Quoting Ernst de Haan <[EMAIL PROTECTED]> (from Thu, 26 Jul 2007
23:15:20 +0200):
I want to restrict my jail sandboxes to sending mail only. Could anyone
give me some advice? This is for a web-/applicationserver that needs to
be able to send mail, but should never be running any mail service on
external network interfaces.
My preference is a minimalistic approach; I was thinking of creating
one specialized sandbox that only provides mail sending functionality
for the other sandboxes:
- make it listen for SMTP connections on the loopback device
(e.g. 127.0.0.5), only allowing incoming connections from
the other sandboxes (127.0.0.255);
- forward the mail to a 'real' SMTP server using mail/ssmtp,
via a secure (SSL) connection, with authentication;
Does anyone have experience with such an approach? If so, what would
you use for the SMTP forwarding? Any advice?
In my jails at home I configured sendmail with a smarthost
(respectively a msp for the submit.mc) and use
sendmail_enable="NO"
sendmail_submit_enable="YES"
in rc.conf.
My smarthost is postfix in another jail and it delivers via TLS+sasl
to a box with an official and static IP which is responsible for the
final delivery.
Bye,
Alexander.
--
Fact is solidified opinion.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
