Re: how do I see security logs without turning on sendmail?
On 1/15/07, Tuareg [EMAIL PROTECTED] wrote:
Sending again... it seems that the list dont want me to send mails from
gmail... :(
Well, after many suggestions from you on this topic last months/year...
We have tried something that let us sent messages from this servers, but
we would like the hear from you, how does this affect the server, we know
that this is not the better solution, but it's what it worked for us.
Found this link: http://security.uoregon.edu/sendmail/
After reading this part:
Turning off 127.0.0.1:25 Altogether
The creation of an MSP process allows for some flexibility in client-class
mail configuration. Because the MSP has a queue of its own, messages can
either be queued or delivered immediately. So in some special cases, a
machine can run without a sendmail listener. This however, is an unusual and
not-recommended practice. It is merely listed here to elaborate on the
differences between MTA's and MSP's.
The submit.mc and submit.cf in this case would be:
FEATURE(`msp',`centralmailserver')
D{MTAHost}centralmailserver
Obviously, it says that it's unusual and not-recommend, but didn't say
exactly the reason.. (maybe you can tell me why, because I have knowledge in
the configuration of sendmail, can configure it to avoid be used as relay,
use of rbl lists, etc, but I'm not exactly an expert).
Well, after reading this... went to one of the new servers.. and read
/etc/mail/README
1. Designate an alternative host for the submission agent to contact
by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
in /etc/make.conf to an alternate .mc file) and using
'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line
to FEATURE(msp, hostname) where hostname is the fully qualified
hostname
of the alternative host.
So, I modified the respective lines...
%cat /etc/mail/freebsd.submit.mc
.
.
.
#
# This is the FreeBSD configuration for a set-group-ID sm-msp sendmail
# that acts as a initial mail submission program.
#
#
divert(0)dnl
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.submit.mc,v 1.1.16.12006/04/13
04:00:23 gshapiro Exp $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confBIND_OPTS', `WorkAroundBroken')dnl
dnl
dnl If you use IPv6 only, change [ 127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[ my.main.server]')dnl
%make install-submit-cf
And now, I'm able to receive the e-mail of our monitoring scripts in our
main e-mailserver.
I compared the file of the old servers, but this method wasn't used, so..
can't tell you yet.. how the old server were modified to be able to send
mails without using sendmail as daemon.
Here is the result of the tests:
%mail -v [EMAIL PROTECTED]
Subject: TEST
test
.
EOT
[EMAIL PROTECTED] Connecting to smtp.my.main.server. via relay...
220-my.main.server ESMTP Mail Server.
220-Ready on Mon, 15 Jan 2007 11:32:53 -0600 (CST).
EHLO new.monitored.server.
250-my.main.server Hello new.monitored.server [xxx.xxx.xxx.xxx], pleased
to meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE 1500
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP
MAIL From: [EMAIL PROTECTED] SIZE=50
250 2.1.0 [EMAIL PROTECTED]... Sender ok
RCPT To: [EMAIL PROTECTED]
250 2.1.5 [EMAIL PROTECTED]... Recipient ok
DATA
354 Enter mail, end with . on a line by itself
.
250 2.0.0 l0FHWrV68053 Message accepted for delivery
[EMAIL PROTECTED] Sent (l0FHWrV123456 Message accepted for delivery)
Closing connection to smtp.my.main.server.
QUIT
221 2.0.0 my.main.server closing connection
tail -f /var/log/maillog
Jan 15 11:32:53 monitored sendmail[70665]: l0FHWqLe707332: to=
[EMAIL PROTECTED], ctladdr=user (10001/120), delay=00:00:01,
xdelay=00:00:01, mailer=relay, pri=30050, relay= smtp.my.main.server. [
xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (l0FHWrV123456 Message accepted for
delivery)
This was done with FreeBSD 6.1 STABLE.
Suggestions on this?
P.S. Yes.. I know we can use smmtp, but please remember, what we wanted
it's to avoid installing software and open the port 25, just wanted to sent
the result of scripts via e-mail.
