If the mail submission program (MSP) feature is used, the feature(`msp') statement in submit.mc directs the sendmail client to connect to localhost by default, which is typically LOOPBACK or LOOPBACK6. In a CINET environment, these addresses can be ambiguous if you are not using stack affinity. This default approach works when you are running only one restricted stack, or the client is running with stack affinity to a restricted stack. The sendmail daemon must be running on the same restricted stack and must not bind the MSA socket to a specific IP address. In all other cases, the feature(`msp') statement in submit.mc must include the host name of the sendmail daemon. If you are using the same host name for your sendmail daemons with security label-specific domain names, you can use a shared submit.cf that specifies the host name without the domain (that is, not fully qualified). If you are using different host names for your sendmail daemons, you must provide a separate submit.cf for each security label.
The sendmail client and MSP are permitted to connect only to a sendmail MSA or MTA with an equivalent security label.