Red Hat Bugzilla – Bug 1634
Various sendmail suggestions
Last modified: 2008-05-01 11:37:49 EDT
The latest build of sendmail could use a couple of changes
to the sendmail.cf file IMHO. Here is what I would suggest
for the redhat.mc file along with some comments.
+FEATURE(virtusertable',` -o /etc/mail/virtusertable')
-HACK(check_mail3,`hash -a@JUNK /etc/mail/deny')
AUTO_REBUILD: this option will automatically rebuild the
aliases table if the database hashes are out of date with
the text file
TO_CONNECT: this setting relates to the timeout when
connecting to a remote machine. This timeout defaults to an
inordinately large amount under Linux, something like 5-10
minutes. When processing the queue once an hour a couple of
unreachable sites will tie up the entire queue run in
worthless waiting. Setting this option changes this timeout
to a more reasonable setting, 1 minute in this case
TRY_NULL_MX_LIST: in certain cases mail might need to be
delivered to the machine sending the mail. This setting
changes the default behavior of sendmail in skipping any MX
records with a lower preference to itself and allows it to
consider ALL MX records in sendmail outbound email. This is
rather obscure but when it happens it will cause "mail
loops back to myself" errors without this definition.
DONT_PROBE_INTERFACES: when sendmail starts it looks at all
available interfaces and assumes that it should accept
(read "take") mail for any of the interfaces. Take for
example a webserver will multiple IP addresses running
sendmail for outbound mail. Mail sent from the webserver to
any domain hosted on the webserver will NOT be delivered,
even if the domain is NOT listed in sendmail.cw. Obviously
this is not a good thing, in my opinion anything considered
local should be listed in sendmail.cw. This option might
take some consideration though...
SMRSH: Sendmail restricted shell, prevents arbitrary
programs from being executed by sendmail
VIRTUSERTABLE: Adds the capability to do virtual hosting to
the sendmail.cf file, not a problem if
the /etc/mail/virtusertable file does not exist
HACKS: Most of the Claus hacks introduced back in sendmail-
8.8.6 days are incorporated into 8.9.3 in some way.
Removing the hacks and adding FEATUREaccess_db and
FEATUREblacklist_recepients will give equivalent
performance and will adhere better to the way sendmail is
setup. All relaying is handled instead in /etc/mail/relay-
domains or in the access database. Although the new format
is much simpler it is a change that might affect existing
setups so this should be well considered.
With some careful thought it should be possible to design a
new sendmail.cf designed around the new features but still
backwards compatible with the old configurations (IP_ALLOW,
RELAY_ALLOW, etc). Or maybe a quickie script to bring all
the separate files into one unified file when the upgrade
One other quick suggestion for
the /etc/rc.d/init.d/sendmail script, this will
automatically build any databases before starting sendmail:
echo -n "Starting sendmail: "
for i in virtusertable access domaintable
if [ -f /etc/mail/$i ] ; then
echo "Hashing $i for sendmail..."
makemap hash /etc/mail/$i < /etc/mail/$i
Theses suggestions have been implemented in sendmail-8.9.3-2.