# Replacing Sendmail with Postfix tough question.



## SomeoneHere (Mar 19, 2009)

Well let me give a little background.  I have gone through some pain staking steps and reading but have yet to find an answer that puts my concerns to rest.  I have been using Freebsd for awhile now and would like to set up a postfix mail server.  I have used the ports collection for my install but I am hoping that someone can give me a better understanding.  I have installed postfix,amavisd-new,clamav, clamav-milter, spamassassin, spamassassin-milter, dovecot and squirrelmail.  From what I can tell it works. But what I did to make it works concerns me.  First here

rc.conf


```
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
dovecot_enable="YES"
amavisd_enable="YES"
clamav_clamd_enable="YES"
clamav_milter_enable="YES"
clamav_milter_flags="--local --outgoing --max-children=50 --quarantine-dir=/var/quarantine --headers --timeout=0 --postmaster-only"
spamd_enable="YES"
spamd_flags="-u spamd"
spamass_milter_enable="YES"
```
/etc/periodic.conf


```
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
```
mailer.conf

```
#
# Execute the Postfix sendmail program, named /usr/local/sbin/sendmail
#
sendmail	/usr/local/sbin/sendmail
send-mail	/usr/local/sbin/sendmail
mailq	/usr/local/sbin/sendmail
newaliases	/usr/local/sbin/sendmail
```
clamav and spamassassin where not communicating with amavisd-new and to get it to work I added /etc/mail/sendmail.cf this


```
O InputMailFilters=clamav,spamassassin
Xspamassassin, S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m
Xclamav, S=local:/var/run/clamav/clmilter.sock, F=T, T=S:4m;R:4m
```
My first concern is why would I have to modify this file for it to work?  I should be using postfix no sendmail.  My other concern is with the file 
/etc/mail/README


```
As of sendmail 8.12, in order to improve security, the sendmail binary no
longer needs to be set-user-ID root.  Instead, a set-group-ID binary
accepts command line mail and relays it to a full mail transfer agent via
SMTP.  A group writable client mail queue (/var/spool/clientmqueue/ by
default) holds the mail if an MTA can not be contacted.

To accomplish this, under the default setup, an MTA must be listening on
localhost port 25.  If the rc.conf sendmail_enable option is set to "NO",
a sendmail daemon will still be started and bound only to the localhost
interface in order to accept command line submitted mail (note that this
does not work inside jail(2) systems as jails do not allow binding to
just the localhost interface).  If this is not a desirable solution, it
can be disabled using the sendmail_submit_enable rc.conf option.  However,
if both sendmail_enable and sendmail_submit_enable are set to "NO", you
must do one of two things for command line submitted mail:

1. Designate an alternative host for the submission agent to contact
   by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
   in /etc/make.conf to an alternate .mc file) and using
   'make install-submit-cf' in /etc/mail/.  Change the FEATURE(msp) line
   to FEATURE(msp, hostname) where hostname is the fully qualified hostname
   of the alternative host.
```

is this telling me that despite everyone saying that all you need to do to disable sendmail is add 


```
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
```

to the rc.conf there is more that needs to be done to not use sendmail?  My concern is that any command line emails or emails using squirrelmail are using sendmail instead of postfix and this would be a waste of resource and security issue.  Any one that can shed some light on this for me would be greatly appreciated.


----------



## Mel_Flynn (Mar 19, 2009)

Any program directly invoking /usr/sbin/sendmail, will effectively be calling /usr/sbin/mailwrapper. mailwrapper consults /etc/mail/mailer.conf to get the path to the real binary and then invokes that in return.

No idea about the milter stuff, anti-virus doesn't interest me and I use dspam with postfix, but I would be very surprised that the stock sendmail would come into play ever.

The /usr/local/sbin/sendmail is a compatible version of sendmail provided by postfix, for the purpose of injecting mail locally into the queue.

Also, the 4 NO's in /etc/rc.conf can be (forwards-compatible) specified as sendmail_enable="NONE". With forwards-compatible I mean that NONE is guarenteed by the rc team, to disable any and all sendmail binaries, even if it means 20 in the future.


----------



## Visitor (Jan 2, 2012)

Mel_Flynn said:
			
		

> Also, the 4 NO's in /etc/rc.conf can be (forwards-compatible) specified as sendmail_enable="NONE". With forwards-compatible I mean that NONE is guarenteed by the rc team, to disable any and all sendmail binaries, even if it means 20 in the future.



I am going to reply to this as others will stumbled upon this thread from search engines like I did.

As of 2012, 
	
	



```
sendmail_enable="NONE"
```
 should no longer be used, according to sendmail's man page at http://www.freebsd.org/cgi/man.cgi?query=rc.sendmail&sektion=8:



> ```
> sendmail_enable
> (str) If set to ``YES'', run the sendmail(8) daemon at system
> boot time.  If set to ``NO'', do not run a sendmail(8) daemon to
> ...


----------

