Well let me give a little background. I have gone through some pain staking steps and reading but have yet to find an answer that puts my concerns to rest. I have been using Freebsd for awhile now and would like to set up a postfix mail server. I have used the ports collection for my install but I am hoping that someone can give me a better understanding. I have installed postfix,amavisd-new,clamav, clamav-milter, spamassassin, spamassassin-milter, dovecot and squirrelmail. From what I can tell it works. But what I did to make it works concerns me. First here
rc.conf
/etc/periodic.conf
mailer.conf
clamav and spamassassin where not communicating with amavisd-new and to get it to work I added /etc/mail/sendmail.cf this
My first concern is why would I have to modify this file for it to work? I should be using postfix no sendmail. My other concern is with the file
/etc/mail/README
is this telling me that despite everyone saying that all you need to do to disable sendmail is add
to the rc.conf there is more that needs to be done to not use sendmail? My concern is that any command line emails or emails using squirrelmail are using sendmail instead of postfix and this would be a waste of resource and security issue. Any one that can shed some light on this for me would be greatly appreciated.
rc.conf
Code:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
dovecot_enable="YES"
amavisd_enable="YES"
clamav_clamd_enable="YES"
clamav_milter_enable="YES"
clamav_milter_flags="--local --outgoing --max-children=50 --quarantine-dir=/var/quarantine --headers --timeout=0 --postmaster-only"
spamd_enable="YES"
spamd_flags="-u spamd"
spamass_milter_enable="YES"
Code:
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
Code:
#
# Execute the Postfix sendmail program, named /usr/local/sbin/sendmail
#
sendmail /usr/local/sbin/sendmail
send-mail /usr/local/sbin/sendmail
mailq /usr/local/sbin/sendmail
newaliases /usr/local/sbin/sendmail
Code:
O InputMailFilters=clamav,spamassassin
Xspamassassin, S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m
Xclamav, S=local:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m
/etc/mail/README
Code:
As of sendmail 8.12, in order to improve security, the sendmail binary no
longer needs to be set-user-ID root. Instead, a set-group-ID binary
accepts command line mail and relays it to a full mail transfer agent via
SMTP. A group writable client mail queue (/var/spool/clientmqueue/ by
default) holds the mail if an MTA can not be contacted.
To accomplish this, under the default setup, an MTA must be listening on
localhost port 25. If the rc.conf sendmail_enable option is set to "NO",
a sendmail daemon will still be started and bound only to the localhost
interface in order to accept command line submitted mail (note that this
does not work inside jail(2) systems as jails do not allow binding to
just the localhost interface). If this is not a desirable solution, it
can be disabled using the sendmail_submit_enable rc.conf option. However,
if both sendmail_enable and sendmail_submit_enable are set to "NO", you
must do one of two things for command line submitted mail:
1. Designate an alternative host for the submission agent to contact
by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
in /etc/make.conf to an alternate .mc file) and using
'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line
to FEATURE(msp, hostname) where hostname is the fully qualified hostname
of the alternative host.
is this telling me that despite everyone saying that all you need to do to disable sendmail is add
Code:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
to the rc.conf there is more that needs to be done to not use sendmail? My concern is that any command line emails or emails using squirrelmail are using sendmail instead of postfix and this would be a waste of resource and security issue. Any one that can shed some light on this for me would be greatly appreciated.