On Sun, Mar 09, 2003 at 05:09:09PM -0800, Josh Brooks wrote:
> 
> First off, thank you for your help.  Here is what I did:
> 
> first, I edited /etc/mail/freebsd.mc and made it look like this:
> 
> dnl Uncomment both of the following lines to listen on IPv6 as well as
> dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
> dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6')
> FEATURE(no_default_msa)
> DAEMON_OPTIONS(`Name=IPv4, Addr=10.10.2.10, Family=inet')
> DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet')
> DAEMON_OPTIONS(`Name=MSA, Addr=10.10.2.10, Port=587, M=E')
> DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E')
> DAEMON_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6')
> 
> Then I did:
> 
> cd /etc/mail
> make all
> make install
> 
> And I verified that it went into sendmail.cf by looking at these lines
> that are now in sendmail.cf:
> 
> # SMTP daemon options
> 
> O DaemonPortOptions=Name=IPv4, Addr=10.10.2.10, Family=inet
> O DaemonPortOptions=Name=IPv4, Addr=127.0.0.1, Family=inet
> O DaemonPortOptions=Name=MSA, Addr=10.10.2.10, Port=587, M=E
> O DaemonPortOptions=Name=MSA, Addr=127.0.0.1, Port=587, M=E
> O DaemonPortOptions=Name=IPv6, Addr=::1, Family=inet6
> 
> Then I:
> 
> /bin/sh /etc/rc.sendmail restart
> 
> 
> And there was no change in the behavior.  When I send mail from the
> jail-host to the jail, I get a return mail saying "MX record for jail
> points back to jail-host" (which by the way, is patently WRONG - the mx
> record for jail resolves to X, and X is NOT jail-host...)

Hmmm... The point with the DAEMON_OPTIONS stuff is to make sendmail
bind to just the IP numbers for the host system and not to the
jails. What do you get from running:

    % sockstat | grep sendmail

I've got a jailed setup much like the one you want to set up, and I get:

    % sockstat | grep sendmail
    root     sendmail 17330    4 tcp4   81.2.69.218:25        *:*
    root     sendmail 17330    5 tcp4   127.0.0.1:25          *:*
    root     sendmail 17330    6 tcp4   81.2.69.218:587       *:*
    root     sendmail 17330    7 tcp4   127.0.0.1:587         *:*
    root     sendmail 17330    8 tcp6   ::1:25                *:*
    smmsp    sendmail 62897    3 dgram  syslogd[62885]:3
    root     sendmail 17330    3 dgram  syslogd[98]:3
    smmsp    sendmail 17329    3 dgram  syslogd[98]:3

Where PID 62897 is the sendmail MSP queue runner in the jail.  Note
that in this setup, nothing binds to and listens on any network ports
from within the jail.

> Also, I noticed in /var/log/maillog that when sendmail starts, it does
> a reverse lookup on all the IPs on the system, and it fails on one of them
> - leaving me a:
> 
> Mar  9 16:44:25 www sm-mta[10541]: gethostbyaddr(10.10.2.12) failed: 1
> 
> And this shows that sendmail is not doing what I tell it to in freebsd.mc-
> because if it was, it would NOT CARE AT ALL about that other IP on the
> system and whether or not it can reverse it, since as far as sendmail
> should be concerned, that IP does not exist.

Hmmm... I also have:

    define(`confDOMAIN_NAME', `smtp.infracaninophile.co.uk')dnl

in my .mc file: that may stop sendmail trying to reverse lookup all
it's interfaces in an attempt to work out what its FQDN is.  

> But, as you can see, it is continuing to care about other IPs on the box,
> such that it complains about an unrelated IP not being reversible, and
> continues to complain that the mx list for jail points back to jail-host
> (presumably because what jail _does_ resolve to is an IP it sees itself as
> owning...)

That can be because sendmail finds itself unexpectedly receiving the
message it thinks it is sending off to the next hop for further
processing.  It usually means that the /etc/mail/local_host_names file
needs to be adjusted, but that may not be the case here.
 
> So ... is there any way to get this to work ?The only way I can find is to
> unconfig the network interface for the IP of `jail` and then start
> sendmail, and then reconfig the jail IP. That works, but it is incredibly
> lame.

Well, it works for me.  I'd be interested to find out if the
confDOMAIN_NAME thing is significant.  If so, then it seems that I
must have lucked out to have stumbled on that accidentally.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to