Disabling the Sendmail daemon for outgoing mail
Are you only sending outgoing mail with Sendmail? If you do not need to
process incoming SMTP mail, disable the Sendmail daemon for improved
security. Please read the excellent article Improving
Sendmail Security by Turning It Off for more information.
Beginning with Sendmail 8.12.x, the default behavior of the Message
Submission
Process (MSP) is to send outgoing mail through the local Message
Transport Agent (MTA) process. In other words, in order to send
outgoing mail, you need to run Sendmail in daemon mode. Even if
Sendmail is configured to only listen on the loopback interface,
running Sendmail in daemon mode could lead to local privilege
escalation if a security vulnerability in Sendmail is discovered.
Instead of using a local MTA to send outgoing mail, Sendmail can be
configured to use a different MTA. Therefore, outgoing mail will
be
relayed through your mail gateway, and you will not have to run
Sendmail in daemon mode.
To use a different MTA to relay outgoing mail with Sendmail 8.12.x and
later,
make the following changes:
1. Modify the MSP macro configuration (submit.mc)
file.
cd sendmail_source_tree/cf/cf
cp submit.mc submit.mc.original
vi submit.mc
Change:
FEATURE(`msp', `[127.0.0.1]')dnl
To:
FEATURE(`msp', `your_mail_relay_or_MX_record')dnl
2. Build and install the MSP configuration file.
sh Build submit.cf
cp submit.cf /etc/mail
3. If you are running Sendmail in daemon mode (i.e. a Sendmail process
running with the -bd flags),
terminate the process. If applicable, modify the Sendmail
startup/shutdown script (/etc/init.d/sendmail)
so that Sendmail is not started in daemon mode.
ex. Comment or remove the following lines in /etc/init.d/sendmail:
# Start the MTA
/usr/lib/sendmail -L sm-mta -bd
-q30m
Back to brandonhutchinson.com.
Last modified: 04/19/2005