As default Sendmail listens to each ip address it can find on a host. if those are aliased and not separate interfaces, mail will always be send and received from the main address (eth0 on Linux). This is less than optimal in case you have a couple of ip addresses to play with and like to separate services from ip addresses that are primarily meant to serve web pages. Ideally we have ip addresses in different subnets and are able to select the least troublesome ip address for sending and receiving mail, which is not listed on any blocklist or reveals a history of spam from its previous owner in search engines. The goal of this article will be to configure sendmail in a way, that it only listens to one interface and uses it for sending and receiving mail, pretending to the outside world to be a separate server and revealing less about our server setup. The example refers to Debian Linux, but should work similar on other Linux flavours, too.

Assumed we want to use the ip address 10.10.0.1 as main “mail interface” but at the same time make sure that local mail submissions (daemon notifications on root via loopback) are still working as expected, than we can add the following entries to sendmail.mc:

DAEMON_OPTIONS(`Addr=127.0.0.1, Family=inet, Name=MTA-v4, Port=smtp')dnl
DAEMON_OPTIONS(`Addr=127.0.0.1, Family=inet, Name=MSA, Port=submission')dnl
DAEMON_OPTIONS(`Addr=10.10.0.1, Family=inet, Name=MTA-v4, Port=smtp, M=bh')dnl

Our loopback will now listen on two ports, because on Debian submission is used by daemons to send their notifications to root. This may be Debian specific and other Linux distributions may not require the submission port to be open for local mails. The address used for communication with the outside world features two “Modifier” flags. These flags tell Sendmail to use the same interface and its hostname for sending and receiving email. Mind the order, you cannot mix different interfaces as this will result in at least one of them not getting started at all. Best is to group them by address and port number.

In order to make these changes take effect, you need to switch into the /etc/mail directory and run make. This will update the residing configuration files accordingly. After that you should change to /etc/init.d and restart sendmail. If everything was working as expected, you should be able to see something like this when typing netstat -an

tcp        0      0 127.0.0.1:25          0.0.0.0:*             LISTEN
tcp        0      0 127.0.0.1:587         0.0.0.0:*             LISTEN
tcp        0      0 10.10.0.1:25          0.0.0.0:*             LISTEN

In case you still see sendmail sitting on all interfaces, check whether the previous Family=inet lines, that did not specify any addresses are still around. In case they are you need to remove them, switch to /etc/mail, run make, change to /etc/init.d and restart sendmail again.