Newer versions of sendmail tend to listen on port 587. It's also called the submission
port in /etc/services. It's perfectly okay if you have that service enabled. If you
wanna get rid of it, clean the lines:
# SMTP daemon options
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
For further information on this issue, check RFC2476.
Make sure your helpfile in sendmail.cf looks like: helpfile=/etc/mail/emptyhelpnow touch the file /etc/mail/emptyhelp. Why you wanna do this? Easy. Because if you set it to null, HELP during a connection will tell the user that the help is not available, but also tell him the version number of sendmial. Which we wanna preserver!!
In the mc-file this is: define(`HELP_FILE',`/etc/mail/emptyhelp')dnl
Further change this line:SmtpGreetingMessage=which gets rid of the version banner at startup.
In your m4-configfile for sendmail, you probably want to do this:
define(`confSMTP_LOGIN_MSG', `')dnl
dnl This disables all of the commands that would allow an outsider to
dnl confirm email addresses, see who root mail is sent to, etc.
define(`confPRIVACY_FLAGS', `goaway')dnl
dnl Send a copy of bounce messages to the postmaster
define(`confCOPY_ERRORS_TO', `postmaster')dnl
In order to have sendmail running over secure connections, I use Stunnel. It's
a wrapper which you include in your inetd.conf or run it as a seperate deamon.
I prefer to put it in inetd.conf. To use it for SecureSMTP and SecureIMAP, use the
following two lines in the /etc/inetd.conf file:
smpts stream tcp nowait root /usr/local/sbin/stunnel stunnel -D 3 -p /usr/local/ssl/certs/stunnel.pem -r smtp
Don't forget the following three entries in the /etc/services:
imaps 993/tcp # imap4 protocol over TLS/SSL
imaps 993/udp # imap4 protocol over TLS/SSL
smpts 465/tcp # smpt protocol over SSL/TSL (was ssmpt)
Anti-SPAM for Sendmail
In your sendmail.mc use the directive:
FEATURE(dnsbl)
for versions 8.10 and above of sendmail.
For further information see: RBL"
