Quick-Tip: Configuring Sendmail with m4 and the sendmail.mc file

I often hear people complain about how difficult Sendmail is to configure. My guess is people take one look at the line noise in the sendmail.cf file and give up. In reality Sendmail is very easy to configure. Here are a few quick tips to help you along.

General Configuration

On most Linux systems you will find Sendmail's configuration in either /etc or /etc/mail. There should be a file named sendmail.mc if you've found it you're in the right place. Editing this file is not only the proper way to configure Sendmail, but it is also much easier than trying to make your changes in sendmail.cf.

After you have made any edits to the sendmail.mc file you will need to do two things:

  1. Rebuild the file using either the Makefile in the configuration directory or by issuing the command m4 sendmail.mc > /etc/sendmail.cf
  2. Send Sendmail a -HUP signal using kill or simply restart the daemon for the configuration changes to take effect

Spam Filtering

To reduce the amount of spam you receive add the following line toward the bottom of your sendmail.mc and rebuild with make:

FEATURE(`dnsbl', `sbl.spamhaus.org',
`"Rejected due to Spamhaus listing see http://www.abuse.net/sbl.phtml?IP=" $&{clientaddr} " for more information"')dnl

NOTE: It will need to come before any MAILER entries such as:

MAILER(smtp)dnl
MAILER(procmail)dnl

This will check each incoming connection against one of the most reliable RBLs and if the IP address of the incoming connection is on that list it will bounce the message backing saying:

Rejected due to....... see http://....... for more information

Some Linux distributions have Sendmail configured out of the box to accept E-mail from domains which do not have proper DNS information. This is necessary in some mobile/laptop situations, but in general it is not needed. To stop accepting E-mail from unresolvable domains just comment out this line in your sendmail.mc file by addding the letters 'dnl' in front of it:

FEATURE(`accept_unresolvable_domains')dnl

Performance

Here are a few items you can set in your configuration to ensure that slow senders do not tie up Sendmail processes:

define(`confTO_CONNECT', `1m')dnl
define(`confTO_IDENT', `0')dnl
define(`confTO_COMMAND', `2m')dnl

These set the timeouts for the initial connection and in between commands to be 1 and 2 minutes respectively. It also disables checking for ident information by setting it to zero. This can easily bog down a server as it takes awhile for the ident check to timeout and most servers aren't running it these days.

If you receive a lot of E-mail on a regular basis or get hit with sudden floods of it, you may want to explore using the following options:

define(`confMAX_DAEMON_CHILDREN', 20)dnl
define(`confQUEUE_LA', `18')dnl
define(`confREFUSE_LA', `24')dnl

The first setting instructs Sendmail to have at most 20 processes running at any one time. The next two determine at what system load levels Sendmail only queues up E-mail for later processing (confQUEUE_LA) and at what load level it rejects E-mail entirely. These two are useful in preventing a flood of spam from bringing your server to its knees.

Hopefully this helps you to better understand Sendmail configuration. If you find any errors or have any suggestions regarding this please feel free to E-mail me at frank@revsys.com.

Related Books

Here are some helpful Sendmail guides if you are still having trouble: