Re: (send)mailing from jail-host to jail
On Sun, Mar 09, 2003 at 05:09:09PM -0800, Josh Brooks wrote: > > First off, thank you for your help. Here is what I did: > > first, I edited /etc/mail/freebsd.mc and made it look like this: > > dnl Uncomment both of the following lines to listen on IPv6 as well as > dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet') > dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6') > FEATURE(no_default_msa) > DAEMON_OPTIONS(`Name=IPv4, Addr=10.10.2.10, Family=inet') > DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet') > DAEMON_OPTIONS(`Name=MSA, Addr=10.10.2.10, Port=587, M=E') > DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E') > DAEMON_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6') > > Then I did: > > cd /etc/mail > make all > make install > > And I verified that it went into sendmail.cf by looking at these lines > that are now in sendmail.cf: > > # SMTP daemon options > > O DaemonPortOptions=Name=IPv4, Addr=10.10.2.10, Family=inet > O DaemonPortOptions=Name=IPv4, Addr=127.0.0.1, Family=inet > O DaemonPortOptions=Name=MSA, Addr=10.10.2.10, Port=587, M=E > O DaemonPortOptions=Name=MSA, Addr=127.0.0.1, Port=587, M=E > O DaemonPortOptions=Name=IPv6, Addr=::1, Family=inet6 > > Then I: > > /bin/sh /etc/rc.sendmail restart > > > And there was no change in the behavior. When I send mail from the > jail-host to the jail, I get a return mail saying "MX record for jail > points back to jail-host" (which by the way, is patently WRONG - the mx > record for jail resolves to X, and X is NOT jail-host...) Hmmm... The point with the DAEMON_OPTIONS stuff is to make sendmail bind to just the IP numbers for the host system and not to the jails. What do you get from running: % sockstat | grep sendmail I've got a jailed setup much like the one you want to set up, and I get: % sockstat | grep sendmail root sendmail 173304 tcp4 81.2.69.218:25*:* root sendmail 173305 tcp4 127.0.0.1:25 *:* root sendmail 173306 tcp4 81.2.69.218:587 *:* root sendmail 173307 tcp4 127.0.0.1:587 *:* root sendmail 173308 tcp6 ::1:25*:* smmspsendmail 628973 dgram syslogd[62885]:3 root sendmail 173303 dgram syslogd[98]:3 smmspsendmail 173293 dgram syslogd[98]:3 Where PID 62897 is the sendmail MSP queue runner in the jail. Note that in this setup, nothing binds to and listens on any network ports from within the jail. > Also, I noticed in /var/log/maillog that when sendmail starts, it does > a reverse lookup on all the IPs on the system, and it fails on one of them > - leaving me a: > > Mar 9 16:44:25 www sm-mta[10541]: gethostbyaddr(10.10.2.12) failed: 1 > > And this shows that sendmail is not doing what I tell it to in freebsd.mc- > because if it was, it would NOT CARE AT ALL about that other IP on the > system and whether or not it can reverse it, since as far as sendmail > should be concerned, that IP does not exist. Hmmm... I also have: define(`confDOMAIN_NAME', `smtp.infracaninophile.co.uk')dnl in my .mc file: that may stop sendmail trying to reverse lookup all it's interfaces in an attempt to work out what its FQDN is. > But, as you can see, it is continuing to care about other IPs on the box, > such that it complains about an unrelated IP not being reversible, and > continues to complain that the mx list for jail points back to jail-host > (presumably because what jail _does_ resolve to is an IP it sees itself as > owning...) That can be because sendmail finds itself unexpectedly receiving the message it thinks it is sending off to the next hop for further processing. It usually means that the /etc/mail/local_host_names file needs to be adjusted, but that may not be the case here. > So ... is there any way to get this to work ?The only way I can find is to > unconfig the network interface for the IP of `jail` and then start > sendmail, and then reconfig the jail IP. That works, but it is incredibly > lame. Well, it works for me. I'd be interested to find out if the confDOMAIN_NAME thing is significant. If so, then it seems that I must have lucked out to have stumbled on that accidentally. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: (send)mailing from jail-host to jail
First off, thank you for your help. Here is what I did: first, I edited /etc/mail/freebsd.mc and made it look like this: dnl Uncomment both of the following lines to listen on IPv6 as well as dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6') FEATURE(no_default_msa) DAEMON_OPTIONS(`Name=IPv4, Addr=10.10.2.10, Family=inet') DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet') DAEMON_OPTIONS(`Name=MSA, Addr=10.10.2.10, Port=587, M=E') DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E') DAEMON_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6') Then I did: cd /etc/mail make all make install And I verified that it went into sendmail.cf by looking at these lines that are now in sendmail.cf: # SMTP daemon options O DaemonPortOptions=Name=IPv4, Addr=10.10.2.10, Family=inet O DaemonPortOptions=Name=IPv4, Addr=127.0.0.1, Family=inet O DaemonPortOptions=Name=MSA, Addr=10.10.2.10, Port=587, M=E O DaemonPortOptions=Name=MSA, Addr=127.0.0.1, Port=587, M=E O DaemonPortOptions=Name=IPv6, Addr=::1, Family=inet6 