On 5/21/07, Mikhail Goriachev <[EMAIL PROTECTED]> wrote:
Maxim Khitrov wrote:
> Hello,
>
> I'm trying to restrict access to sendmail via hosts.allow. Don't need
> a firewall, since I just want to block everyone but the localhost from
> sending e-mail out. Anyway, it seems that sendmail ignores these
> settings even though it was compiled with TCPWRAPPERS. I added
> "sendmail : all : deny" as the very first line in hosts.allow, just to
> see if it will let me connect from anywhere. It does - not just from
> localhost, but from all remote locations as well. I have no problems
> connecting and sending e-mail. Am I missing something?

I followed your earlier thread (hopefully this is a related topic). This
is strange. By default, sendmail is disabled. You don't even have to put
anything into rc.conf:

# grep sendmail /etc/defaults/rc.conf

Sendmail listens and accepts local mail only. You can't connect to it
from another machine:

# telnet some.host.tld 25
Trying 1.2.3.4...
telnet: connect to address 1.2.3.4: Connection refused
telnet: Unable to connect to remote host

You must've tweaked something to make it behave differently.

> I tested the same setup with sshd, and that works properly. After a
> quick search on google it seems that I'm not the only one with this
> problem, but I couldn't find any solution to this. Any help is greatly
> appreciated.

Share with us your testing methodology. From previous thread, I
understand that you just want something to submit your local mail (from
daemons, scripts, etc). Then as others already said, a simple alias in
/etc/mail/aliases and executing newaliases is sufficient.

Ok, so here's my current setup. I have sendmail_enable="NO" in rc.conf
(same as not having it there I guess), I've modified /etc/mail/aliases
to forward everything sent to root to my gmail account, and I added
"sendmail : all : deny" as the first line to /etc/hosts.allow while
I'm testing everything. Once I make sure that the deny rule works,
I'll allow access to sendmail only from localhost. This is all on
FreeBSD 6.2, but it's running in a jail, so that might have some
effect.

From my previous thread, sendmail is used only to accept messages sent
by processes running on the server, and send them to real e-mails
specified in /etc/aliases. That part works. However, even though
sendmail_enable is set to "NO" in rc.conf, sendmail still listens on
port 25, accepts mail from remote hosts, and the hosts.allow rule
doesn't seem to apply. Strange, isn't it? By the way, I just tried
removing sendmail_enable line from rc.conf completely and that had no
effect.

All I do for testing is basically start/restart sendmail, then telnet
to the server from my workstation at home. I get a standard reply, and
can then do the usual HELO, MAIL FROM, RCPT TO, DATA, and so on.
Relaying doesn't work, but sending to and all other aliases works fine
(which in this case is bad).

Think this might be some bug when sendmail is running in a jail? I
haven't modified anything beyond what's mentioned in this e-mail, and
I've checked all the settings. I can definitely connect to the server
from remote hosts despite the rc.conf and hosts.allow configuration.

- Maxim Khitrov
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to