Thanks for your comments/suggestions/and any other stuff... on this
solution (at least for us)
No comments/suggestions about this?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/15/06, Tuareg [EMAIL PROTECTED] wrote:
On 12/14/06, Jerry McAllister [EMAIL PROTECTED] wrote:
On Thu, Dec 14, 2006 at 12:08:23AM -0800, James Long wrote:
Date: Wed, 13 Dec 2006 17:33:32 -0600
From: Lane [EMAIL PROTECTED]
Subject: Re: how do I see security logs without turning on sendmail?
To: freebsd-questions@freebsd.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=iso-8859-1
Tuareg,
clearly sendmail is running. That is indicated by sendmail[41626]
in
your /var/log/sendmail log.
The question, of course, is how does it get started.
This is quite the WAG here, but can sendmail be started on-demand
from inetd.conf ?
It probably could, but I don't think that is the way it is done
normally.
Take a look in /etc/defaults/rc.conf at the stuff for sendmail
and then note what overrides you have put in /etc/rc.conf
Also, check out /etc/rc.sendmail
jerry
I sent this before, but here we go again:
In /etc/defaults/rc.conf these are the lines wich contain sendmail:
mta_start_script=/etc/rc.sendmail
# Settings for /etc/rc.sendmail:
sendmail_enable=YES # Run the sendmail inbound daemon (YES/NO/NONE).
# If NONE, don't start any sendmail processes.
sendmail_flags=-L sm-mta -bd -q30m # Flags to sendmail (as a server)
sendmail_submit_enable=YES# Start a localhost-only MTA for mail
submission
sendmail_submit_flags=-L sm-mta -bd -q30m
-ODaemonPortOptions=Addr=localhost
sendmail_outbound_enable=YES # Dequeue stuck mail (YES/NO).
sendmail_outbound_flags=-L sm-queue -q30m # Flags to sendmail (outbound
only)
sendmail_msp_queue_enable=YES # Dequeue stuck clientmqueue mail
(YES/NO).
sendmail_msp_queue_flags=-L sm-msp-queue -Ac -q30m
# Flags for sendmail_msp_queue daemon.
/etc/rc.sendmail doesn't exists.
And /etc/rc.conf:
### Network daemon (miscellaneous) NFS options: ###
sendmail_enable=NONE # Run the sendmail daemon (or NO).
cron_enable=YES # Run the periodic job daemon.
portmap_enable=NO # Run the portmapper service (or NO).
usbd_enable=NO
sshd_enable=YES
tcp_drop_synfin=YES
tcp_restrict_rst=YES
syslogd_enable=YES# Run syslog daemon (or NO).
syslogd_flags=-s -s # Flags to syslogd (if enabled).
This is for FreeBSD 4.6-RELEASE
Sending again... it seems that the list dont want me to send mails from
gmail... :(
Well, after many suggestions from you on this topic last months/year...
We have tried something that let us sent messages from this servers, but we
would like the hear from you, how does this affect the server, we know that
this is not the better solution, but it's what it worked for us.
Found this link: http://security.uoregon.edu/sendmail/
After reading this part:
Turning off 127.0.0.1:25 Altogether
The creation of an MSP process allows for some flexibility in client-class
mail configuration. Because the MSP has a queue of its own, messages can
either be queued or delivered immediately. So in some special cases, a
machine can run without a sendmail listener. This however, is an unusual and
not-recommended practice. It is merely listed here to elaborate on the
differences between MTA's and MSP's.
The submit.mc and submit.cf in this case would be:
FEATURE(`msp',`centralmailserver')
D{MTAHost}centralmailserver
Obviously, it says that it's unusual and not-recommend, but didn't say
exactly the reason.. (maybe you can tell me why, because I have knowledge in
the configuration of sendmail, can configure it to avoid be used as relay,
use of rbl lists, etc, but I'm not exactly an expert).
Well, after reading this... went to one of the new servers.. and read
/etc/mail/README
1. Designate an alternative host for the submission agent to contact
by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
in /etc/make.conf to an alternate .mc file) and using
'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line
to FEATURE(msp, hostname) where hostname is the fully qualified hostname
of the alternative host.
So, I modified the respective lines...
%cat /etc/mail/freebsd.submit.mc
.
.
.
#
# This is the FreeBSD configuration for a set-group-ID sm-msp sendmail
# that acts as a initial mail submission program.
#
#
divert(0)dnl
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.submit.mc,v
1.1.16.12006/04/13 04:00:23 gshapiro Exp $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confBIND_OPTS', `WorkAroundBroken')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[ my.main.server]')dnl
%make install-submit-cf
And now, I'm able to receive the e-mail of our monitoring scripts in our
main e-mailserver.