Then I: /bin/sh /etc/rc.sendmail restart And there was no change in the behavior. When I send mail from the jail-host to the jail, I get a return mail saying "MX record for jail points back to jail-host" (which by the way, is patently WRONG - the mx record for jail resolves to X, and X is NOT jail-host...) Also, I noticed in /var/log/maillog that when sendmail starts, it does a reverse lookup on all the IPs on the system, and it fails on one of them - leaving me a: Mar 9 16:44:25 www sm-mta[10541]: gethostbyaddr(10.10.2.12) failed: 1 And this shows that sendmail is not doing what I tell it to in freebsd.mc- because if it was, it would NOT CARE AT ALL about that other IP on the system and whether or not it can reverse it, since as far as sendmail should be concerned, that IP does not exist. But, as you can see, it is continuing to care about other IPs on the box, such that it complains about an unrelated IP not being reversible, and continues to complain that the mx list for jail points back to jail-host (presumably because what jail _does_ resolve to is an IP it sees itself as owning...) So ... is there any way to get this to work ?The only way I can find is to unconfig the network interface for the IP of `jail` and then start sendmail, and then reconfig the jail IP. That works, but it is incredibly lame. thanks. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: (send)mailing from jail-host to jail
On Sun, Mar 09, 2003 at 09:14:29AM +, Matthew Seaman wrote: Arrgh! > On the jailed system, you'll find that you can have sendmail listening can't > on the loopback address. That means you'll have to modify the config > for both the sendmail MTA and MSP instances. Lets start with the > sendmail MSP. You need to force mail submission through the external > IP rather than the loopback address: Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: (send)mailing from jail-host to jail
On Sat, Mar 08, 2003 at 11:53:20PM -0800, Josh Brooks wrote: > > system A is a normal freeBSD system with two IP addresses. > > system B is a jail on system A, using the second IP. > > When I send mail from A to B, i get an error saying that the MX record > points back to myself. > > Presumably this is because sendmail running on jail-host takes account of > both ips when it starts, and thinks both iPs belong to it. > > So, how can I start sendmail on system A so that it only thinks of > itself as encompassing the first IP ? On the host system, configure sendmail MTA to only bind to the principal host's IP address and to the loopback address by including the following lines in /etc/mail/`hostname`.mc: FEATURE(no_default_msa)dnl ## overridden with DAEMON_OPTIONS below DAEMON_OPTIONS(`Name=IPv4, Addr=123.45.67.89, Family=inet')dnl DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet')dnl DAEMON_OPTIONS(`Name=MSA, Addr=123.45.67.89, Port=587, M=E')dnl DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E')dnl DAEMON_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6')dnl On the jailed system, you'll find that you can have sendmail listening on the loopback address. That means you'll have to modify the config for both the sendmail MTA and MSP instances. Lets start with the sendmail MSP. You need to force mail submission through the external IP rather than the loopback address: --- freebsd.submit.mc Wed Feb 19 17:30:09 2003 +++ arbitrary.submit.mc Wed Feb 19 17:50:39 2003 @@ -22,5 +22,4 @@ define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_INIT_GROUPS', `True')dnl dnl -dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] -FEATURE(`msp', `[127.0.0.1]')dnl +FEATURE(`msp', `[smtp.example.com]', `MSA')dnl (Nb. the [square brackets] in the above serve to suppress sendmail's usual lookup of MX records for the destination address. That's usually what you want in this situation.) Now, 'smtp.example.com' can be on a completely different server, or on the host environment of your jail server or it can presumably be an instance of sendmail MTA running in your jail, although I haven't personally tried that last variant. If the sendmail MTA you pipe the messages into isn't in your jail system, then you don't need to run a sendmail MTA in the jail at all, which you can do with something like the following in the jail's /etc/rc.conf: sendmail_enable="NO" sendmail_msp_queue_enable="YES" sendmail_outbound_enable="NO" sendmail_submit_enable="NO" If you try to run a senamil MTA inside the jail, you'll need to change the DAEMON_OPTIONS() as above, except leaving out the bindings to the loopback addresses 127.0.0.1 and ::1 Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
(send)mailing from jail-host to jail
system A is a normal freeBSD system with two IP addresses. system B is a jail on system A, using the second IP. When I send mail from A to B, i get an error saying that the MX record points back to myself. Presumably this is because sendmail running on jail-host takes account of both ips when it starts, and thinks both iPs belong to it. So, how can I start sendmail on system A so that it only thinks of itself as encompassing the first IP ? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
