On Thu, 25 Mar 2004 19:24:08 -0700, David Bear wrote: >> > I would like to run the stock sendmail freebsd has as a local MTA > only... ie I don't want to listening on ANY real/public interface for > mail. I do want it to handle delivery of local messages to local > accounts -- and handle sending messages destined for external systems. > > any pointers ? >>
Recent versions of the sendmail are installed non-setuid-root for security reasons (paranoia probably justified in the case of sendmail). Since local mail delivery requires root privilege in the general case, all local mail is forwarded to the smtp port on the local host for local delivery. If there is no sendmail daemon running as root and listening on the local smtp port, local mail cannot be delivered. Even on a non-networked single user workstation this is inconvenient because cron job output is delivered via email. I think you can modify /etc/mail/freebsd.submit.mc to deliver local mail the old way and make /usr/libexec/sendmail/sendmail setuid root. This may be documented /usr/src/contrib/sendmail/src/SECURITY. It looks ugly to me and may create worse security problems than running a sendmail daemon that listens on the smtp port. The standard FreeBSD version of sendmail is built with libwrap support. If your primary concern is hackers on other systems abusing your sendmail daemon, you can modify /etc/hosts.allow to permit smtp port access only from the local host. Life is too short to spend most of it trying to understand obscure sendmail documentation. Dan Strick [EMAIL PROTECTED] _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"