I compared the file of the old servers, but this method
Re: how do I see security logs without turning on sendmail?
On 12/5/06, Wasp King [EMAIL PROTECTED] wrote:
is there a way that one can specify a log place to see
daily logs like you receive from [EMAIL PROTECTED], when
sendmail is turned on?
there must be a way to enable only local mail
delivery...but I am not sure how..
would like to shut down sendmail but want to see
security logs.
thanks.
Zach
using FreeBSD 4.2 and sendmail 8.x (maybe).
Well, after many suggestions from you on this topic last months/year...
We have tried something that let us sent messages from this servers, but we
would like the hear from you, how does this affect the server, we know that
this is not the better solution, but it's what it worked for us.
Found this link: http://security.uoregon.edu/sendmail/
After reading this part:
Turning off 127.0.0.1:25 Altogether
The creation of an MSP process allows for some flexibility in client-class
mail configuration. Because the MSP has a queue of its own, messages can
either be queued or delivered immediately. So in some special cases, a
machine can run without a sendmail listener. This however, is an unusual and
not-recommended practice. It is merely listed here to elaborate on the
differences between MTA's and MSP's.
The submit.mc and submit.cf in this case would be:
FEATURE(`msp',`centralmailserver')
D{MTAHost}centralmailserver
Obviously, it says that it's unusual and not-recommend, but didn't say
exactly the reason.. (maybe you can tell me why, because I have knowledge in
the configuration of sendmail, can configure it to avoid be used as relay,
use of rbl lists, etc, but I'm not exactly an expert).
Well, after reading this... went to one of the new servers.. and read
/etc/mail/README
1. Designate an alternative host for the submission agent to contact
by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
in /etc/make.conf to an alternate .mc file) and using
'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line
to FEATURE(msp, hostname) where hostname is the fully qualified hostname
of the alternative host.
So, I modified the respective lines...
%cat /etc/mail/freebsd.submit.mc
.
.
.
#
# This is the FreeBSD configuration for a set-group-ID sm-msp sendmail
# that acts as a initial mail submission program.
#
#
divert(0)dnl
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.submit.mc,v
1.1.16.12006/04/13 04:00:23 gshapiro Exp $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confBIND_OPTS', `WorkAroundBroken')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[my.main.server]')dnl
%make install-submit-cf
And now, I'm able to receive the e-mail of our monitoring scripts in our
main e-mailserver.
I compared the file of the old servers, but this method wasn't used, so..
can't tell you yet.. how the old server were modified to be able to send
mails without using sendmail as daemon.
Here is the result of the tests:
%mail -v [EMAIL PROTECTED]
Subject: TEST
test
.
EOT
[EMAIL PROTECTED] Connecting to smtp.my.main.server. via relay...
220-my.main.server ESMTP Mail Server.
220-Ready on Mon, 15 Jan 2007 11:32:53 -0600 (CST).
EHLO new.monitored.server.
250-my.main.server Hello new.monitored.server [xxx.xxx.xxx.xxx], pleased to
meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE 1500
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP
MAIL From:[EMAIL PROTECTED] SIZE=50
250 2.1.0 [EMAIL PROTECTED]... Sender ok
RCPT To:[EMAIL PROTECTED]
250 2.1.5 [EMAIL PROTECTED]... Recipient ok
DATA
354 Enter mail, end with . on a line by itself
.
250 2.0.0 l0FHWrV68053 Message accepted for delivery
[EMAIL PROTECTED] Sent (l0FHWrV123456 Message accepted for delivery)
Closing connection to smtp.my.main.server.
QUIT
221 2.0.0 my.main.server closing connection
tail -f /var/log/maillog
Jan 15 11:32:53 monitored sendmail[70665]: l0FHWqLe707332: to=
[EMAIL PROTECTED], ctladdr=user (10001/120), delay=00:00:01,
xdelay=00:00:01, mailer=relay, pri=30050, relay=smtp.my.main.server. [
xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (l0FHWrV123456 Message accepted for
delivery)
Suggestions on this?
