List each of your domains in virtual-domains, one per line
List each of your users in virtusertable, but I'd suggest using an alias instead of listing each group of users there and use /etc/aliases to keep track of your lists, so - tab separated...
Do the same with somewhere.com - you can redirect to a different system if you want like the luke reference.
That way you can have different postmasters as needed. At the bottom, add
@domain.tld error:nouser 550 5.1.1 User not defined in this domain
@somewhere.com error:nouser 550 5.1.1 User not defined in this domain
to catch e-mails to any user that doesn't have a valid address and immediately error out.
Then in your /etc/aliases file, define how the lists are distributed
Modify /etc/mail/local-host-names to reflect all host names your host is known by and make sure that the DNS is properly configured for each, with the appropriate MX record pointing to your host.
If you have backup servers, you'll need to distribute a copy of the virtusertable to them as well so that they can properly reject mail that doesn't exist, and you'll have to modify the format so you have lines like...
or whatever to cause the backup server to send the mail on to the primary server when it comes online.
You can do spam processing on the backup servers to reduce load if you want, but if you do that, you'll have to do the spam processing on the main server via a /etc/procmailrc setup rather than the milter with a test to see if it's already been done on your backup box. I'd run clamAV on all primary and backup servers via a milter.
If you get a lot of mail, I'd recommend adding the dnsbl directly into the sendmail system via
call - use whatever ones you feel you qualify for based on mail volume and licensing. Others include dnsbl.njabl.org, xbl.spamhaus.org, sbl.spamhaus.org, and zen.spamhaus.org.
Set up certificates on your host, although I haven't found a good way to support multiple domains for this. Enable the daemon for global....
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')
DAEMON_OPTIONS(`Port=smtps, Name-TLSMTA, M=s')
Don't accept unresolvable domains...
Make sure the virtusertable is turned on
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')
Most of the timeouts are OK, but you might want to add
Run newaliases and run make in the /etc/mail directory and restart sendmail.
That should get you started. Good luck.