From owner-freebsd-current@FreeBSD.ORG Thu May 22 14:16:55 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EA8C37B401; Thu, 22 May 2003 14:16:55 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62A0443F93; Thu, 22 May 2003 14:16:54 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: from khavrinen.lcs.mit.edu (localhost [IPv6:::1]) by khavrinen.lcs.mit.edu (8.12.9/8.12.9) with ESMTP id h4MLGqVo097079 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 22 May 2003 17:16:53 -0400 (EDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.12.9/8.12.9/Submit) id h4MLGqK4097076; Thu, 22 May 2003 17:16:52 -0400 (EDT) (envelope-from wollman) Date: Thu, 22 May 2003 17:16:52 -0400 (EDT) From: Garrett Wollman Message-Id: <200305222116.h4MLGqK4097076@khavrinen.lcs.mit.edu> To: current@FreeBSD.org X-Spam-Score: 0 () X-Scanned-By: MIMEDefang 2.33 (www . roaringpenguin . com / mimedefang) cc: gshapiro@FreeBSD.org Subject: Would it be useful to ship an alternate submit.cf? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2003 21:16:55 -0000 Many FreeBSD installations do not need to run sendmail as a server. FreeBSD currently does this only to give smmsp a known-working place to submit local mail, which is good in that it works out of the box but the presence of that daemon in ps listings is somewhat astonishing to a user who doesn't remember having turned sendmail on (even though it is only listening on localhost). It might be useful to include an alternate submit.cf that operates more like nullclient.mc did in the pre-privsep world. If the user has DNS set up correctly, this can even be done without requiring any additional configuration. Here's what I use: divert(0)dnl VERSIONID(`$Id: submit.mc,v 8.6 2002/03/26 03:30:58 ca Exp $') define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_BLAME_SENDMAIL',`GroupReadableKeyFile')dnl define(`confCACERT_PATH', `/etc/mail/certs/')dnl define(`confCACERT', `/etc/mail/certs/ca-client.pem')dnl probably unnecessary define(`confCLIENT_CERT', `/etc/mail/clientcert.pem')dnl define(`confCLIENT_KEY', `/etc/mail/clientkey.pem')dnl FEATURE(`msp', `$j', `MSA')dnl Because I specify `$j' and not `[$j]', sendmail knows to do an MX lookup and submits local mail to this machine's best available mail exchanger. Obviously the cert stuff is only necessary if you actually use certificates for authentication (which I do); that can be commented out. -GAWollman