The latest build of sendmail could use a couple of changes to the sendmail.cf file IMHO. Here is what I would suggest for the redhat.mc file along with some comments. +define(`confAUTO_REBUILD') +define(`confTO_CONNECT', `1m') +define(`confTRY_NULL_MX_LIST',true) +define(`confDONT_PROBE_INTERFACES',true) +FEATURE(`smrsh',`/usr/sbin/smrsh') +FEATURE(virtusertable',` -o /etc/mail/virtusertable') -HACK(check_mail3,`hash -a@JUNK /etc/mail/deny') -HACK(use_ip,`/etc/mail/ip_allow') -HACK(use_names,`/etc/mail/name_allow') -HACK(use_relayto,`/etc/mail/relay_allow') -HACK(check_rcpt4) -HACK(check_relay3) +FEATURE(`access_db') +FEATURE(`blacklist_recipients') AUTO_REBUILD: this option will automatically rebuild the aliases table if the database hashes are out of date with the text file TO_CONNECT: this setting relates to the timeout when connecting to a remote machine. This timeout defaults to an inordinately large amount under Linux, something like 5-10 minutes. When processing the queue once an hour a couple of unreachable sites will tie up the entire queue run in worthless waiting. Setting this option changes this timeout to a more reasonable setting, 1 minute in this case TRY_NULL_MX_LIST: in certain cases mail might need to be delivered to the machine sending the mail. This setting changes the default behavior of sendmail in skipping any MX records with a lower preference to itself and allows it to consider ALL MX records in sendmail outbound email. This is rather obscure but when it happens it will cause "mail loops back to myself" errors without this definition. DONT_PROBE_INTERFACES: when sendmail starts it looks at all available interfaces and assumes that it should accept (read "take") mail for any of the interfaces. Take for example a webserver will multiple IP addresses running sendmail for outbound mail. Mail sent from the webserver to any domain hosted on the webserver will NOT be delivered, even if the domain is NOT listed in sendmail.cw. Obviously this is not a good thing, in my opinion anything considered local should be listed in sendmail.cw. This option might take some consideration though... SMRSH: Sendmail restricted shell, prevents arbitrary programs from being executed by sendmail VIRTUSERTABLE: Adds the capability to do virtual hosting to the sendmail.cf file, not a problem if the /etc/mail/virtusertable file does not exist HACKS: Most of the Claus hacks introduced back in sendmail- 8.8.6 days are incorporated into 8.9.3 in some way. Removing the hacks and adding FEATUREaccess_db and FEATUREblacklist_recepients will give equivalent performance and will adhere better to the way sendmail is setup. All relaying is handled instead in /etc/mail/relay- domains or in the access database. Although the new format is much simpler it is a change that might affect existing setups so this should be well considered. With some careful thought it should be possible to design a new sendmail.cf designed around the new features but still backwards compatible with the old configurations (IP_ALLOW, RELAY_ALLOW, etc). Or maybe a quickie script to bring all the separate files into one unified file when the upgrade is performed. One other quick suggestion for the /etc/rc.d/init.d/sendmail script, this will automatically build any databases before starting sendmail: echo -n "Starting sendmail: " newaliases for i in virtusertable access domaintable mailertable do if [ -f /etc/mail/$i ] ; then echo "Hashing $i for sendmail..." makemap hash /etc/mail/$i < /etc/mail/$i sleep 1 fi done
Theses suggestions have been implemented in sendmail-8.9.3-2.