150472Speter# $FreeBSD$
238738Sbrian
390807Sgshapiro		Sendmail Processes
490807Sgshapiro
590807SgshapiroAs of sendmail 8.12, in order to improve security, the sendmail binary no
690807Sgshapirolonger needs to be set-user-ID root.  Instead, a set-group-ID binary
790807Sgshapiroaccepts command line mail and relays it to a full mail transfer agent via
896210SgshapiroSMTP.  A group writable client mail queue (/var/spool/clientmqueue/ by
990807Sgshapirodefault) holds the mail if an MTA can not be contacted.
1090807Sgshapiro
1190807SgshapiroTo accomplish this, under the default setup, an MTA must be listening on
1292857Sgshapirolocalhost port 25.  If the rc.conf sendmail_enable option is set to "NO",
1390807Sgshapiroa sendmail daemon will still be started and bound only to the localhost
1497131Sgshapirointerface in order to accept command line submitted mail (note that this
1597131Sgshapirodoes not work inside jail(2) systems as jails do not allow binding to
1697131Sgshapirojust the localhost interface).  If this is not a desirable solution, it
1797131Sgshapirocan be disabled using the sendmail_submit_enable rc.conf option.  However,
1897131Sgshapiroif both sendmail_enable and sendmail_submit_enable are set to "NO", you
1997131Sgshapiromust do one of two things for command line submitted mail:
2090807Sgshapiro
2194678Sgshapiro1. Designate an alternative host for the submission agent to contact
2294678Sgshapiro   by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
2394678Sgshapiro   in /etc/make.conf to an alternate .mc file) and using
2494678Sgshapiro   'make install-submit-cf' in /etc/mail/.  Change the FEATURE(msp) line
2594678Sgshapiro   to FEATURE(msp, hostname) where hostname is the fully qualified hostname
2694678Sgshapiro   of the alternative host.
2790807Sgshapiro
2890807SgshapiroOr:
2990807Sgshapiro
3090807Sgshapiro2. Return to using a set-user-ID root sendmail binary by changing the
3190807Sgshapiro   ownership and permissions on the sendmail binary and removing the
3291379Sru   /etc/mail/submit.cf file:
3390807Sgshapiro	chown root /usr/libexec/sendmail/sendmail
3490807Sgshapiro	chmod 4755 /usr/libexec/sendmail/sendmail
3590807Sgshapiro	rm /etc/mail/submit.cf
3690807Sgshapiro   If you install from source, set the SENDMAIL_SET_USER_ID flag in
3790807Sgshapiro   /etc/make.conf.
3890807Sgshapiro
3990807SgshapiroAlso, as of 8.12, a new queue-running daemon is started to make sure mail
4091379Srudoesn't remain in the client mail queue.  By default, it simply runs the
4191379Sruclient mail queue every 30 minutes.  Its behavior can be adjusted by setting
4291379Sruthe sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options.
4390807Sgshapiro
4490807Sgshapiro
4533835Sjmb		Filtering out SPAM from your site
4630581Sjmb
4768297SgshapiroSendmail now includes excellent tools to block spam.  These tools are
4866940Sgshapiroavailable as FEATUREs that you can add to your site's .mc file.  Proper use
4966940Sgshapiroof these FEATUREs will prevent spammer from using your site as a relay as
5066940Sgshapirowell as significantly decrease the amount of spam that arrives at your
5166940Sgshapirosite.  No set of anti-spam tools will block all spam without blocking some
5266940Sgshapiroportion of legitimate mail as well.  Therefore, these FEATUREs are designed
5366940Sgshapiroto prevent as much spam as possible without blocking legitimate mail.
5430581Sjmb
5566940SgshapiroThese tools are discussed in /usr/share/sendmail/cf/README.  Read the
5666940Sgshapirosection entitled "ANTI-SPAM CONFIGURATION CONTROL".  Example usage and
5766940Sgshapiroadditional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc.
5866940Sgshapiro
59