Sendmail is mature but complex; secure operation requires careful macro and access configuration.
¶ Relay and Access Controls
- Ensure anti-relay controls are strict and tested.
- Restrict trusted networks and authenticated submission paths.
- Disable unused mailer features and debug interfaces.
¶ TLS and Auth
- Enforce TLS for submission and protect private keys.
- Configure SMTP AUTH securely where used.
- Validate DNS and mail authentication layers (SPF/DKIM/DMARC integration).
- Manage
sendmail.mc and generated configs via version control.
- Audit local rulesets and map files for unsafe behavior.
- Patch Sendmail and dependencies regularly.