On Mon, 21 May 2007, Maxim Khitrov wrote:

On 5/21/07, Mikhail Goriachev <[EMAIL PROTECTED]> wrote:
Maxim Khitrov wrote:
> Hello,
> I'm trying to restrict access to sendmail via hosts.allow. Don't need
> a firewall, since I just want to block everyone but the localhost from
> sending e-mail out. Anyway, it seems that sendmail ignores these
> settings even though it was compiled with TCPWRAPPERS. I added
> "sendmail : all : deny" as the very first line in hosts.allow, just to
> see if it will let me connect from anywhere. It does - not just from
> localhost, but from all remote locations as well. I have no problems
> connecting and sending e-mail. Am I missing something?

I followed your earlier thread (hopefully this is a related topic). This
is strange. By default, sendmail is disabled. You don't even have to put
anything into rc.conf:

# grep sendmail /etc/defaults/rc.conf

Sendmail listens and accepts local mail only. You can't connect to it
from another machine:

# telnet some.host.tld 25
telnet: connect to address Connection refused
telnet: Unable to connect to remote host

You must've tweaked something to make it behave differently.

> I tested the same setup with sshd, and that works properly. After a
> quick search on google it seems that I'm not the only one with this
> problem, but I couldn't find any solution to this. Any help is greatly
> appreciated.

Share with us your testing methodology. From previous thread, I
understand that you just want something to submit your local mail (from
daemons, scripts, etc). Then as others already said, a simple alias in
/etc/mail/aliases and executing newaliases is sufficient.

Ok, so here's my current setup. I have sendmail_enable="NO" in rc.conf
(same as not having it there I guess), I've modified /etc/mail/aliases
to forward everything sent to root to my gmail account, and I added
"sendmail : all : deny" as the first line to /etc/hosts.allow while
I'm testing everything. Once I make sure that the deny rule works,
I'll allow access to sendmail only from localhost. This is all on
FreeBSD 6.2, but it's running in a jail, so that might have some

sendmail_enable="NO" means there is no sendmail daemon running. You can verify this via "ps -aux | grep sendmail". Remove that statement. Without a reboot you can start sendmail by cd /etc/mail; make start.

Unless you have changed the freebsd.mc file and done a 'make install' I do not believe sendmail will accept from any connections except except on (localhost). This is what you want I think. If that's it as others have said, there is no reason to use the hosts.allow mechanism. This is independent of the jail environment.

  sockstat|grep sendmail

and you can see whats going on.
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to