MikeL's FreeBSD howto - basic sendmail configuration

This is basically a set of tips on how to configure sendmail. The intent is not to cover everything in detail, merely to point you to each of the tasks that must be performed and to help you know why you're doing it.

Merry New Year - I'm working on computer problems - sigh...

Latest issue was the new install, Thunderbird was not able to send, error:
Relaying denied: IP name lookup failed []
Simply needed to add to /etc/mail/access:
Connect:192.168.0 RELAY

Another useful trick for analyzing sendmail problems. Add -d8.20 parm to show detailed DNS info as send progresses.

I'm getting maillog errors:
sendmail: Losing ./qf#####: savemail panic
sendmail: SYSERR(root): savemail: cannot save rejected email anywhere
A super quick and easy way to test your postmaster alias:
date | sendmail -v -Am postmaster
This one turned out to be that I had define(`confLOCAL_MAILER', `cyrusv2') and MAILER(`cyrusv2') in my mc file. This was copied from another system that does work, I don't understand why it's working on that system...
I took that out, no more savemail panic, still not getting mail via imap though. Put it back, now suddenly everything is working. Don't know which other change I made that fixed it, but I'm gonna quit now while I'm ahead!

Notes on how to recompile sendmail. Problem I'm having is related to IPv6 - I'm hoping if I simply recompile without that feature, it'll fix it. https://lists.freebsd.org/pipermail/freebsd-questions/2006-August/128775.html

I'm completely unable to get my email secondary to do local delivery to itself, even when called out by fqdn. Still haven't figured it out yet, but just so I don't forget, one thing I did was create a link for mail.local in /usr/local/libexec to /usr/libexec/. I have a machine that I think works, and it did have this link, whereas it was not present on the non-working box.

Still working on getting rid of following error:
STARTTLS: x509 cert verify: depth=2 /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority, state=0, reason=unable to get certificate CRL
The following seemed informative, this did a dump of MY certificate, and included a URI to a CRL. I fetched that, but it didn't seem to work either.
openssl x509 -in [your .crt file] -text | more
The revoke file IS accessible, I set it and the directory it's in to world-read for a minute while I tested this - no change. Maybe it's having trouble with the format of the file itself? It does appear to be binary... I tried the following to convert it to PEM, doesn't seem to have helped, but here it is in case I need it again...
openssl crl -inform DER -in 20200330-NetworkSolutionsOVServerCA2.crl -outform PEM -out zzz

[20200327] When you're looking through your maillog and you see "may be forged", this probably means that the RDNS lookup does not match the configured name passed into sendmail. If this is your own server, you need to contact your upstream provider to have your PTR change to be:
[your full hostname with doman] dot [your ip address, reversed] dot in-addr.arpa

[20200323] Note that if you're installing mailman, you'll need to modify it's SMTP_MAX_RCPTS setting to match your.mc file MAX_RCPTS_PER_MESSAGE. See mailman config page.

[20190115] Sendmail tweaks I've had to do.
dnl Following fixes following error in /var/log/messages:
dnl [...] sm-mta[47220]: [...] SYSERR(root): timeout writing message to [...]
dnl See:
dnl https://forums.freebsd.org/threads/timeout-writing-message-to-local.55563/
dnl https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869666

dnl Following limits size of file that will be sent to spamd, without this
dnl spamass will simply skip parsing of large emails and let them through.
define(`SMTP_MAILER_MAX', `15000000')
define(`confMAX_MESSAGE_SIZE', `15000000')

dnl Following changes from default: upped S and R from 4m to 6m, added T val to F switch

INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=T, T=C:15m;S:6m;R:6m;E:10m')

define(`confMILTER_MACROS_CONNECT', `b, j, _, {daemon_name}, {if_name}, {if_addr}'})

define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'')
dnl 20140302 - getting msg Could not retrieve sendmail macro "b"!
dnl in logfile. see:
dnl http://lists.gnu.org/archive/html/spamass-milt-list/2006-05/msg00011.html
define(`confMILTER_MACROS_ENVRCPT', ``b, r, v, Z'')

define(`confINPUT_MAIL_FILTERS', `spamassassin')

dnl put in MAX_RCPTS_PER_MESSAGE after another customer send to hundreds
dnl of senders and it's not looping resending... 16-Aug-2010
define(`confMAX_RCPTS_PER_MESSAGE', `25')

vacation (autoreply)


Primary machine

Secondary machine

Copyright © 1995-2024 Mike Lempriere (running on host pedicel)