Set up sendmail to run in send-only mode

May 27, '03 08:06:00AM

Contributed by: macubergeek

There have been previous hints on this forum regarding activating Sendmail. For instance, this hint, which in turn references the O'Reilly instructions. However, there is one nit I'd like to pick with the O'Reilly instructions. Go to their page and scroll down to where they say:

If you are going to not blame sendmail, then there are two ways in which we can administer this medication. The first is to edit the /System -> Library -> StartupItems -> Sendmail -> Sendmail startup script in order to use the following commands to start up sendmail:
/usr/sbin/sendmail \
  -OdontBlameSendmail=GroupWritableDirPathSafe -bd -q1h
/usr/sbin/sendmail \
  -OdontBlameSendmail=GroupWritableDirPathSafe \
  -C /etc/mail/submit.cf -q1h
This does a pretty good job. However, some of the other commands...
Ok here's the nit to pick: If you are activating sendmail to merely send outgoing email via the mail command and are not accepting incoming email from another mail server, then do not start sendmail with the -bd flag. This launches sendmail and has it listening on port 25. Bad mojo if you are running a vulnerable version of sendmail. Instead, launch it with this:
/usr/sbin/sendmail -q1h
All this does is launch the daemon and clear the mail queue every hour. You should still be able to use mail command to send email. To make this change, edit the file /System -> Library -> StartupItems -> Sendmail -> Sendmail. Go to line 23 and change:

/usr/sbin/sendmail -bd -q1h to /usr/sbin/sendmail -q1h.

This will be create a more secure use of sendmail if all you want to do is use the mail command to send system cron alerts and such.

Comments (5)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030522162520409