i switched to postfix years ago. to be sure it has its fanboys. i found it to be just as cryptic in its own way.<br><br>i came back to sendmail. far lighter weight if that matters to you. my config does outgoing auth for delivery via isp. here's my setup:<br>
<br> <font size="1"> dnsinternal=(<a href="http://intra.mydomainname.com">intra.mydomainname.com</a>)<br> smmasquhide=<a href="http://intra.mydomainname.com">intra.mydomainname.com</a><br> smmasqushow=<a href="http://mydomainname.com">mydomainname.com</a><br>
sendmailocal=<a href="http://mydomainname.com">mydomainname.com</a><br> sendmailoutvia=<a href="http://smtpauth.myisp.net">smtpauth.myisp.net</a><br>dnsexternal=()<br>dnsmeext=("${dnsexternal[@]}" "${dnsinternal[@]}" "${sendmailocal[@]}")<br>
AUTH_OPTIONS='A p'<br> cf=/etc/mail/<a href="http://sendmail.cf">sendmail.cf</a><br> mc=/etc/mail/<a href="http://sendmail.mc">sendmail.mc</a><br> (sed -e "s/+AUTH_OPTIONS+/$AUTH_OPTIONS/"\<br>
-e "s/+smmasquhide+/$smmasquhide/"\<br>
-e "s/+smmasqushow+/$smmasqushow/"\<br> -e "s/+sendmailoutvia+/$sendmailoutvia/"\<br> -e "s/+sendlocalmailto+/$sendlocalmailto/" $mc<br> echo "Cw${dnsmeext[@]}")|m4>$cf</font><br>
<br><u>/etc/mail/<a href="http://sendmail.cf">sendmail.cf</a></u>:<br><font size="1">include(`/usr/share/sendmail-cf/m4/cf.m4')dnl<br>OSTYPE(`linux')dnl <br>define(`confSMTP_LOGIN_MSG',`')dnl Delete all the program and version information out of the SMTP header<br>
define(`HELP_FILE',`')dnl Enhance security by not offering version numbers in the HELP output<br>define(`LOCAL_RELAY',`+sendlocalmailto+')<br>define(`confDEF_USER_ID', ``8:12'')dnl <br>define(`confERROR_MODE',`m')<br>
define(`confDIAL_DELAY',`60s')<br>define(`confDONT_PROBE_INTERFACES', `True')dnl<br>define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl<br>define(`ALIAS_FILE', `/etc/aliases')dnl<br>define(`STATUS_FILE', `/var/log/mail/statistics')dnl<br>
define(`confDEAD_LETTER_DROP',`/var/mail/DEAD_LETTER_DROP')<br>dnl ne(`confLOG_LEVEL', `20')dnl verbose<br>undefine(`BITNET_RELAY')<br>undefine(`UUCP_RELAY')<br>FEATURE(nouucp,reject)<br>define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun,restrictmailq,restrictexpand,needmailhelo,noreceipts')<br>
# AUTH_OPTIONS A allows relaying if the user authenticates<br># AUTH_OPTIONS p disallows plaintext authentication (PLAIN/LOGIN) on non-TLS links<br>define(`confAUTH_OPTIONS',`+AUTH_OPTIONS+')dnl<br>TRUST_AUTH_MECH( `EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN')dnl<br>
define(`confAUTH_MECHANISMS',`EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl<br>define(`SMART_HOST',`+sendmailoutvia+')<br>define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl<br>define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl<br>
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl<br>define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl<br>define(`confCLIENT_CERT', `/etc/pki/tls/certs/localhost.crt')dnl<br>define(`confSERVER_CERT', `/etc/pki/tls/certs/localhost.crt')dnl<br>
define(`confCLIENT_KEY', `/etc/pki/tls/private/localhost.key')dnl<br>define(`confSERVER_KEY', `/etc/pki/tls/private/localhost.key')dnl<br>dnl # <br>dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's<br>
dnl # slapd, which requires the file to be readble by group ldap<br>dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl<br>dnl # <br>FEATURE(`smrsh', `/usr/sbin/smrsh')dnl<br>FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl<br>
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl<br>FEATURE(`virtuser_entire_domain')<br>FEATURE(redirect)dnl <br>FEATURE(use_ct_file)dnl <br>define(`confMAX_DAEMON_CHILDREN',`25')dnl maximum child processes that can be spawned by the server<br>
