On Fri, Feb 09, 2001 at 09:10:24AM -0800, Rob Hudson wrote:
>
>Hello.
>
>Both of these relate to my little FreeBSD firewall I set up. It's a
>486 DX with 32MB RAM and a 250MB hard drive. Acting as a gateway for
>my cable modem.
>
>1) Is there a way to tell sendmail to only send mail from localhost
>and to not relay at all? I turned on sendmail so I can get the daily
>security reports in the mail w/o having to log in, but don't want a
>spammer to find it and use it for a relay. Maybe it's that way by
>default, but I'd like to verify that.
I would do this by:
1. setting SENDMAIL=NO in /etc/rc.conf (this will stop the launching of
sendmail as a daemon; you can still invoke it from the command line to
send outgoing mail, so your mailsystem should still work)
2. setting sendmail to smarthost-relay via your ISP's mailserver
by altering the line in /etc/mail/sendmail.cf that begins DS
to include your ISP's mailserver, eg.
DSmailhost.efn.org
3. you might also deny access to SMTP to all but localhost, which takes
us to the next question.
>
>2) How does /etc/hosts.deny work? I've got portsentry running on that
>box and whenever someone tickles it, it adds 'ALL: <IP>' to that file.
>Does another program run that reads this file?
In principle, tcpd on FreeBSD does not look at /etc/hosts.deny, you need
to set up deny rules in /etc/hosts.allow. I haven't used portsentry, but
it looks from your description that it makes use of the hosts.deny file in
some way. I'll see if i can figure out how that works...
--
Yes, we ARE a bunch of anal, short-tempered, quick to fly-off-the-handle,
sarcastic, know-it-alls. That's what running networks does to you.
- James Fischer on inet-access
