------------------------------ Message: 23 Date: Sat, 25 Mar 2006 19:32:01 -0500 From: Anish Mistry <[EMAIL PROTECTED]> Subject: Re: Sendmail and Jails To: freebsd-questions@freebsd.org Cc: Jack Stone <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1"
On Saturday 25 March 2006 18:42, Jack Stone wrote: > I have been setting up jails on various production servers on > FBSD-6.0 & 4.11. > > I was wondering how/where to configure & avoid the port conficts > for sendmail as follows: > > - main host - all sendmail services in & out (or at least out) > - jail - just outgoing services > > I gather I will need to configure one or the other on a non-std > port as both will try to grab the same ports: 25 & 587 > > Any tips appreciated. Hi Jack, Since all jails and the main host have their own IP address, it is quite easy to do the setup you ask for. The idea here is to tell sendmail(8) on which IP it should bind to. No need to fuss around with ports or anything like that :o) For the sake of example, let's say we have this: main.host.com: 192.168.1.1 jail.host.com: 192.168.1.2 On the main host, make sure you have sendmail_enable="YES" in /etc/rc.conf. This will tell sendmail to run and listen for outside requests. Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1) command is enclosed in back-ticks). sudo vi /etc/mail/`uname -n`.mc Include whatever sendmail(8) MC macro configuration you need and make sure you have this line which tells sendmail(8) to listen on 192.168.1.1 on TCP port 25. DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl Save the `uname -n`.mc file and restart sendmail: cd /etc/mail sudo make install restart Make sure you check /var/log/maillog for any errors. Now for the jails, you only have to configure sendmail in whatever way you need and have this sendmail_enable="NO" in /etc/rc.conf. This tells sendmail to process mail only if it is originating from the localhost. I would recommend configuring each jails as a sendmail null client to your main host. For example: OSTYPE(`freebsd6')dnl FEATURE(`nullclient', `main.host.com')dnl Which will cause all jails to "punt" their mail directly to your main.host.com machine. If you're not sure about which ports are opened by sendmail in the main host or the jails, run the sockstat(1) command. Also, sendmail relies on DNS for everything, so make sure your DNS systems is on par with the various hostnames you use. Otherwise, you'll end up with long boot time and a whole bunch of broken mail problems. Finally, make sure you upgrade sendmail to version 8.13.6 because previous versions contain a vulnerability. Install port mail/sendmail. (this is my sendmail configuration in make.conf) sudo vi /etc/make.conf NO_SENDMAIL= true SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf .if ${.CURDIR:M*/mail/sendmail} SENDMAIL_WITHOUT_IPV6=yes \ SENDMAIL_WITHOUT_NIS=yes \ SENDMAIL_WITH_TLS=yes \ SENDMAIL_WITH_SMTPS=yes \ SENDMAIL_WITH_SASL=yes \ SENDMAIL_WITH_SASL2=yes \ SENDMAIL_WITH_LDAP=yes \ SENDMAIL_WITH_BERKELEYDB_VER=42 \ SENDMAIL_WITH_SOCKETMAP=yes \ # SENDMAIL_WITH_CYRUSLOOKUP=no \ SENDMAIL_WITH_PICKY_HELO_CHECK=yes \ SENDMAIL_WITH_SHARED_MILTER=yes .endif cd /usr/ports/mail/sendmail sudo make install sudo make mailer.conf sudo make clean Check if you're using the right one: sendmail -bt -d0.1 < /dev/null Let me know if you need more assistance. Of course, YMMV. Cheers, David -- David Robillard UNIX systems admin, CISSP _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"