P.S. Yes.. I know we can use smmtp, but please remember, what we wanted it's
to avoid installing software and open the port 25, just wanted to sent the
result of scripts via e-mail.
Thanks for your comments/suggestions/and any other stuff... on this
solution (at least for us)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Armin Arh [EMAIL PROTECTED] wrote: clearly sendmail is running, but not as a daemon. It gets called for every single mail by some other process running as root. You suspect squid to do so? (unlikely, why should a webcache send emails...) Well, then run squid as another user and watch the logs, should be from=squiduser then... Hi Armin! At this moment, I can't change the user for squid, but I'll keep this in mind to make some tests in the future. Thank you for your help. The problem with too much root- processes is, you can't tell which one is going mad. enjoy, Armin -- PUBBOX Postmaster + spam-killer. Free email addresses at http://pubbox.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Gerard Seibert [EMAIL PROTECTED] wrote: You need to check out this URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html Also, Sendmail is invoked from the /etc/defaults/rc.conf file. You over ride it in the /etc/rc.conf file. In FreeBSD 5.0, SENDMAIL_ENABLE=NONE is not the proper way to disable Sendmail. Check out the above URL for further information. -- Gerard Hello Gerard, We've read this link and we have this line in /etc/rc.conf sendmail_enable=NONE In /etc/defaults/rc.conf these are the lines wich contain sendmail: mta_start_script=/etc/rc.sendmail # Settings for /etc/rc.sendmail: sendmail_enable=YES # Run the sendmail inbound daemon (YES/NO/NONE). # If NONE, don't start any sendmail processes. sendmail_flags=-L sm-mta -bd -q30m # Flags to sendmail (as a server) sendmail_submit_enable=YES# Start a localhost-only MTA for mail submission sendmail_submit_flags=-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost sendmail_outbound_enable=YES # Dequeue stuck mail (YES/NO). sendmail_outbound_flags=-L sm-queue -q30m # Flags to sendmail (outbound only) sendmail_msp_queue_enable=YES # Dequeue stuck clientmqueue mail (YES/NO). sendmail_msp_queue_flags=-L sm-msp-queue -Ac -q30m # Flags for sendmail_msp_queue daemon. /etc/rc.sendmail doesn't exists. And /etc/rc.conf: ### Network daemon (miscellaneous) NFS options: ### sendmail_enable=NONE # Run the sendmail daemon (or NO). cron_enable=YES # Run the periodic job daemon. portmap_enable=NO # Run the portmapper service (or NO). usbd_enable=NO sshd_enable=YES tcp_drop_synfin=YES tcp_restrict_rst=YES syslogd_enable=YES# Run syslog daemon (or NO). syslogd_flags=-s -s # Flags to syslogd (if enabled). This is for FreeBSD 4.6-RELEASE And at this point, I just get a little more confused with this settings. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Lane [EMAIL PROTECTED] wrote:
Tuareg,
I can't find the name of the quy who straightened me out on the fuction of
squid, but kudo's to him.
Clearly squid is not the culprit.
But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it
is
the culprit.
First lets have a look at your /etc/crontab file. Specifically we are
interested in the lines which contain the term periodic
cat /etc/crontab | grep periodic
#1 3 * * * rootperiodic daily
#15 4 * * 6 rootperiodic weekly
#30 5 1 * * rootperiodic monthly
All the lines are commented.
If these lines include parameters, which are passed to /usr/sbin/periodic,
then they may be the reason for your periodic emails being sent WITHOUT
sendmail being enabled by the normal boot process.
Take a look at /usr/sbin/periodic. Note that it uses values
in /etc/defaults/periodic.conf as well as any override variables
in /etc/rc.conf. It could also be overridden in other ways such as by
defining the value source_periodic_confs_defined and
periodic_conf_files
but this should have already showed up in /etc/rc.conf.
While you are examining /usr/sbin/periodic, look for the term output
In my copy of that script there is a comment that looks like:
#Where's our output going?
