Sendmail SMTP clients
At most sites the most common use of sendmail is to act as a message submission agent on all of the various Linux and Unix servers on the network. These servers are only SMTP clients. They do not accept incoming mail and they do no local delivery of mail. The only mail they deal with is locally generated mail from various administrative accounts, root, operator, oracle, web, etc..., and all of this local mail is always forwarded to a SMTP relay.
Assuming that you really want sendmail to only act as an SMTP client, then what I recommend in my "Managing Internet Mail" class is to only use the submit.cf file (from the submit.mc file) Since the host would not be receiving any inbound mail, there would be no reason to run the SMTP server (sendmail -bd) and since the SMTP server is not running there would be no reason to use /var/spool/mqueue, hence no reason to run the root owned queue daemon. What is nice about this about this configuration is that there is no sendmail running on the system as root. Sendmail is completely blocked as an attack vector. It can't be used for a remote exploit since it is not listening to any port, not even localhost. It can't be used as a local exploit because it never runs as root.
To configure a sendmail SMTP client, you modify the submit.cf file to forward the mail to the remote/central SMTP server, smtprelay.your.dom, rather than trying to use the local SMTP server listening to the loopback interface. You do this by changing the "msp" (message submission program) feature:
- From: FEATURE(msp, [127.0.0.1])
- To: FEATURE(msp, smtprelay.your.dom)
The "msp" feature only applies to mail addressed to the host itself, an unqualified "user" or "user@thishost.dom". For non-local mail you would still need to set the SMART_HOST relay in your sendmail.mc file:
- define(`SMART_HOST',`smtprelay.your.dom')
I also assume you would like local mail addresses generated on this host to be masqueraded as the domain "user@your.dom". So use masquerading:
- MASQUERADE_AS(your.dom)
- FEATURE(allmasquerade)
- FEATURE(masquerade_envelope)
and to make sure all addresses leave with a domain name (just in case):
- FEATURE(always_add_domain)
If there are some administrative accounts that it would be useful to see the hostname in the address, then add them to the Exposed User class, $=E, with:
- EXPOSED_USER(root operator)
You would also want some of the other stuff in the original submit.mc file:
- VERSIONID(`submit.mc Robert Harker, info at harker dot com 060424')
- define(`confCF_VERSION', `Client')
- dnl dirty hack to keep proto.m4 from complaining
- define(`__OSTYPE__',`')
- define(`confTIME_ZONE', `USE_TZ')
- define(`confDONT_INIT_GROUPS', `True')
Since this is an SMTP client, all forwarding and aliasing should be done by the remote SMTP server, smtprelay.your.dom. The "msp" feature automatically sets them both to a null path.
You should also set the Maximum message size to be consistent with the your site-wide conventions or the next SMTP relay,smtprelay.your.dom:
- define(`confMAX_MESSAGE_SIZE',`10000000')
RedHat, Fedora, and CentOS set the default user and group ID:
- define(`confDEF_USER_ID',`8:12')
This needs to be before the MAILER() definitions or the "msp" feature.
Finally a few other things: don't waste time probing network interfaces and don't waist time with Delivery Status Notifications:
- define(`confDONT_PROBE_INTERFACES',true)
- define(`confTO_QUEUEWARN_DSN',`')
- define(`confTO_QUEUERETURN_DSN',`12h')
So putting it all together as a client.mc file:
- VERSIONID(`client.mc Robert Harker, info at harker dot com 060424')
- define(`confCF_VERSION', `client')dnl
- dnl dirty hack to keep proto.m4 from complaining
- define(`__OSTYPE__',`')
- define(`confTIME_ZONE', `USE_TZ')dnl
- MASQUERADE_AS(`your.dom')dnl
- FEATURE(`allmasquerade')dnl
- FEATURE(`masquerade_envelope')dnl
- FEATURE(always_add_domain)dnl
- EXPOSED_USER(`root operator')dnl
- define(`SMART_HOST',`smtprelay.your.dom')dnl
- define(`confMAX_MESSAGE_SIZE',`10000000')dnl
- define(`confDONT_INIT_GROUPS', `True')dnl
- define(`confDEF_USER_ID',``8:12'')dnl
- define(`confDONT_PROBE_INTERFACES',true)dnl
- define(`confTO_QUEUEWARN_DSN',`')dnl
- define(`confTO_QUEUERETURN_DSN',`12h')dnl
- FEATURE(`msp', `smtprelay.your.dom')dnl
Now that you are not running a sendmail queue daemon or a sendmail SMTP server there is no need for a real sendmail.cf file. You can use submit.cf for both:
- cd /etc/mail
- mv sendmail.cf sendmail.cf.orig
- ln -s submit.cf sendmail.cf
You also want to turn off the standard sendmail SMTP server and queue daemon. In Linux this is normally configured in /etc/sysconfig/sendmail:
- DAEMON=no
- QUEUE=
- SMQUEUE=p1h
Set DAEMON=no and QUEUE= to null. You can tune the queue daemon with SMQUEUE=<time>. The "p" before "1h" tells sendmail to run the queue as a persistent queue daemon.
Now you have a nice generic sendmail configuration which disables both local and remote exploits in sendmail. It also is generic enough to deploy on any OS running sendmail 8.12 or 8.13.