mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-15 06:42:51 +01:00
cb99e93575
When WITHOUT_SENDMAIL is set, we end up with two different mailer.conf that conflict, and hilarity ensues. There's currently three different places that we might install mailer.conf: - ^/etc/Makefile (package=runtime, contingent on MK_MAIL != no) - ^/libexec/dma/dmagent/Makefile (package=dma, contingent on MK_SENDMAIL != no) - ^/usr.sbin/mailwrapper/Makefile (package=utilities, contingent on not-installed) The mailwrapper installation will effectively never happen because the ^/etc one will first. This patch simplifies the whole situation; remove the ^/etc/Makefile version and install it primarily in mailwrapper if MK_MAILWRAPPER != "no". The scenarios covered in mailwrapper are: - sendmail(8) is installed, dma(8) may or may not be installed - neither sendmail(8) nor dma(8) is installed In the first scenario, sendmail(8) is dominant so we can go ahead and install the version in ^/etc/mail. In the unlisted scenario, sendmail(8) is not installed but dma(8) is, we'll let ^/libexec/dma/dmagent do the installation. In the second listed scenario, we still want to install an example mailer.conf so just install the base sendmail(8) version. Reviewed by: bapt MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24924 |
||
---|---|---|
.. | ||
access.sample | ||
aliases | ||
mailer.conf | ||
mailertable.sample | ||
Makefile | ||
README | ||
virtusertable.sample |
# $FreeBSD$ Sendmail Processes As of sendmail 8.12, in order to improve security, the sendmail binary no longer needs to be set-user-ID root. Instead, a set-group-ID binary accepts command line mail and relays it to a full mail transfer agent via SMTP. A group writable client mail queue (/var/spool/clientmqueue/ by default) holds the mail if an MTA can not be contacted. To accomplish this, under the default setup, an MTA must be listening on localhost port 25. If the rc.conf sendmail_enable option is set to "NO", a sendmail daemon will still be started and bound only to the localhost interface in order to accept command line submitted mail (note that this does not work inside jail(2) systems as jails do not allow binding to just the localhost interface). If this is not a desirable solution, it can be disabled using the sendmail_submit_enable rc.conf option. However, if both sendmail_enable and sendmail_submit_enable are set to "NO", you must do one of two things for command line submitted mail: 1. Designate an alternative host for the submission agent to contact by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC in /etc/make.conf to an alternate .mc file) and using 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line to FEATURE(msp, hostname) where hostname is the fully qualified hostname of the alternative host. Or: 2. Return to using a set-user-ID root sendmail binary by changing the ownership and permissions on the sendmail binary and removing the /etc/mail/submit.cf file: chown root /usr/libexec/sendmail/sendmail chmod 4755 /usr/libexec/sendmail/sendmail rm /etc/mail/submit.cf If you install from source, set the SENDMAIL_SET_USER_ID flag in /etc/make.conf. Also, as of 8.12, a new queue-running daemon is started to make sure mail doesn't remain in the client mail queue. By default, it simply runs the client mail queue every 30 minutes. Its behavior can be adjusted by setting the sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options. Filtering out SPAM from your site Sendmail now includes excellent tools to block spam. These tools are available as FEATUREs that you can add to your site's .mc file. Proper use of these FEATUREs will prevent spammer from using your site as a relay as well as significantly decrease the amount of spam that arrives at your site. No set of anti-spam tools will block all spam without blocking some portion of legitimate mail as well. Therefore, these FEATUREs are designed to prevent as much spam as possible without blocking legitimate mail. These tools are discussed in /usr/share/sendmail/cf/README. Read the section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and additional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc.