*545f1377SJohn Marinolocalhost port 25. If the rc.conf sendmail_enable option is set to "NO", 13*545f1377SJohn Marinoa sendmail daemon will still be started and bound only to the localhost 14*545f1377SJohn Marinointerface in order to accept command line submitted mail (note that this 15*545f1377SJohn Marinodoes not work inside jail(2) systems as jails do not allow binding to 16*545f1377SJohn Marinojust the localhost interface). If this is not a desirable solution, it 17*545f1377SJohn Marinocan be disabled using the sendmail_submit_enable rc.conf option. However, 18*545f1377SJohn Marinoif both sendmail_enable and sendmail_submit_enable are set to "NO", you 19*545f1377SJohn Marinomust do the following for command line submitted mail: 20*545f1377SJohn Marino 21*545f1377SJohn Marino Designate an alternative host for the submission agent to contact 22*545f1377SJohn Marino by creating /etc/mail/<hostname>.submit.mc or using an alternate .mc 23*545f1377SJohn Marino file and setting SENDMAIL_SUBMIT_MC in /etc/make.conf. Do not edit 24*545f1377SJohn Marino dragonfly.submit.mc directly as it will be overwritten eventually, but 25*545f1377SJohn Marino it certainly can be copied to be used as a template. 26*545f1377SJohn Marino 27*545f1377SJohn Marino Type 'make install-submit-cf' in /etc/mail/ to generate the submit.cf 28*545f1377SJohn Marino file. Change the FEATURE(msp) line to FEATURE(msp, hostname) where 29*545f1377SJohn Marino hostname is the fully qualified hostname of the alternative host. 30*545f1377SJohn Marino 31*545f1377SJohn MarinoAlso, as of 8.12, a new queue-running daemon is started to make sure mail 32*545f1377SJohn Marinodoesn't remain in the client mail queue. By default, it simply runs the 33*545f1377SJohn Marinoclient mail queue every 30 minutes. Its behavior can be adjusted by setting 34*545f1377SJohn Marinothe sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. 35*545f1377SJohn Marino 36*545f1377SJohn Marino 37*545f1377SJohn Marino Filtering out SPAM from your site 38*545f1377SJohn Marino 39*545f1377SJohn MarinoSendmail now includes excellent tools to block spam. These tools are 40*545f1377SJohn Marinoavailable as FEATUREs that you can add to your site's .mc file. Proper use 41*545f1377SJohn Marinoof these FEATUREs will prevent spammer from using your site as a relay as 42*545f1377SJohn Marinowell as significantly decrease the amount of spam that arrives at your 43*545f1377SJohn Marinosite. No set of anti-spam tools will block all spam without blocking some 44*545f1377SJohn Marinoportion of legitimate mail as well. Therefore, these FEATUREs are designed 45*545f1377SJohn Marinoto prevent as much spam as possible without blocking legitimate mail. 46*545f1377SJohn Marino 47*545f1377SJohn MarinoThese tools are discussed in /usr/local/share/sendmail/cf/README. Read the 48*545f1377SJohn Marinosection entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and 49*545f1377SJohn Marinoadditional tools can be found in /usr/local/share/sendmail/cf/cf/knecht.mc. 50