Then there is a case block:
case $output in
/*) pipe=cat $output;;
) pipe=cat;;
*) pipe=mail -s '$host ${arg##*/} run output' $output;;
esac
If your predecessor had modified this script or, perhaps overridden it
using /etc/defaults/periodic.conf, then he may have either changed the *)
default case, or supplied parameters from /etc/crontab
(or /etc/defaults/periodic.conf) which could invoke sendmail directly. If
he
used override variables, then he would probably also have added a case for
)
pipe=sendmail -arg1 arg2 argn
This would account for sendmail being completely disabled in /etc/rc.conf
AND
for the messages being sent out via sendmail. However, as I read it, the
behaviour you have reported would only occur if /usr/sbin/periodic was
actually modified, as the use of the $output variables does NOT seem to
allow for invocation of sendmail directly. And I don't believe that
mail
can force invocation of sendmail (although I may be wrong, as the man page
does imply that mail will use any means available to get the message out).
If this is the case (i.e. if mail is invoking sendmail directly) you
could
check it by trying to send mail from the command line on one of the
servers
that actually does what you want it to do. If it works, and if there are
NO
modifications to /usr/sbin/periodic or override defaults
in /etc/defaults/periodic.conf, then it will be safe to assume that
this feature has been properly quashed in 6.x. You would then need to
follow the procedures for setting up sendmail for outgoing-only, as many
have
already recommended.
Well this is the output of:
cat /usr/sbin/periodic | grep output
tmp_output=`mktemp ${TMPDIR:-/tmp}/periodic.XX`
# Where's our output going ?
eval output=\$${arg##*/}_output
case $output in
/*) pipe=cat $output;;
*) pipe=mail -s '$host ${arg##*/} run output' $output;;
output=TRUE
$file /dev/null $tmp_output 21
if [ -s $tmp_output ]
0) [ $success = NO ] output=FALSE;;
1) [ $info = NO ] output=FALSE;;
2) [ $badconfig = NO ] output=FALSE;;
[ $output = TRUE ] { cat $tmp_output; empty=FALSE;
}
cp /dev/null $tmp_output
echo No output from the $processed file$plural processed
echo -- End of $arg output --
rm -f $tmp_output
But, /etc/defaults/periodic.conf don't appear to be modified, but can't be
sure 100% because we don't have other server with a fresh install of FreeBSD
4.6-RELEASE to compare.
Yes, we are able to send mails from the command line, so.. it could be that
this feature was disable for 6.x
In any case, the behaviour you desire would only work properly by making the
appropriate changes to /etc/mail/hostname|freebsd.mc, (i.e. SMART_HOST
and/or HUB settings), and then running make install in /etc/mail. (And
this
is always going to be the case where sendmail is concerned)
I hope this information leads you to a resolution, as it has been a great
learning experience for me ... but my brain hurts :)
lane
We wanted to ask and check with others before trying with modifications in
the files, so I guess that we'll finish
doing what the documentation recomends.
Thank you for your help, we learned a lot too.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/14/06, Lane [EMAIL PROTECTED] wrote: This is quite the WAG here, but can sendmail be started on-demand from inetd.conf? It may be a WAG, but it may explain all of what is going on. mail would attempt to create a connection to localhost, inetd would start sendmail to accept the connection, sendmail would route the message and then die. Tuareg, check out /etc/inetd.conf for an entry containing the word sendmail Nothing, inetd.conf doesn't have any lines with the word sendmail :( And let us know what you find. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/14/06, Jerry McAllister [EMAIL PROTECTED] wrote: I haven't followed this whole thread so I may be jumping in to the wrong place, but... Somewhere it is documented - I have read it - that various utilities such as mail invoke single instances of sendmail to transfer their _outgoing only_ messages. I think, in those cases, sendmail clears the mail queue before going away. They do not start sendmail as a daemon or to receive email. Probably some searching will find that documentation. jerry Hello Jerry, maybe you read about ssmtp? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/outgoing-only.html But no, this tool it's not installed. Thank you for your help anyway. :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/14/06, Jerry McAllister [EMAIL PROTECTED] wrote: On Thu, Dec 14, 2006 at 12:08:23AM -0800, James Long wrote: Date: Wed, 13 Dec 2006 17:33:32 -0600 From: Lane [EMAIL PROTECTED] Subject: Re: how do I see security logs without turning on sendmail? To: freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Tuareg, clearly sendmail is running. That is indicated by sendmail[41626] in your /var/log/sendmail log. The question, of course, is how does it get started. This is quite the WAG here, but can sendmail be started on-demand from inetd.conf? It probably could, but I don't think that is the way it is done normally. Take a look in /etc/defaults/rc.conf at the stuff for sendmail and then note what overrides you have put in /etc/rc.conf Also, check out /etc/rc.sendmail jerry I sent this before, but here we go again: In /etc/defaults/rc.conf these are the lines wich contain sendmail: mta_start_script=/etc/rc.sendmail # Settings for /etc/rc.sendmail: sendmail_enable=YES # Run the sendmail inbound daemon (YES/NO/NONE). # If NONE, don't start any sendmail processes. sendmail_flags=-L sm-mta -bd -q30m # Flags to sendmail (as a server) sendmail_submit_enable=YES# Start a localhost-only MTA for mail submission sendmail_submit_flags=-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost sendmail_outbound_enable=YES # Dequeue stuck mail (YES/NO). sendmail_outbound_flags=-L sm-queue -q30m # Flags to sendmail (outbound only) sendmail_msp_queue_enable=YES # Dequeue stuck clientmqueue mail (YES/NO). sendmail_msp_queue_flags=-L sm-msp-queue -Ac -q30m # Flags for sendmail_msp_queue daemon. /etc/rc.sendmail doesn't exists. And /etc/rc.conf: ### Network daemon (miscellaneous) NFS options: ### sendmail_enable=NONE # Run the sendmail daemon (or NO). cron_enable=YES # Run the periodic job daemon. portmap_enable=NO # Run the portmapper service (or NO). usbd_enable=NO sshd_enable=YES tcp_drop_synfin=YES tcp_restrict_rst=YES syslogd_enable=YES# Run syslog daemon (or NO). syslogd_flags=-s -s # Flags to syslogd (if enabled). This is for FreeBSD 4.6-RELEASE ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Thursday 14 December 2006 02:08, James Long wrote: Date: Wed, 13 Dec 2006 17:33:32 -0600 From: Lane [EMAIL PROTECTED] Subject: Re: how do I see security logs without turning on sendmail? To: freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Tuareg, clearly sendmail is running. That is indicated by sendmail[41626] in your /var/log/sendmail log. The question, of course, is how does it get started. This is quite the WAG here, but can sendmail be started on-demand from inetd.conf? It may be a WAG, but it may explain all of what is going on. mail would attempt to create a connection to localhost, inetd would start sendmail to accept the connection, sendmail would route the message and then die. Tuareg, check out /etc/inetd.conf for an entry containing the word sendmail And let us know what you find. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Wed, Dec 13, 2006 at 10:51:36PM -0600, Lane wrote:
Tuareg,
I can't find the name of the quy who straightened me out on the fuction of
squid, but kudo's to him.
Clearly squid is not the culprit.
But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it is
the culprit.
First lets have a look at your /etc/crontab file. Specifically we are
interested in the lines which contain the term periodic
If these lines include parameters, which are passed to /usr/sbin/periodic,
then they may be the reason for your periodic emails being sent WITHOUT
sendmail being enabled by the normal boot process.
Take a look at /usr/sbin/periodic. Note that it uses values
in /etc/defaults/periodic.conf as well as any override variables
in /etc/rc.conf. It could also be overridden in other ways such as by
defining the value source_periodic_confs_defined and periodic_conf_files
but this should have already showed up in /etc/rc.conf.
While you are examining /usr/sbin/periodic, look for the term output
In my copy of that script there is a comment that looks like:
#Where's our output going?
Then there is a case block:
case $output in
/*) pipe=cat $output;;
) pipe=cat;;
*) pipe=mail -s '$host ${arg##*/} run output' $output;;
esac
If your predecessor had modified this script or, perhaps overridden it
using /etc/defaults/periodic.conf, then he may have either changed the *)
default case, or supplied parameters from /etc/crontab
(or /etc/defaults/periodic.conf) which could invoke sendmail directly. If he
used override variables, then he would probably also have added a case for )
pipe=sendmail -arg1 arg2 argn
This would account for sendmail being completely disabled in /etc/rc.conf AND
for the messages being sent out via sendmail. However, as I read it, the
behaviour you have reported would only occur if /usr/sbin/periodic was
actually modified, as the use of the $output variables does NOT seem to
allow for invocation of sendmail directly. And I don't believe that mail
can force invocation of sendmail (although I may be wrong, as the man page
does imply that mail will use any means available to get the message out).