define(`confCONNECTION_RATE_THROTTLE',`5')dnl connections the server can receive per second<br>define(`confMIN_FREE_BLOCKS',`19200')dnl 75mb <br>dnl # The -t option was retrying delivery if e.g. the user runs over his quota. caused problems with fetchmail.<br>
dnl URE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl<br>FEATURE(local_procmail,`',`procmail -Y -a $h -d $u')dnl<br>FEATURE(`access_db')dnl<br>FEATURE(`authinfo')dnl /etc/mail/authinfo<br>
FEATURE(`blacklist_recipients')dnl<br>
FEATURE(`dnsbl', `<a href="http://list.dsbl.org">list.dsbl.org</a>',`Message from $&{client_addr} rejected - see <a href="http://dsbl.org">http://dsbl.org</a>')<br>FEATURE(`dnsbl', `<a href="http://relays.ordb.org">relays.ordb.org</a>',`"550 Email rejected due to sending server misconfiguration - see <a href="http://www.ordb.org/faq">http://www.ordb.org/faq</a>"')<br>
FEATURE(`dnsbl', `<a href="http://dnsbl.njabl.org">dnsbl.njabl.org</a>',`Message from $&{client_addr} rejected - see <a href="http://njabl.org">http://njabl.org</a>')<br>FEATURE(`dnsbl',`<a href="http://blackholes.brainerd.net">blackholes.brainerd.net</a>',`Message from $&{client_addr} rejected - see <a href="http://blackholes.brainerd.net">http://blackholes.brainerd.net</a>')<br>
dnl the following rejected a message from sherry's <a href="http://surfbest.net">surfbest.net</a>, likely they unwittingly hosted a spammer, nevertheless i removed it<br>dnl URE(`dnsbl', `<a href="http://sbl.spamhaus.org">sbl.spamhaus.org</a>',`Message from $&{client_addr} rejected - see <a href="http://www.spamhaus.org/SBL">http://www.spamhaus.org/SBL</a>')<br>
dnl the following 2 were causing long wait before "220 ESMTP", hence receive timeouts on pomcoweb from earthlink and verizon, though other senders were more patient<br>dnl URE(`dnsbl', `<a href="http://dialups.visi.com">dialups.visi.com</a>',`Message from $&{client_addr} rejected - see <a href="http://dialups.visi.com">http://dialups.visi.com</a>')<br>
dnl URE(`dnsbl', `<a href="http://dialups.mail-abuse.org">dialups.mail-abuse.org</a>',`Message from $&{client_addr} rejected - see <a href="http://mail-abuse.org/dul/enduser.htm">http://mail-abuse.org/dul/enduser.htm</a>')<br>
dnl #<br>dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment<br>dnl # the following 2 definitions and activate below in the MAILER section the<br>dnl # cyrusv2 mailer.<br>dnl define(`confLOCAL_MAILER', `cyrusv2')dnl<br>
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl<br>dnl #<br>FEATURE(`no_default_msa')<br>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl accept port 25 unencrypted smtp from localhost only<br>
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl accept port 587 authenticated esmtp<br>dnl #<br>dnl # The following causes sendmail to additionally listen to port 465, but<br>dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed<br>
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't<br>dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS<br>dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps<br>
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.<br>dnl # For this to work your OpenSSL certificates must be configured.<br>dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl<br>dnl #<br>
dnl accept unresolvable domains else fetchmail keeps retrying, bogging and breaking named<br>FEATURE(`accept_unresolvable_domains')dnl<br>dnl URE(`nocanonify')<br>dnl URE(`limited_masquerade')<br>FEATURE(`allmasquerade')dnl masq recipient addresses, doesn't appear to work for <a href="mailto:g@georgia.nvpf.org">g@georgia.nvpf.org</a><br>
FEATURE(`masquerade_envelope')<br>MASQUERADE_DOMAIN(`+smmasquhide+')<br>MASQUERADE_AS(+smmasqushow+)dnl<br>MAILER(smtp)dnl<br>MAILER(procmail)dnl<br>dnl MAILER(cyrusv2)dnl</font>