Would it be useful to ship an alternate submit.cf?
Garrett Wollman
wollman at lcs.mit.edu
Thu May 22 14:16:55 PDT 2003
Many FreeBSD installations do not need to run sendmail as a server.
FreeBSD currently does this only to give smmsp a known-working place
to submit local mail, which is good in that it works out of the box
but the presence of that daemon in ps listings is somewhat astonishing
to a user who doesn't remember having turned sendmail on (even though
it is only listening on localhost).
It might be useful to include an alternate submit.cf that operates
more like nullclient.mc did in the pre-privsep world. If the user has
DNS set up correctly, this can even be done without requiring any
additional configuration. Here's what I use:
divert(0)dnl
VERSIONID(`$Id: submit.mc,v 8.6 2002/03/26 03:30:58 ca Exp $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_BLAME_SENDMAIL',`GroupReadableKeyFile')dnl
define(`confCACERT_PATH', `/etc/mail/certs/')dnl
define(`confCACERT', `/etc/mail/certs/ca-client.pem')dnl probably unnecessary
define(`confCLIENT_CERT', `/etc/mail/clientcert.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/clientkey.pem')dnl
FEATURE(`msp', `$j', `MSA')dnl
Because I specify `$j' and not `[$j]', sendmail knows to do an MX
lookup and submits local mail to this machine's best available mail
exchanger. Obviously the cert stuff is only necessary if you actually
use certificates for authentication (which I do); that can be
commented out.
-GAWollman
More information about the freebsd-current
mailing list