Disabling inbound email in a jail
I only want sendmail in a jail to do one thing: forward nightly reports from r...@localhost to a real account on another machine. What's the proper way to configure this? By default, sendmail_enable=NO in /etc/rc.conf still gives a running sendmail that accepts mail from other hosts: m...@realhost$ echo foo | mail m...@jail.example.com m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: from=m...@realhost, size=735, class=0, nrcpts=1, msgid=20090227154335.877a442...@realhost, bodytype=7BIT, proto=ESMTP, daemon=Daemon0, relay=jail.example.com [10.0.5.70] Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: to=m...@jail.example.com, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30983, relay=local, dsn=2.0.0, stat=Sent However, if I set sendmail_enable=NONE, then I can't send outbound email either: m...@jail.example.com$ echo foo | mail m...@realhost m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, size=28, class=0, nrcpts=1, msgid=200902271537.n1rfbbg3086...@jail.example.com, relay...@localhost Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: to...@realhost, ctladdr=me (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] What's the happy medium between sendmail wide open (eg sendmail_enable=NO (WTF?)) and disabled mail system (eg sendmail_enable=NONE)? -- Kirk Strauser ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disabling inbound email in a jail
On Friday 27 February 2009 10:49:22 am Kirk Strauser wrote: I only want sendmail in a jail to do one thing: forward nightly reports from r...@localhost to a real account on another machine. What's the proper way to configure this? By default, sendmail_enable=NO in /etc/rc.conf still gives a running sendmail that accepts mail from other hosts: m...@realhost$ echo foo | mail m...@jail.example.com m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: from=m...@realhost, size=735, class=0, nrcpts=1, msgid=20090227154335.877a442...@realhost, bodytype=7BIT, proto=ESMTP, daemon=Daemon0, relay=jail.example.com [10.0.5.70] Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: to=m...@jail.example.com, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30983, relay=local, dsn=2.0.0, stat=Sent However, if I set sendmail_enable=NONE, then I can't send outbound email either: m...@jail.example.com$ echo foo | mail m...@realhost m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, size=28, class=0, nrcpts=1, msgid=200902271537.n1rfbbg3086...@jail.example.com, relay...@localhost Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: to...@realhost, ctladdr=me (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] What's the happy medium between sendmail wide open (eg sendmail_enable=NO (WTF?)) and disabled mail system (eg sendmail_enable=NONE)? You might want to disable sendmail and use mail/ssmtp - it's meant for scenarios just like yours. -- Janos Dohanics ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Disabling inbound email in a jail
Kirk Strauser wrote: I only want sendmail in a jail to do one thing: forward nightly reports from r...@localhost to a real account on another machine. What's the proper way to configure this? By default, sendmail_enable=NO in /etc/rc.conf still gives a running sendmail that accepts mail from other hosts: m...@realhost$ echo foo | mail m...@jail.example.com m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: from=m...@realhost, size=735, class=0, nrcpts=1, msgid=20090227154335.877a442...@realhost, bodytype=7BIT, proto=ESMTP, daemon=Daemon0, relay=jail.example.com [10.0.5.70] Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: to=m...@jail.example.com, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30983, relay=local, dsn=2.0.0, stat=Sent However, if I set sendmail_enable=NONE, then I can't send outbound email either: m...@jail.example.com$ echo foo | mail m...@realhost m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, size=28, class=0, nrcpts=1, msgid=200902271537.n1rfbbg3086...@jail.example.com, relay...@localhost Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: to...@realhost, ctladdr=me (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] What's the happy medium between sendmail wide open (eg sendmail_enable=NO (WTF?)) and disabled mail system (eg sendmail_enable=NONE)? Here's a possible solution: http://lists.freebsd.org/pipermail/freebsd-questions/2007-March/145682.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Disabling inbound email in a jail
Kirk Strauser wrote: I only want sendmail in a jail to do one thing: forward nightly reports from r...@localhost to a real account on another machine. What's the proper way to configure this? Edit /etc/mail/aliases. All reports are pointed to root. But you can point it anywhere you want: root: someacco...@example.org After that execute: # newaliases and you're done. No sendmail_enable is required or whatsoever in the /etc/rc.conf. By default, sendmail_enable=NO in /etc/rc.conf still gives a running sendmail that accepts mail from other hosts: m...@realhost$ echo foo | mail m...@jail.example.com This shouldn't have worked. By default you should've received stat=Deferred: Connection refused by jail.example.com. This is the case if you're sending from a physically different machine to another machine's jail. By default sendmail listens only on localhost and doesn't accept outside connections. It is only used for internal submission, such as daily reports. If you're sending from a host to its jail, then this is another story. In most cases you'll get some unexpected results. m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: from=m...@realhost, size=735, class=0, nrcpts=1, msgid=20090227154335.877a442...@realhost, bodytype=7BIT, proto=ESMTP, daemon=Daemon0, relay=jail.example.com [10.0.5.70] Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: to=m...@jail.example.com, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30983, relay=local, dsn=2.0.0, stat=Sent However, if I set sendmail_enable=NONE, then I can't send outbound email either: m...@jail.example.com$ echo foo | mail m...@realhost m...@jail.example.com$ tail -f /var/log/maillog Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, size=28, class=0, nrcpts=1, msgid=200902271537.n1rfbbg3086...@jail.example.com, relay...@localhost Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: to...@realhost, ctladdr=me (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] What's the happy medium between sendmail wide open (eg sendmail_enable=NO (WTF?)) and disabled mail system (eg sendmail_enable=NONE)? sendmail_enable=YES accepts outside and local connections sendmail_enable=NO (the default) accepts local connections only sendmail_enable=NONE doesn't start the daemon, sendmail is off Have a look at /etc/rc.d/sendmail for further hints. Regards, Mikhail ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
