Re: Sendmail and Jails
--
Message: 23
Date: Sat, 25 Mar 2006 19:32:01 -0500
From: Anish Mistry [EMAIL PROTECTED]
Subject: Re: Sendmail and Jails
To: freebsd-questions@freebsd.org
Cc: Jack Stone [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
On Saturday 25 March 2006 18:42, Jack Stone wrote:
I have been setting up jails on various production servers on
FBSD-6.0 4.11.
I was wondering how/where to configure avoid the port conficts
for sendmail as follows:
- main host - all sendmail services in out (or at least out)
- jail - just outgoing services
I gather I will need to configure one or the other on a non-std
port as both will try to grab the same ports: 25 587
Any tips appreciated.
Hi Jack,
Since all jails and the main host have their own IP address, it is
quite easy to do the setup you ask for. The idea here is to tell
sendmail(8) on which IP it should bind to. No need to fuss around with
ports or anything like that :o)
For the sake of example, let's say we have this:
main.host.com: 192.168.1.1
jail.host.com: 192.168.1.2
On the main host, make sure you have
sendmail_enable=YES
in /etc/rc.conf. This will tell sendmail to run and listen for outside requests.
Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1)
command is enclosed in back-ticks).
sudo vi /etc/mail/`uname -n`.mc
Include whatever sendmail(8) MC macro configuration you need and make
sure you have this line which tells sendmail(8) to listen on
192.168.1.1 on TCP port 25.
DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl
Save the `uname -n`.mc file and restart sendmail:
cd /etc/mail
sudo make install restart
Make sure you check /var/log/maillog for any errors.
Now for the jails, you only have to configure sendmail in whatever way
you need and have this
sendmail_enable=NO
in /etc/rc.conf. This tells sendmail to process mail only if it is
originating from the localhost. I would recommend configuring each
jails as a sendmail null client to your main host. For example:
OSTYPE(`freebsd6')dnl
FEATURE(`nullclient', `main.host.com')dnl
Which will cause all jails to punt their mail directly to your
main.host.com machine.
If you're not sure about which ports are opened by sendmail in the
main host or the jails, run the sockstat(1) command.
Also, sendmail relies on DNS for everything, so make sure your DNS
systems is on par with the various hostnames you use. Otherwise,
you'll end up with long boot time and a whole bunch of broken mail
problems.
Finally, make sure you upgrade sendmail to version 8.13.6 because
previous versions contain a vulnerability. Install port mail/sendmail.
(this is my sendmail configuration in make.conf)
sudo vi /etc/make.conf
NO_SENDMAIL= true
SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf
.if ${.CURDIR:M*/mail/sendmail}
SENDMAIL_WITHOUT_IPV6=yes \
SENDMAIL_WITHOUT_NIS=yes \
SENDMAIL_WITH_TLS=yes \
SENDMAIL_WITH_SMTPS=yes \
SENDMAIL_WITH_SASL=yes \
SENDMAIL_WITH_SASL2=yes \
SENDMAIL_WITH_LDAP=yes \
SENDMAIL_WITH_BERKELEYDB_VER=42 \
SENDMAIL_WITH_SOCKETMAP=yes \
# SENDMAIL_WITH_CYRUSLOOKUP=no \
SENDMAIL_WITH_PICKY_HELO_CHECK=yes \
SENDMAIL_WITH_SHARED_MILTER=yes
.endif
cd /usr/ports/mail/sendmail
sudo make install
sudo make mailer.conf
sudo make clean
Check if you're using the right one:
sendmail -bt -d0.1 /dev/null
Let me know if you need more assistance. Of course, YMMV.
Cheers,
David
--
David Robillard
UNIX systems admin, CISSP
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail and Jails
From: David Robillard [EMAIL PROTECTED]
To: FreeBSD Questions Mailing List freebsd-questions@freebsd.org
CC: Jack Stone [EMAIL PROTECTED]
Subject: Re: Sendmail and Jails
Date: Mon, 27 Mar 2006 10:44:29 -0500
--
Message: 23
Date: Sat, 25 Mar 2006 19:32:01 -0500
From: Anish Mistry [EMAIL PROTECTED]
Subject: Re: Sendmail and Jails
To: freebsd-questions@freebsd.org
Cc: Jack Stone [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
On Saturday 25 March 2006 18:42, Jack Stone wrote:
I have been setting up jails on various production servers on
FBSD-6.0 4.11.
I was wondering how/where to configure avoid the port conficts
for sendmail as follows:
- main host - all sendmail services in out (or at least out)
- jail - just outgoing services
I gather I will need to configure one or the other on a non-std
port as both will try to grab the same ports: 25 587
Any tips appreciated.
Hi Jack,
Since all jails and the main host have their own IP address, it is
quite easy to do the setup you ask for. The idea here is to tell
sendmail(8) on which IP it should bind to. No need to fuss around with
ports or anything like that :o)
For the sake of example, let's say we have this:
main.host.com: 192.168.1.1
jail.host.com: 192.168.1.2
On the main host, make sure you have
sendmail_enable=YES
in /etc/rc.conf. This will tell sendmail to run and listen for outside
requests.
Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1)
command is enclosed in back-ticks).
sudo vi /etc/mail/`uname -n`.mc
Include whatever sendmail(8) MC macro configuration you need and make
sure you have this line which tells sendmail(8) to listen on
192.168.1.1 on TCP port 25.
DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl
Save the `uname -n`.mc file and restart sendmail:
cd /etc/mail
sudo make install restart
Make sure you check /var/log/maillog for any errors.
Now for the jails, you only have to configure sendmail in whatever way
you need and have this
sendmail_enable=NO
in /etc/rc.conf. This tells sendmail to process mail only if it is
originating from the localhost. I would recommend configuring each
jails as a sendmail null client to your main host. For example:
OSTYPE(`freebsd6')dnl
FEATURE(`nullclient', `main.host.com')dnl
Which will cause all jails to punt their mail directly to your
main.host.com machine.
If you're not sure about which ports are opened by sendmail in the
main host or the jails, run the sockstat(1) command.
Also, sendmail relies on DNS for everything, so make sure your DNS
systems is on par with the various hostnames you use. Otherwise,
you'll end up with long boot time and a whole bunch of broken mail
problems.
Finally, make sure you upgrade sendmail to version 8.13.6 because
previous versions contain a vulnerability. Install port mail/sendmail.
(this is my sendmail configuration in make.conf)
sudo vi /etc/make.conf
NO_SENDMAIL= true
SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf
.if ${.CURDIR:M*/mail/sendmail}
SENDMAIL_WITHOUT_IPV6=yes \
SENDMAIL_WITHOUT_NIS=yes \
SENDMAIL_WITH_TLS=yes \
SENDMAIL_WITH_SMTPS=yes \
SENDMAIL_WITH_SASL=yes \
SENDMAIL_WITH_SASL2=yes \
SENDMAIL_WITH_LDAP=yes \
SENDMAIL_WITH_BERKELEYDB_VER=42 \
SENDMAIL_WITH_SOCKETMAP=yes \
# SENDMAIL_WITH_CYRUSLOOKUP=no \
SENDMAIL_WITH_PICKY_HELO_CHECK=yes \
SENDMAIL_WITH_SHARED_MILTER=yes
.endif
cd /usr/ports/mail/sendmail
sudo make install
sudo make mailer.conf
sudo make clean
Check if you're using the right one:
sendmail -bt -d0.1 /dev/null
Let me know if you need more assistance. Of course, YMMV.
Cheers,
David
--
David Robillard
UNIX systems admin, CISSP
David: Thank you so much for this detailed howto on my question of
configuring sendmail to handle both the main host and a jail on the same
ports -- the info I found in the sendmail readme said to use different
ports, (like 925 987) but if you advice works, this is great!
I wondered how I was going to use a bunch of jails without jumping thru
hoops!
Thanks again.
_
Dont just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Sendmail and Jails
I have been setting up jails on various production servers on FBSD-6.0 4.11. I was wondering how/where to configure avoid the port conficts for sendmail as follows: - main host - all sendmail services in out (or at least out) - jail - just outgoing services I gather I will need to configure one or the other on a non-std port as both will try to grab the same ports: 25 587 Any tips appreciated. Regards, Jack _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Sendmail and Jails
On Saturday 25 March 2006 18:42, Jack Stone wrote: I have been setting up jails on various production servers on FBSD-6.0 4.11. I was wondering how/where to configure avoid the port conficts for sendmail as follows: - main host - all sendmail services in out (or at least out) - jail - just outgoing services I gather I will need to configure one or the other on a non-std port as both will try to grab the same ports: 25 587 Any tips appreciated. It is generally easier to not have anything running in the host environment and just setup all your services in the jails. So instead of running that other sendmail in your host environment run it in a jail or only have it bind to a specific IP. -- Anish Mistry pgpVdAJbIjIGL.pgp Description: PGP signature
Re: Sendmail and Jails
From: Anish Mistry [EMAIL PROTECTED] To: freebsd-questions@freebsd.org CC: Jack Stone [EMAIL PROTECTED] Subject: Re: Sendmail and Jails Date: Sat, 25 Mar 2006 19:32:01 -0500 On Saturday 25 March 2006 18:42, Jack Stone wrote: I have been setting up jails on various production servers on FBSD-6.0 4.11. I was wondering how/where to configure avoid the port conficts for sendmail as follows: - main host - all sendmail services in out (or at least out) - jail - just outgoing services I gather I will need to configure one or the other on a non-std port as both will try to grab the same ports: 25 587 Any tips appreciated. It is generally easier to not have anything running in the host environment and just setup all your services in the jails. So instead of running that other sendmail in your host environment run it in a jail or only have it bind to a specific IP. -- Anish Mistry Thanks for the reply. I finally found the info I need in the README file for sendmail. Some clear examples about switching the ports which works for me as I cannot turn off the main host sendmail. Sorry, I hadn't found it earlier Jack _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
