Re: Repeated connections to port 25 with firewall
: When local processes want to mail, they fork n exec a sendmail binary : themselves. : : You shouldn't need a sendmail server running for that. Here is what I have/had in rc.conf #sendmail_enable=no #sendmail_submit_enable=no #sendmail_outbound_enable=no #sendmail_msp_queue_enable=no And as soon as I restarted after commenting out these lines, root's mailbox got filled with megs of mail from cron. I want the minimum I need to get system mail without leaving an instance of sendmail vulnerable to attack or eating up resources. p.s. What mail reader is good for root mail? Is there anything better at managing system mail than mutt? jm -- My other computer is your Windows box. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Repeated connections to port 25 with firewall
On Wed, 2004-05-26 at 14:27, Jonathon McKitrick wrote: : When local processes want to mail, they fork n exec a sendmail binary : themselves. : : You shouldn't need a sendmail server running for that. Here is what I have/had in rc.conf #sendmail_enable=no #sendmail_submit_enable=no #sendmail_outbound_enable=no #sendmail_msp_queue_enable=no And as soon as I restarted after commenting out these lines, root's mailbox got filled with megs of mail from cron. I want the minimum I need to get system mail without leaving an instance of sendmail vulnerable to attack or eating up resources. You can replace all of the above with sendmail_enable=NONE Not sure if it has already been pointed out to you but you can change the behaviour of periodic jobs on your system. By default all the jobs are mailed to root but you can have those jobs logged to a file instead. Simply copy the periodic.conf file from /etc/defaults to /etc and change it to your liking eg. instead of having daily_output=root which sends a mail to root you can have it log to a file daily_output=/var/log/daily.log Same apply's for weekly and monthly jobs. Personally I find it annoying when it sends out a mail for each job so I change it to log to a file instead which I can check periodically ( excuse the pun ;) As a side note if you don't want your cron jobs to output anything add a /dev/null 21 at the end of them. Cheers, -- Nelis Lamprecht PGP: http://www.8ball.co.za/pgpkey/nelis.asc Unix IS user friendly.. It's just selective about who its friends are. signature.asc Description: This is a digitally signed message part
Re: Repeated connections to port 25 with firewall
On Wed, 26 May 2004 13:27:07 +0100 Jonathon McKitrick [EMAIL PROTECTED] wrote: : When local processes want to mail, they fork n exec a sendmail binary : themselves. : : You shouldn't need a sendmail server running for that. Here is what I have/had in rc.conf #sendmail_enable=no #sendmail_submit_enable=no #sendmail_outbound_enable=no #sendmail_msp_queue_enable=no And as soon as I restarted after commenting out these lines, root's mailbox got filled with megs of mail from cron. I want the minimum I need to get system mail without leaving an instance of sendmail vulnerable to attack or eating up resources. This archive post may help you: http://docs.freebsd.org/cgi/mid.cgi?20031220102637.GB6942 Another document that may be of interest is /etc/mail/README p.s. What mail reader is good for root mail? Is there anything better at managing system mail than mutt? You can use any mail client. You can also read root's mail as any user by adding an entry to /etc/aliases, for example: # Pretty much everything else in this file points to root, so # you would do well in either reading root's mailbox or forwarding # root's email from here. # root: [EMAIL PROTECTED] root: joeuser All the mail that would have went to root will be forwarded to joeuser. HTH, Randy -- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Repeated connections to port 25 with firewall
On Mon, May 24, 2004 at 12:10:16PM -0400, JJB wrote: : The log-in-vain feature is an good thing to keep. In your case it is Okay, I'll put it back, then. : The other post about firewall rules has nothing to do with your : problem. The poster just did not recognize the messages as coming : from the log-in-vain feature. Your system generated email should be : working fine just the way you have things. Funny, but I'm not getting any messages sent to root. I think I have sendmail totally disabled. What I WANT is for sendmail to run only for system mail, and nothing else. jm -- My other computer is your Windows box. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Repeated connections to port 25 with firewall