If this is the case (i.e. if mail is invoking sendmail directly) you could
check it by trying to send mail from the command line on one of the servers
that actually does what you want it to do. If it works, and if there are NO
modifications to /usr/sbin/periodic or override defaults
in /etc/defaults/periodic.conf, then it will be safe to assume that
this feature has been properly quashed in 6.x. You would then need to
follow the procedures for setting up sendmail for outgoing-only, as many have
already recommended.
I haven't followed this whole thread so I may be jumping in to the
wrong place, but...
Somewhere it is documented - I have read it - that various utilities
such as mail invoke single instances of sendmail to transfer their
_outgoing only_ messages. I think, in those cases, sendmail clears
the mail queue before going away. They do not start sendmail as a
daemon or to receive email.
Probably some searching will find that documentation.
jerry
In any case, the behaviour you desire would only work properly by making the
appropriate changes to /etc/mail/hostname|freebsd.mc, (i.e. SMART_HOST
and/or HUB settings), and then running make install in /etc/mail. (And this
is always going to be the case where sendmail is concerned)
I hope this information leads you to a resolution, as it has been a great
learning experience for me ... but my brain hurts :)
lane
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Thu, Dec 14, 2006 at 12:08:23AM -0800, James Long wrote: Date: Wed, 13 Dec 2006 17:33:32 -0600 From: Lane [EMAIL PROTECTED] Subject: Re: how do I see security logs without turning on sendmail? To: freebsd-questions@freebsd.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Tuareg, clearly sendmail is running. That is indicated by sendmail[41626] in your /var/log/sendmail log. The question, of course, is how does it get started. This is quite the WAG here, but can sendmail be started on-demand from inetd.conf? It probably could, but I don't think that is the way it is done normally. Take a look in /etc/defaults/rc.conf at the stuff for sendmail and then note what overrides you have put in /etc/rc.conf Also, check out /etc/rc.sendmail jerry ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
Hi Lane, We have tried that too.. We have the same rules that in the other servers where we can send e-mail without launching sendmail as daemon. Anyway we have tried disabling all the rules with: ipfw -f -q flush And listing the rules: 65535 87358 61876 allow ip from any to any mail -v [EMAIL PROTECTED] Subject: test test. . EOT [EMAIL PROTECTED] Connecting to localhost.my.domain. via relay... [EMAIL PROTECTED] Deferred: Operation timed out with localhost.my.domain. mail -v [EMAIL PROTECTED] Subject: test test . EOT [EMAIL PROTECTED] Connecting to localhost.my.domain. via relay... [EMAIL PROTECTED] Deferred: Operation timed out with localhost.my.domain. Also searched about sendmail in the BSD FAQ, Handbook, if we should change some file in /etc/mail, but (maybe should look again?) didn't find anything about which file should we modify, let's say.. submit.mc? freebsd.submit.mc? Suggestions? Thank you for your help. On 12/8/06, Lane [EMAIL PROTECTED] wrote: On Friday 08 December 2006 11:16, Tuareg wrote: On 12/5/06, Lane [EMAIL PROTECTED] wrote: On Tuesday 05 December 2006 21:49, Wasp King wrote: is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. thanks. Zach using FreeBSD 4.2 and sendmail 8.x (maybe). _ __ IIRC, sendmail has three controlling values in /etc/rc.conf: sendmail_enable=YES sendmail_enable=NO and sendmail_enable=NONE The third value, NONE, causes the boot process to ignore any attempt to start sendmail. The second value, NO, causes the boot process to start sendmail for local delivery, only (i.e. do NOT accept inbound connections from external hosts). The first value, YES, causes the boot process to start sendmail for outgoing and incoming SMTP connections. There are many tweaks that you can use in /etc/rc.conf - (refer to /etc/defaults/rc.conf) - that will allow various flavors of sendmail usage. See also, /etc/rc.sendmail. In your case sendmail_enable=NO should allow the local system to send periodic information to [EMAIL PROTECTED], or whatever alias you use in /etc/mail/aliases, while disallowing external hosts from sending email by way of the local host. Note that this requires that you pay heed to /etc/mail/Makefile and associated README documentation in /usr/src/contrib/sendmail and below. Best of luck! lane Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x, this servers are enable to