From owner-freebsd-questions@freebsd.org  Sun Aug  6 22:02:26 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 369CEDCCA1D
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun,  6 Aug 2017 22:02:26 +0000 (UTC)
 (envelope-from edgar@pettijohn-web.com)
Received: from mail.pettijohn-web.com (pettijohn-web.com [108.61.222.55])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.pettijohn-web.com",
 Issuer "Let's Encrypt Authority X3" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 13E696FEE7
 for <freebsd-questions@freebsd.org>; Sun,  6 Aug 2017 22:02:25 +0000 (UTC)
 (envelope-from edgar@pettijohn-web.com)
Received: from FreeBSD ([50.59.65.9]) (authenticated bits=128)
 by mail.pettijohn-web.com (8.15.2/8.15.2) with ESMTPSA id v76M2IJl087938
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <freebsd-questions@freebsd.org>; Sun, 6 Aug 2017 17:02:22 -0500 (CDT)
 (envelope-from edgar@pettijohn-web.com)
Date: Sun, 6 Aug 2017 17:01:59 -0500
From: Edgar Pettijohn <edgar@pettijohn-web.com>
To: freebsd-questions@freebsd.org
Subject: Re: sendmail seperate mta/msa processes
Message-ID: <20170806220158.GA77830@FreeBSD>
References: <20170806152213.GB29094@FreeBSD>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="opJtzjQTFsWo+cga"
Content-Disposition: inline
In-Reply-To: <20170806152213.GB29094@FreeBSD>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Aug 2017 22:02:26 -0000


--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Aug 06, 2017 at 10:22:13AM -0500, Edgar Pettijohn wrote:
> Currently my mail server is working well enough. However, I would like to try setting up multiple sendmail processses with their own configurations. So I can have one running on port 25 with spam milters, no relays allowed, and deliver mail to dovecot lmtp. Then have a seperate process with its own config running on port 587 that requires tls+auth before it relays.
> 
> Is this something people do regularly and is easy to implement? Or is it one of those things that after I begin I will wish I had never attempted.
> 
> Thanks in advance,
> 
> Edgar
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

This is my progress thus far.  Haven't tested in production yet, but seems to be 
working on my laptop. First created a /usr/local/etc/rc.d/sendmail-msa rc script. 
The main problem seems to be you can't specify an alternate pidfile for each process. 
So stopping the msa will require hacking sendmail perhaps. Unless someone comes up 
with a good idea. I'm thinking possibly getting the pid from the maillog.

Attached is my rc script. Its not the best, but oh well. In /etc/rc.conf I added 
the following lines:

sendmail_msa_enable="YES"
sendmail_msa_flags="-bd -C/etc/mail/sendmail-msa.cf -L sm-msa"

<------ /etc/mail/freebsd.mc ------>
FEATURE(`no_default_msa')dnl

<------ /etc/mail/sendmail-msa.mc ------>
dnl Enable for bot IPv4 and IPv6 (optional)
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')dnl adding the a requires auth
dnl DAEMON_OPTIONS(etc, etc
dnl DAEMON_OPTIONS(etc, etc

I'm sure I'll have to make some more changes, but that should get the ball rolling.

Suggestions for improvement are appreciated.

Thanks,

edgar

--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=sendmail-msa

#!/bin/sh
#
# $FreeBSD: releng/11.1/etc/rc.d/sendmail 298887 2016-05-01 16:43:22Z pfg $
#

# PROVIDE: mail
# REQUIRE: LOGIN FILESYSTEMS
#	we make mail start late, so that things like .forward's are not
#	processed until the system is fully operational
# KEYWORD: shutdown

# XXX - Get together with sendmail mantainer to figure out how to
#	better handle SENDMAIL_ENABLE and 3rd party MTAs.
#
. /etc/rc.subr

name="sendmail_msa"
desc="Electronic mail submission agent"
rcvar="sendmail_msa_enable"
required_files="/etc/mail/sendmail-msa.mc"
start_precmd="sendmail_msa_precmd"
M4="/usr/bin/m4"

load_rc_config $name
command=${sendmail_program:-/usr/sbin/sendmail}
pidfile=${sendmail_pidfile:-/var/run/${name}.pid} #Need to find a way to make pidfile
procname=${sendmail_procname:-/usr/sbin/sendmail}

sendmail_msa_precmd()
{
	# Need to make the sendmail-msa.cf
	if [ ! -f /etc/mail/sendmail-msa.mc ]; then
		echo -n "There is no sendmail-msa.mc"
		exit 1
	fi

	if [ ! -f /etc/mail/sendmail-msa.cf ]; then
		${M4} -D_CF_DIR_=/usr/share/sendmail/cf/ \
			/usr/share/sendmail/cf/m4/cf.m4 \
			/etc/mail/sendmail-msa.mc > /etc/mail/sendmail-msa.cf
	fi

}

run_rc_command "$1"

--opJtzjQTFsWo+cga--