From owner-freebsd-questions@freebsd.org Mon Aug 7 08:31:04 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C729DC39D9 for ; Mon, 7 Aug 2017 08:31:04 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DC820D6A for ; Mon, 7 Aug 2017 08:31:03 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:1c1d:86a1:a200:b700]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id C81CAAB20 for ; Mon, 7 Aug 2017 08:30:53 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/C81CAAB20; dkim=none; dkim-atps=neutral Subject: Re: sendmail seperate mta/msa processes To: freebsd-questions@freebsd.org References: <20170806152213.GB29094@FreeBSD> From: Matthew Seaman Message-ID: <44ca8ebf-b1b2-93b4-943c-83d185952613@FreeBSD.org> Date: Mon, 7 Aug 2017 09:30:47 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170806152213.GB29094@FreeBSD> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BhqivHSexJs6GBAo89E7vkmhCJxKqaufc" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Aug 2017 08:31:04 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BhqivHSexJs6GBAo89E7vkmhCJxKqaufc Content-Type: multipart/mixed; boundary="SlAuhVNOisuxu657dFFIaSbWkXwqpQSt6"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: <44ca8ebf-b1b2-93b4-943c-83d185952613@FreeBSD.org> Subject: Re: sendmail seperate mta/msa processes References: <20170806152213.GB29094@FreeBSD> In-Reply-To: <20170806152213.GB29094@FreeBSD> --SlAuhVNOisuxu657dFFIaSbWkXwqpQSt6 Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 06/08/2017 16:22, Edgar Pettijohn wrote: > Currently my mail server is working well enough. However, I would > like to try setting up multiple sendmail processses with their own > configurations. So I can have one running on port 25 with spam > milters, no relays allowed, and deliver mail to dovecot lmtp. Then > have a seperate process with its own config running on port 587 that > requires tls+auth before it relays. >=20 > Is this something people do regularly and is easy to implement? Or is > it one of those things that after I begin I will wish I had never > attempted. Having a separate port 587 listener that requires STARTTLS and authentication is a pretty standard configuration. Typically you wouldn't run two separate sendmail processes for that though. I dropped sendmail in favour of postfix some time ago, but as I recall, the essential parts of the configuration were: FEATURE(`no_default_msa') and then defining a series of DAEMON_OPTIONS(...) defining where sendmail would open listening sockets and the various flags to require things like authentication after STARTTLS. You also need a MAILER(...) definition to configure delivery via LMTP. However, my advice would be to forget trying to do this with sendmail and install a different MTA. I prefer postfix because it combines speed and security with a rally quite readable configuration syntax. Cheers, Matthew --SlAuhVNOisuxu657dFFIaSbWkXwqpQSt6-- --BhqivHSexJs6GBAo89E7vkmhCJxKqaufc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJZiCU9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATYLcQAIb4zaE6Qg4hRMovxryIU+6m O07ScyFfmAcMZ3aKoathcLMeedyWO0HJUyhK125jIcd5+HPUXxHEs6J4SPbAOcbU 84L6hUX/7b2HGoVexHEsw4eUmkb0vMCzaPXl9QtTZkUUbTdPiVAjEXVXDJRjnm15 dXbHO3lCwuD2bH3yrHWmLoVi323zcEa/Oo7mKeb9dsl+0kMLAuxDF+cgMlAqCPYu JD8MC9SYjz5Z6440g6+swbqbPqSa5X9dw/fauAHD35ajKOMdCQruNVOBQMpWem3v qcebNSqnoaq/Nlm0y9Jwu5xmIFDKpSp8Obhs2yemYnfe5t2E9bl+TjrJiiM/chZu 0/0AzjMsnGTImOGN1vFKE/SKFoWx6fhAmb7EH56vWsVXfvXHWkwF0jQBpQJmFgsn NoyjQSywedMaTI9exXwYagFQic5kLaMEoOuoR3fZLUgPvE1GPi4AHoaIrMT+9sWq 38Eu3omOY8tipqy4hHqDHMubSbl3hO9B21bMySXSVTaswrTQ4aYK6lKRq140Nb7J yGIkLzVZx10ksLyQMpZdqW2VdAixGQvJN4XTUji8Qn/CLtocKWHZZ76mFhB11ShJ qCZdMD/TKFofzPMZqYsBWv4m4FiIL5g+YIEMej5E4NyjHsS3CoL6r7i6v3qGVNHI U9iWN8KCQxOFfjgffeTg =y49J -----END PGP SIGNATURE----- --BhqivHSexJs6GBAo89E7vkmhCJxKqaufc--