After seeing much non-robust discussion...


Quoting Richard Rauch (rauch@rice.edu):
...
> I'm looking for advice.  I *have* set up sendmail before, but I never
> grokked sendmail.cf.  I don't have a big site to configure and would be
> content with a fairly small server that provides the following features:

Sendmail.cf is generated via m4.  I've done sendmail for hundreds and
hundreds of clients, nothing I did couldn't be in an m4 file.

Most of these m4 files are less than 25 lines.  Fairly easy.
Sendmail's commercial version of their MTA ("Switch") puts
a GUI in front of *that*, among other features.

>  * Delivers email to local users.  (^&
> 
>  * Defaults to conservative behavior (e.g., when I last had sendmail
>    up, I think that it defaulted to being an open relay---*not* the
>    kind of philosophy I want in a default config for a mail server
>    that's on the Internet; though I might prefer it in a secure,
>    private network...  (^&).
Then the last time you used sendmail was 1997 or before.  That changed with
sendmail 8.9.

>  * Robust/simple.
Pick one.

I've had people come to me while I was on booth-bunny duty. "Sendmail
is too complex.  By the way, can it be set to deliver messages > 5MB
only after 5PM?"  [yes, it can; no what was the first part?]

>  * Some facility for dropping in scripts (per-user or site-wide---almost
>    the same thing in my case) to filter mail in some way.

Sendmail uses the Mail Filter API, lovingly called "milter".  Milters
are (thread safe) daemons that listen on a TCP port or Unix socket.
Commercial Milters offered by Sendmail Inc and others do anti-virus,
anti-spam, "archiving" (copy messages to/from certain domains/users for,
compliance with SEC rules, for example), Mime filtering (remove all .vbs
scripts, replace all .exe's with an attachment saying "We removed an .exe"),
etc.  Open Source efforts cover using Spam Assasin, other tools as you
with.  Milters can be in C, Java, Perl, Ruby, whatever you want.
www.milter.org has some info.


> The ideal would be to throw an rc.conf switch to turn on one of sendmail
> or postfix and have it all just come to life.  But if it involves much
> review and customization to get basic delivery to function safely, maybe I
> should look at pkgsrc.  Especially if getting a safe,
> non-a-spammer's-paradise server up requires dealing with sendmail.cf
> (say), I'd rather avoid sendmail.  (^&

99% of the time, sendmail wants only a couple things changed:
- who you receive mail as (/etc/mail/local-host-names contains that)
- Who you send mail as  (see Masquerade_As).

Additionally, you might use the access map to allow you network
to relay through it (relay is OFF by default).  Just add this:
.my.home.domain			RELAY


Sendmail is very fast.  Sendmail is very robust.  Its flexibility
is its curse. Because the .cf file shows you every switch and option,
it can be overwhelming.  Ignore it.

Treat the sendmail.cf file as a binary.  The m4 is the source.
Sendmail.org rejected my patches to optionally make sendmail.cf a
binary (pretty simple to set the high bit on ^R and ^S :).  Keep
the damn customers from looking at it and getting scared.