Hi All,

Working on standard sendmail 8.13.8 on FreeBSD 6.2.  Machine has a 2nd NIC that 
I want to use for a jail environment, so I'm trying to get rid of all the 
extraneous servers listening on it.

Sendmail was of course listening on the smtp and submission ports on all 
interfaces.  I tracked down the sendmail option DaemonPortOptions to configure 
this.

In the STANDARD sendmail.cf file there was:
   O DaemonPortOptions=Name=MTA
   O DaemonPortOptions=Port=587, Name=MSA, M=E

So I edited the .mc macro to add:
   DAEMON_OPTIONS(`Addr=127.0.0.1,Port=smtp,Name=MTA')
   DAEMON_OPTIONS(`Addr=172.23.23.10,Port=smtp,Name=MTA')

Which built sendmail.cf with:
   O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA
   O DaemonPortOptions=Addr=172.23.23.10,Port=smtp,Name=MTA
   O DaemonPortOptions=Port=587, Name=MSA, M=E

That closed port 25 on the extra NIC, but netstat still shows "tcp4 *.submission LISTEN". 
 I definitely need to close port 587 in the 2nd NIC, but I was wondering about "best 
practices" for this.  Shouldn't the submission thing ONLY be on the localhost IP?  I'm 
thinking I can use:
   DAEMON_OPTIONS(`Addr=127.0.0.1,Port=587,Name=MSA,M=E')

Am I going in the right direction here?  It looks like I've turned off smtp as intended, 
but wondering if I'm doing the right thing with restricting submission.  Any other 
suggestions on configuring this?  (other than "don't use sendmail")  This is on 
a live server, so I don't want to hose things up too much experimenting!

 -Thanks,  Rob
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to