On Mon, 21 May 2007, Maxim Khitrov wrote:
On 5/21/07, Mikhail Goriachev <[EMAIL PROTECTED]> wrote:
Maxim Khitrov wrote:
> Hello,
>
> I'm trying to restrict access to sendmail via hosts.allow. Don't need
> a firewall, since I just want to block everyone but the localhost from
> sending e-mail out. Anyway, it seems that sendmail ignores these
> settings even though it was compiled with TCPWRAPPERS. I added
> "sendmail : all : deny" as the very first line in hosts.allow, just to
> see if it will let me connect from anywhere. It does - not just from
> localhost, but from all remote locations as well. I have no problems
> connecting and sending e-mail. Am I missing something?
I followed your earlier thread (hopefully this is a related topic). This
is strange. By default, sendmail is disabled. You don't even have to put
anything into rc.conf:
# grep sendmail /etc/defaults/rc.conf
Sendmail listens and accepts local mail only. You can't connect to it
from another machine:
# telnet some.host.tld 25
Trying 1.2.3.4...
telnet: connect to address 1.2.3.4: Connection refused
telnet: Unable to connect to remote host
You must've tweaked something to make it behave differently.
> I tested the same setup with sshd, and that works properly. After a
> quick search on google it seems that I'm not the only one with this
> problem, but I couldn't find any solution to this. Any help is greatly
> appreciated.
Share with us your testing methodology. From previous thread, I
understand that you just want something to submit your local mail (from
daemons, scripts, etc). Then as others already said, a simple alias in
/etc/mail/aliases and executing newaliases is sufficient.
Ok, so here's my current setup. I have sendmail_enable="NO" in rc.conf
(same as not having it there I guess), I've modified /etc/mail/aliases
to forward everything sent to root to my gmail account, and I added
"sendmail : all : deny" as the first line to /etc/hosts.allow while
I'm testing everything. Once I make sure that the deny rule works,
I'll allow access to sendmail only from localhost. This is all on
FreeBSD 6.2, but it's running in a jail, so that might have some
effect.
sendmail_enable="NO" means there is no sendmail daemon running. You can verify
this via "ps -aux | grep sendmail". Remove that statement. Without a reboot you
can start sendmail by cd /etc/mail; make start.
Unless you have changed the freebsd.mc file and done a 'make install' I do not
believe sendmail will accept from any connections except except on 127.0.0.1
(localhost). This is what you want I think. If that's it as others have said,
there is no reason to use the hosts.allow mechanism. This is independent of the
jail environment.
sockstat|grep sendmail
and you can see whats going on.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
