# Install other mail server software on FreeBSD



## sdf (Sep 10, 2018)

Hello everyone,

After installing the new mail server software, must Sendmail be replaced? Can the two coexist? For example, Sendmail is only used as a system's "native" MTA, and the other provides an external mail service?

Thanks.


----------



## Vladimir1922 (Sep 10, 2018)

If I understand properly, you want to use the external one as for your personal emails? In that case yes, you can perfectly coexist with both and use them for different purposes


----------



## ucomp (Sep 11, 2018)

sdf said:


> Can the two coexist?
> Thanks.



they can coexist on the same host but not on the same port


----------



## sdf (Sep 11, 2018)

Thanks. Only Sendmail is used to receive system functions such as messages sent by periodic. The other is for the usual mail service.

Can't use the same port. This is probably a problem.


----------



## rigoletto@ (Sep 11, 2018)

You can use dma(8) ( Dragonfly Mail Agent ) instead of sendmail. The dma is just a MTA and it is in Base too. See mailer.conf(5)


----------



## fulano (Sep 11, 2018)

sdf said:


> Thanks. Only Sendmail is used to receive system functions such as messages sent by periodic. The other is for the usual mail service.
> 
> Can't use the same port. This is probably a problem.



Yes, you can use other MTA for emails sent by `cron/periodic/at/local`. Disable sendmail with `sendmail_enable="NONE"` in /etc/rc.conf and enable your favorite MTA.

I'd suggest OpenSMTPD. We are a small office, ~100 emails sent every day, another 100+ received, and it works just great.


----------



## ShelLuser (Sep 11, 2018)

fulano said:


> Disable sendmail with `sendmail_enable="NONE"` in /etc/rc.conf and enable your favorite MTA.


That information is a bit outdated: on 11.2 Sendmail is disabled by default (see /etc/defaults/rc.conf) so there's no need to add this into /etc/rc.conf.

The only time you do need to start editing is if you want to replace the /usr/sbin/sendmail functionality (so: local mail delivery) with something else. Then you'd need to edit /etc/mail/mailer.conf and make the appropriate changes in /etc/rc.conf.


----------



## sdf (Sep 11, 2018)

fulano said:


> Yes, you can use other MTA for emails sent by `cron/periodic/at/local`. Disable sendmail with `sendmail_enable="NONE"` in /etc/rc.conf and enable your favorite MTA.



Thank you very much. It seems very troublesome to replace the default Sendmail on FreeBSD.

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html


----------



## SirDice (Sep 11, 2018)

ShelLuser said:


> That information is a bit outdated: on 11.2 Sendmail is disabled by default (see /etc/defaults/rc.conf) so there's no need to add this into /etc/rc.conf.


There's a difference between `sendmail_enable="NO"` (which is the default) and `sendmail_enable="NONE"`. A "NO" actually does start sendmail but in local-submit only mode (both `sendmail_submit_enable` and `sendmail_outbound_enable` are set to "YES" by default). A "NONE" doesn't start sendmail at all.

If you want to _replace_ sendmail you should use `sendmail_enable="NONE"` and configure the replacement MTA to also accept local mail. Which I would recommend otherwise you can have two different paths emails could travel, making it more opaque and error-prone. You don't want to find yourself in a situation where the local mail is allowed but other mail isn't or vice-versa. Terribly annoying to troubleshoot.

I've personally used mail/exim on my own mailserver, I started out with mail/postfix because it's supposed to be "easier" to configure. But quickly found it was anything but easy. Exim is a bit more complex but the way it's configured made more sense to me. It's been running for a couple of years now.


----------



## SirDice (Sep 11, 2018)

The change is understandable, it's a bit counter-intuitive because `sendmail_enable="NO"` still starts sendmail. So if you want to do it properly you should probably use 

```
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
```

`sendmail_enable="NONE"` still works though. And I'm not sure when this would be removed. I'm sure there will be some sort of announcement as this option has been in use for as long as I can remember (back to the 3.x era)


----------



## sdf (Sep 11, 2018)

SirDice said:


> There's a difference between `sendmail_enable="NO"` (which is the default) and `sendmail_enable="NONE"`. A "NO" actually does start sendmail but in local-submit only mode (both `sendmail_submit_enable` and `sendmail_outbound_enable` are set to "YES" by default). A "NONE" doesn't start sendmail at all.



Sendmail_enable="NONE" is valid, but the manual says:


> The ``NONE'' option is deprecated and should not be used.  It will be removed in a future release


https://www.freebsd.org/cgi/man.cgi....2-RELEASE+and+Ports&arch=default&format=html

At first I was going to try Exim, but I read a lot of comments and I am going to try OpenSMTPd.


OK, at least it is still valid on 11.2. Thank you.


----------



## ucomp (Sep 11, 2018)

SirDice said:


> --- I started out with mail/postfix because it's supposed to be "easier" to configure. But quickly found it was anything but easy. ..


... maybe 'easy to configure' is the wrong word for nearly every mailserver but there's a postfix-sasl version for FreeBSD, I would call it ' good and clear to configure' if someone does know what he's doing ;-) .


