Sendmail: Listen on Loopback Only

From SlackWiki
Jump to: navigation, search

It is almost always necessary to run the sendmail daemon, even on systems that don't act as public SMTP servers. Without sendmail, output from cron and at jobs won't be delivered. However, unnecessarily exposing your SMTP ports to the Internet or even to a large LAN is poor security practice. This article will explain how to configure sendmail to listen only on the local loopback interface (127.0.0.1).

Required Packages

You must have the sendmail-cf package installed, which in turn requires the m4 package. These packages are available as part of the official Slackware distribution.

Edit the Configuration File

Change into the directory /usr/share/sendmail/cf/cf. This directory is installed by the sendmail-cf package and contains a wide variety of sample sendmail configuration files. The default configuration on Slackware is the sendmail-slackware.mc file. Edit this file, and make the following additions:

  • Along with the other FEATURE options, add this line:
 FEATURE(`no_default_msa')dnl
  • Right before the MAILER lines, add this line:
 DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA')dnl

Install the Configuration File

 m4 sendmail-slackware.mc >/etc/mail/sendmail.cf

Warning: If you had previously hard-coded any configuration options in sendmail.cf, they will be overwritten. It is recommended (and generally easier) to make changes only to sendmail-slackware.mc and then rebuild sendmail.cf with the command above.

Restart Sendmail

 /etc/rc.d/rc.sendmail restart

Sources