Setting up sendmail on a firewall, Part 1

By Carole Fennelly, Unix Insider |  Networking

  • Advantage: Really allows you to fine-tune who you will accept
    mail from. For example, I may not want to accept mail from domains
    that can't be resolved, but I want to make an exception for a
    particular domain or address. If yours is a large site, you may want
    the greater flexibility this can give you -- it's rather like a
    firewall rule base.

  • Disadvantage: You have to build the database file and keep it updated.
    It can become rather complex -- it's rather like a firewall rule base.
    The more complex you make it, the harder it is to maintain.


By default, if the sender's address isn't fully qualified, sendmail
will refuse the connection. For example:

mail from: 
553 ... Domain name required

Use of this feature overrides the default so the connection
will be accepted.

  • Advantage: I recommend always using fully qualified addresses.
    However, on an internal mail gateway, you may not be able to control
    how the other local systems send you mail, and this will allow you to
    accept mail with unqualified sender addresses.

  • Disadvantage: You lose some ability to track where mail is coming
    from. Don't use this on a firewall.


This allows you to block incoming mail to accounts you don't
want to receive mail by listing the account in the access database.
The mail appears to be accepted but is actually dumped to

  • Advantage: You may want to use this for "nobody" or "guest" accounts.

  • Disadvantage: You have to set up the access database. This isn't much of
    a disadvantage, but it is another step.


If spam is a
major problem for your site, you'll be interested in the Realtime Blackhole List.
A list of known spam hosts is maintained at The rbl feature
causes sendmail to check with (or another RBL server if you specify)
and blocks mail if the host is on that list.

  • Advantage: You don't have to worry about maintaining your own list
    of spam hosts.

  • Disadvantage: You're trusting that the RBL server is accurate. This may also cause a delay in accepting a connection while the RBL server is contacted.


If a host has an MX record that points to your site, this feature accepts and
relays mail for them.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question