I found out later that setting 'sendmail_enable="NO"' in rc.conf and setting the root aliase in /etc/mail/aliases to point to me will get it to me. It uses the mail too and works. I did a test by: 'mail -v [EMAIL PROTECTED]' and it made it to me with sendmail off. Portsentry just adds the line to the hosts.deny file, and assumes that some other thing makes use of it. I think I recall something like TCP wrappers that does this? I'm not sure. I'll have to dig deeper to see how it's used. -Rob > On 20010209.1147, Patrick R. Wade said ... > > On Fri, Feb 09, 2001 at 09:10:24AM -0800, Rob Hudson wrote: > > > >Hello. > > > >Both of these relate to my little FreeBSD firewall I set up. It's a > >486 DX with 32MB RAM and a 250MB hard drive. Acting as a gateway for > >my cable modem. > > > >1) Is there a way to tell sendmail to only send mail from localhost > >and to not relay at all? I turned on sendmail so I can get the daily > >security reports in the mail w/o having to log in, but don't want a > >spammer to find it and use it for a relay. Maybe it's that way by > >default, but I'd like to verify that. > > I would do this by: > > 1. setting SENDMAIL=NO in /etc/rc.conf (this will stop the launching of > sendmail as a daemon; you can still invoke it from the command line to > send outgoing mail, so your mailsystem should still work) > > 2. setting sendmail to smarthost-relay via your ISP's mailserver > by altering the line in /etc/mail/sendmail.cf that begins DS > to include your ISP's mailserver, eg. > DSmailhost.efn.org > > 3. you might also deny access to SMTP to all but localhost, which takes > us to the next question. > > > > >2) How does /etc/hosts.deny work? I've got portsentry running on that > >box and whenever someone tickles it, it adds 'ALL: <IP>' to that file. > >Does another program run that reads this file? > > In principle, tcpd on FreeBSD does not look at /etc/hosts.deny, you need > to set up deny rules in /etc/hosts.allow. I haven't used portsentry, but > it looks from your description that it makes use of the hosts.deny file in > some way. I'll see if i can figure out how that works... > > > -- > Yes, we ARE a bunch of anal, short-tempered, quick to fly-off-the-handle, > sarcastic, know-it-alls. That's what running networks does to you. > > - James Fischer on inet-access
