README revision 94678
150472Speter# $FreeBSD: head/etc/mail/README 94678 2002-04-14 19:24:28Z gshapiro $ 238738Sbrian 390807Sgshapiro Sendmail Processes 490807Sgshapiro 590807SgshapiroAs of sendmail 8.12, in order to improve security, the sendmail binary no 690807Sgshapirolonger needs to be set-user-ID root. Instead, a set-group-ID binary 790807Sgshapiroaccepts command line mail and relays it to a full mail transfer agent via 890807SgshapiroSMTP. A group writable client mail queue (/var/spool/client-mqueue/ by 990807Sgshapirodefault) holds the mail if an MTA can not be contacted. 1090807Sgshapiro 1190807SgshapiroTo accomplish this, under the default setup, an MTA must be listening on 1292857Sgshapirolocalhost port 25. If the rc.conf sendmail_enable option is set to "NO", 1390807Sgshapiroa sendmail daemon will still be started and bound only to the localhost 1490807Sgshapirointerface in order to accept command line submitted mail. If this is not 1590807Sgshapiroa desirable solution, it can be disabled using the sendmail_submit_enable 1690807Sgshapirorc.conf option. However, if both sendmail_enable and sendmail_submit_enable 1792857Sgshapiroare set to "NO", you must do one of two things for command line submitted 1890807Sgshapiromail: 1990807Sgshapiro 2094678Sgshapiro1. Designate an alternative host for the submission agent to contact 2194678Sgshapiro by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC 2294678Sgshapiro in /etc/make.conf to an alternate .mc file) and using 2394678Sgshapiro 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line 2494678Sgshapiro to FEATURE(msp, hostname) where hostname is the fully qualified hostname 2594678Sgshapiro of the alternative host. 2690807Sgshapiro 2790807SgshapiroOr: 2890807Sgshapiro 2990807Sgshapiro2. Return to using a set-user-ID root sendmail binary by changing the 3090807Sgshapiro ownership and permissions on the sendmail binary and removing the 3191379Sru /etc/mail/submit.cf file: 3290807Sgshapiro chown root /usr/libexec/sendmail/sendmail 3390807Sgshapiro chmod 4755 /usr/libexec/sendmail/sendmail 3490807Sgshapiro rm /etc/mail/submit.cf 3590807Sgshapiro If you install from source, set the SENDMAIL_SET_USER_ID flag in 3690807Sgshapiro /etc/make.conf. 3790807Sgshapiro 3890807SgshapiroAlso, as of 8.12, a new queue-running daemon is started to make sure mail 3991379Srudoesn't remain in the client mail queue. By default, it simply runs the 4091379Sruclient mail queue every 30 minutes. Its behavior can be adjusted by setting 4191379Sruthe sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. 4290807Sgshapiro 4390807Sgshapiro 4433835Sjmb Filtering out SPAM from your site 4530581Sjmb 4668297SgshapiroSendmail now includes excellent tools to block spam. These tools are 4766940Sgshapiroavailable as FEATUREs that you can add to your site's .mc file. Proper use 4866940Sgshapiroof these FEATUREs will prevent spammer from using your site as a relay as 4966940Sgshapirowell as significantly decrease the amount of spam that arrives at your 5066940Sgshapirosite. No set of anti-spam tools will block all spam without blocking some 5166940Sgshapiroportion of legitimate mail as well. Therefore, these FEATUREs are designed 5266940Sgshapiroto prevent as much spam as possible without blocking legitimate mail. 5330581Sjmb 5466940SgshapiroThese tools are discussed in /usr/share/sendmail/cf/README. Read the 5566940Sgshapirosection entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and 5666940Sgshapiroadditional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc. 5766940Sgshapiro 58