July 19, 2011, 10:57 p.m.
posted by ifman
Why Do I Need sendmail?
sendmail is the standard Mail Transport Agent (MTA) on FreeBSD, as it is on most Unix systems. In fact, the majority of email passing over the Internet will probably travel through a sendmail server at some point. However, sendmail isn't the easiest software package to manage, and the configuration file syntax gives most people a headache. There are several alternative MTA packages available, but these are also industrial-strength programs suitable for demanding use.
Many modern graphical email clients, such as Netscape Mail or Evolution, can send email directly to a mail server machine across the network. So, no, you won't need an MTA on your local machine to send email. (However, you will need an MTA if you use one of the more traditional Unix mail clients, such as mail, mutt, or pine.)
Regardless of your email client, if you want to see any automatic emails the system sends—usually from the periodic scripts—then you do require an MTA. More precisely, Unix programs expect to be able to send email by piping its text into the standard input of /usr/sbin/sendmail, and have the system take care of the rest of the work for them.
1 Closing Port 25
It is possible to close port 25 (except on the loopback interface) and still allow sendmail to run occasionally in order to process outgoing messages. Add the following line to /etc/rc.conf:
With the release of sendmail-8.12.2 in 2002, sendmail has been split into two parts, each with a separate configuration file. These are the MTA process, which uses SMTP to copy the mail from machine to machine, and the Mail Submission Process (MSP), whose job is to read in the complete text of any new email and reliably inject it into the MTA. When programs run /usr/sbin/sendmail, they interact with the MSP.
You can either run an MTA process locally or not run it at all, configuring the MSP to deliver straight to the MTA on your provider's smart host. In order to deliver any email, it has to pass from the MSP to an MTA. The MSP talks SMTP to the MTA to do that, which requires the MTA to be listening on port 25.
2 Simple sendmail Configuration with a Local MTA
Setting sendmail_enable="NO" in /etc/rc.conf does not turn off sendmail—use sendmail_enable="NONE" for that—but it does stop sendmail from receiving incoming email. In fact, sendmail_enable="NO" will result in starting up two sendmail processes: an MSP queue manager and an MTA process that listens on the loopback address only. Having the MTA listen only on the loopback interface means that it can be accessed only from the local machine. This is an acceptably secure compromise between having port 25 open generally and not having access to the local MTA at all.
# cd /etc/mail # cp freebsd.mc `hostname`.mc
where `hostname` turns into the system's hostname.
Open <hostname>.mc in your favorite editor. Change the line that says:
dnl define(`SMART_HOST', `your.isp.mail.server')
Replace smtp.yourprovider.net with the correct name of your provider's SMTP server. dnl stands for "Delete until New Line"—it's used to comment out text in .mc files, so this change simply uncomments an example line in the default .mc file. Note that in .mc files, the left tick (`) is different from the right tick (').
Now process the .mc file into a .cf file, and install and activate it:
# make # make install # make restart-mta
You don't need to make any changes to the default sendmail MSP configuration. This setup will send all messages for nonlocal users to the provider's smart host for processing. It doesn't provide any means of receiving incoming emails over the network.
3 Simple sendmail Configuration Without a Local MTA
Instead of running both a sendmail MSP queue runner and a sendmail MTA process, an alternative is to use just an MSP queue runner. Don't worry about the sendmail MTA, as you're not using it. In addition to sendmail_enable="NO", add these lines to /etc/rc.conf:
You'll also need to customize the sendmail configuration slightly, this time for the MSP rather than the MTA.
# cd /etc/mail # cp freebsd.submit.mc submit.mc
Change the last line in submit.mc from:
where, as before, smtp.yourprovider.net is your ISP's mail smart host.
Then, install and activate the new configuration:
# make # make install # make restart-msp
Again, this will permit you to send email anywhere in the world, but not to receive incoming messages. This differs from the preceding "with MTA" configuration, in that this has to send all outgoing messages—without exception—through the provider's smart host. In return, there is no longer a sendmail process listening on port 25.
4 See Also
The ssmtp web site (http://packages.debian.org/testing/mail/ssmtp.html)