Customizing Sendmail

Lars Magnusson

Sendmail is a program that has always given its administrators mixed feelings. It inspires both hatred and amazement, often at the same time. Notwithstanding this love/hate relationship, sendmail is without question the most widespread SMTP Mail Transport Agent (MTA) on the Internet today. None of its competitors are even close to it. The purpose of this article is to describe how to create a simplified local sendmail configuration file that handles different types of traffic. I will also explore some very useful features that are often forgotten or neglected in the ongoing discussion of sendmail's pro and cons.

Security

In addition to being complex and cumbersome, sendmail is often regarded as unsecure. However, I have yet to see an alternative that allows the same flexibility and adaptibility. The challenge is to handle its inabilities in a secure way and use it as efficiently as possible, without compromising the basic security and reliability.

It can't be denied that sendmail has been the culprit of many Internet incidents including the infamous Internet worm in 1988. Many of these incidents have resulted from using the sendmail program supplied by the operating system vendor, which may lag behind publicly available sources with respect to fixes of security bugs. A better solution is to obtain the source code from one of the archive sites, then compile and install it locally. (The UIUC IDA Sendmail version 5.65c is available from ftp.uu.net and BSD V8 sendmail can be obtained from ftp.cs.berkeley.edu.)

Given the vulnerability introduced by Internet connectivity, I feel that it is also preferable to isolate systems from direct Internet contact, either by using a firewall or by using a dial-up connection for mail transfers.