On Mon, May 24, 2004 at 08:50:17AM -0400, JJB wrote: : The messages you are getting are generated from the log-in-vain : option you have turned on. Every night when the cron management : reports run they post email from root to root using the 127.0.0.1 If I disable this 'feature' and adjust my filter rules as the next message suggests, will I get my cron reports mailed correctly? I want the bare minimum sendmail setup needed so only system mail is allowed, and I do not have to worry about outside access. I use pop3 for personal email. jm -- My other computer is your Windows box. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Repeated connections to port 25 with firewall
On Mon, May 24, 2004 at 01:29:57PM +0100, Jonathon McKitrick wrote: This is probably a simple question with a simple answer, but I wasn't sure where to look. I recently installed a deny-all firewall and everything is working fine. However, I keep getting /kernel log messages about attempts to connect to port 25. Are these just various processes trying to mail their results to root, but can't because of the firewall? Or maybe cron doing the same thing? May 24 08:00:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:1101 flags:0x02 May 24 08:00:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:2270 flags:0x02 May 24 08:05:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:4230 flags:0x02 May 24 08:10:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:2687 flags:0x02 May 24 08:15:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:3274 flags:0x02 May 24 08:20:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:1542 flags:0x02 May 24 08:25:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:3652 flags:0x02 If you're using sendmail, that the client mail submission instance trying to hand off a message to the MTA instance. If you type # mailq -Ac you should be able to see what been queued up. You will have to alter your firewalling to allow TCP connections localhost:any - localhost:smtp in order to get e-mail working on that machine. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpmbtB1O9Fod.pgp Description: PGP signature
Re: Repeated connections to port 25 with firewall
From: Jonathon McKitrick [EMAIL PROTECTED] This is probably a simple question with a simple answer, but I wasn't sure where to look. I recently installed a deny-all firewall and everything is working fine. However, I keep getting /kernel log messages about attempts to connect to port 25. Are these just various processes trying to mail their results to root, but can't because of the firewall? Or maybe cron doing the same thing? May 24 08:00:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:1101 flags:0x02 May 24 08:00:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:2270 flags:0x02 May 24 08:05:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:4230 flags:0x02 May 24 08:10:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:2687 flags:0x02 May 24 08:15:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:3274 flags:0x02 May 24 08:20:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:1542 flags:0x02 May 24 08:25:00 neptune /kernel: Connection attempt to TCP 127.0.0.1:25 from 127.0.0.1:3652 flags:0x02 You should allow all traffic on your loopback device by default. Much like this (for IPFILTER) pass in quick on lo0 all pass out quick on lo0 all It would also be good to block spoofed traffic if you allowing connectivity to the internet or other unprotected networks. # # Deny reserved addresses. # block in log quick from 10.0.0.0/8 to any group 100 block in log quick from 192.168.0.0/16 to any group 100 block in log quick from 172.16.0.0/12 to any group 100 # # prevent IP spoofing. # block in log quick from me to any group 100 BTW ... group 100 is inbound packets on the public interface. Tom Veldhouse ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Repeated connections to port 25 with firewall
On 2004-05-24 08:49, Thomas T. Veldhouse [EMAIL PROTECTED] wrote: From: Jonathon McKitrick [EMAIL PROTECTED] This is probably a simple question with a simple answer, but I wasn't sure where to look. [snip] You should allow all traffic on your loopback device by default. Much like this (for IPFILTER) pass in quick on lo0 all pass out quick on lo0 all Very true. I do prefer writing this to explicitly allow only packets from/to 127.0.0.1/32 though: IPFW syntax --- add allow ip from 127.0.0.1/32 to 127.0.0.1/32 via lo0 add deny ip from 127.0.0.0/8 to any add deny ip from any to 127.0.0.0/8 ipfilter syntax --- block in from any to any block out from any to any pass in quick from 127.0.0.1/32 to 127.0.0.1/32 on lo0 pass out quick from 127.0.0.1/32 to 127.0.0.1/32 on lo0 I've even been tempted to try blocking everything on lo0 and explicitly allowing only a few selected ports/protocols. But that's paranoid :-P - Giorgos ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