----------



## SirDice (Sep 12, 2018)

Well, I knew what I was doing but couldn't get it to bend to my will. That is, I couldn't get it to work like I wanted it to. So I just tried something else, Exim in my case.

What I was trying to say is, just try something. See if it works for you. If it doesn't, don't be afraid to start over with a different application. Keep trying until you find an application that does work for you.


----------



## kpa (Sep 12, 2018)

Postfix is imo almost a no-brainer to set up, the configurations files are plain english and the documentation is excellent.


----------



## ucomp (Sep 12, 2018)

I remember it bent to my will and became a no-brainer when I realized that dovecot uses its own sasl-implementation(which  does not work with postfix) and when I installed the postfix-sasl version under freebsd.Since then absolutely rock solid 24/7 running and `easy to configure"  ( e.g. Webmin makes it even 'easier' to control affected changes on the fly. '


----------



## sko (Sep 13, 2018)

I'm throwing in mail/ssmtp as a very lightweight replacement for sendmail.
If all you want is to get local mails out, e.g. through your regular mailserver or a mail relay in your local network, ssmtp makes it dead-simple. It also supports TLS/STARTTLS and user/password login on the remote MTA, so you can just hand out regular mail accounts on your mailserver for your servers and don't have to configure a "half open relay" by whitelisting IPs or something similar.

For a "regular" mailserver I always reverted to Postfix - it's extremely flexible, rock-solid and (if properly laid out) the config is very maintenance-friendly and readable. It's also extremely robust and battle-tested - with a sensible rule/milter order it can withstand huge spam attacks even on very small VPS without any problem. I usually only recognize there was something going on when receiving my weekly statistics and there were several (tens of) thousands rejected emails 

I've tested a bit with OpenSMTPd for my private mailserver, but IMHO it really lacks the flexibility of postfix and documentation on how to use milters is extremely scarce (or even non-existent). After hours of digging you might find out that they changed the API a while ago and did'nt yet fixed a new one, so milters won't work until the API is stable again...
So for a production server OpenSMTPd was a no-go for me - although the configuration syntax is very nice as it basically resembles PF config language which makes it very easy to read and enables you to build somewhat complex rule dependencies by making "fall through" rules and order them as needed. Although this may make the overall layout of the config file a bit messy. Especially after the recent change to 2-line syntax and when the milter-API is fixed I'll definately have another look at it as it might be a viable alternative to Postfix.




sdf said:


> Thanks. Only Sendmail is used to receive system functions such as messages sent by periodic. The other is for the usual mail service.
> 
> Can't use the same port. This is probably a problem.


You usually don't run two MTAs on the same system. All (?) MTAs have some kind of sendmail-compatibility, so local delivery can still be done through a sendmail-imitating interface. Usually you just update the /etc/mail/mailer.conf to point to the binary of the MTA (or its sendmail-counterpart) and you're done.
At least ssmtpd gives you all the instructions after installation (from packages):

```
To replace sendmail with ssmtp type "make replace" or change
your /etc/mail/mailer.conf to:

sendmail        /usr/local/sbin/ssmtp
send-mail       /usr/local/sbin/ssmtp
mailq           /usr/local/sbin/ssmtp
newaliases      /usr/local/sbin/ssmtp
hoststat        /usr/bin/true
purgestat       /usr/bin/true
```


----------



## sdf (Sep 13, 2018)

sko said:


> I'm throwing in mail/ssmtp as a very lightweight replacement for sendmail.



Thank you very much. I will try Postfix when I have time.


----------



## xtaz (Sep 13, 2018)

ucomp said:


> I remember it bent to my will and became a no-brainer when I realized that dovecot uses its own sasl-implementation(which  does not work with postfix) and when I installed the postfix-sasl version under freebsd.Since then absolutely rock solid 24/7 running and `easy to configure"  ( e.g. Webmin makes it even 'easier' to control affected changes on the fly. '



Um. Postfix *does* work with dovecot's SASL? There is an option in the port specifically for this. And I believe it's on as default. It requires a few lines in the config file to point to the authentication socket that dovecot creates. It's pretty easy and I've used it for years.


```
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
```

There's obviously more to it than just that, but yeah. It's pretty easy.


----------



## drhowarddrfine (Sep 13, 2018)

I haven't bothered to read through this thread but there's nothing wrong with using sendmail. It's the only mta my company has ever used. Yes, it might be more complicated or confusing to set up--I'm not so sure about that--but it does everything you want it to, especially in a programming environment.


----------



## ucomp (Sep 13, 2018)

xtaz said:


> Um. Postfix *does* work with dovecot's SASL? There is an option in the port specifically for this. And I believe it's on as default. It requires a few lines in the config file to point to the authentication socket that dovecot creates. It's pretty easy and I've used it for years.
> 
> 
> ```
> ...


Well, SirDice invented the cool *Easy* Mail Server paradigm 
For me under freebsd Dovecot worked out of the box authenticating through  Unix passwd file.
For Postfix I found it easier to install the freebsd postfix-sasl version and authenticate through Cyrus sasl by 
	
	



```
saslpasswd2
sasldblistusers2
```
then setting up certs, relays ...  I think every mailserver  we know about how it works is easy( even sendmail). The get-to-know can be a bit *uneasy...* sometimes... ;-)


----------