send mail but the daemon of sendmail is not launched. Now, we have installed FreeBSD 6.1 STABLE, but can't reply this schema. Which file needs to be modified in /etc/mail to allow the server to send emails to our real mailserver so we can receive the results of some scripts without launching the daemon of sendmail? We have tried using sendmail=NO, in rc.conf, but we only get this messages: [EMAIL PROTECTED] Connecting to [127.0.0.1] via relay... [EMAIL PROTECTED] Deferred: Permission denied Thank you for your help in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Your problem is likely related to ipfw, or firewall_type, firewall_enable in /etc/rc.conf. The permission denied error implies that your firewall ruleset is preventing the outgoing connection. Try: ipfw show to see your current firewall rules. Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get some more information on the firewall issues. When you've gotten that resolved you should have enough information to get sendmail working the way you want. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
Tuareg ... follow to difficult it find I as post top don't please ... to say it another way ... please don't top post, as I find it difficult to follow ... On Wednesday 13 December 2006 13:12, Tuareg wrote: Hi Lane, We have tried that too.. We have the same rules that in the other servers where we can send e-mail without launching sendmail as daemon. Anyway we have tried disabling all the rules with: ipfw -f -q flush And listing the rules: 65535 87358 61876 allow ip from any to any mail -v [EMAIL PROTECTED] Subject: test test. . EOT [EMAIL PROTECTED] Connecting to localhost.my.domain. via relay... [EMAIL PROTECTED] Deferred: Operation timed out with localhost.my.domain. mail -v [EMAIL PROTECTED] Subject: test test . EOT [EMAIL PROTECTED] Connecting to localhost.my.domain. via relay... [EMAIL PROTECTED] Deferred: Operation timed out with localhost.my.domain. Also searched about sendmail in the BSD FAQ, Handbook, if we should change some file in /etc/mail, but (maybe should look again?) didn't find anything about which file should we modify, let's say.. submit.mc? freebsd.submit.mc? Suggestions? Thank you for your help. On 12/8/06, Lane [EMAIL PROTECTED] wrote: On Friday 08 December 2006 11:16, Tuareg wrote: On 12/5/06, Lane [EMAIL PROTECTED] wrote: On Tuesday 05 December 2006 21:49, Wasp King wrote: is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. thanks. Zach using FreeBSD 4.2 and sendmail 8.x (maybe). _ __ IIRC, sendmail has three controlling values in /etc/rc.conf: sendmail_enable=YES sendmail_enable=NO and sendmail_enable=NONE The third value, NONE, causes the boot process to ignore any attempt to start sendmail. The second value, NO, causes the boot process to start sendmail for local delivery, only (i.e. do NOT accept inbound connections from external hosts). The first value, YES, causes the boot process to start sendmail for outgoing and incoming SMTP connections. There are many tweaks that you can use in /etc/rc.conf - (refer to /etc/defaults/rc.conf) - that will allow various flavors of sendmail usage. See also, /etc/rc.sendmail. In your case sendmail_enable=NO should allow the local system to send periodic information to [EMAIL PROTECTED], or whatever alias you use in /etc/mail/aliases, while disallowing external hosts from sending email by way of the local host. Note that this requires that you pay heed to /etc/mail/Makefile and associated README documentation in /usr/src/contrib/sendmail and below. Best of luck! lane Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x, this servers are enable to send mail but the daemon of sendmail is not launched. Now, we have installed FreeBSD 6.1 STABLE, but can't reply this schema. Which file needs to be modified in /etc/mail to allow the server to send emails to our real mailserver so we can receive the results of some scripts without launching the daemon of sendmail? We have tried using sendmail=NO, in rc.conf, but we only get this messages: [EMAIL PROTECTED] Connecting to [127.0.0.1] via relay... [EMAIL PROTECTED] Deferred: Permission denied Thank you for your help in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Your problem is likely related to ipfw, or firewall_type, firewall_enable in /etc/rc.conf. The permission denied error implies that your firewall ruleset is preventing the outgoing connection. Try: ipfw show to see your current firewall rules. Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get some more information on the firewall issues. When you've gotten that resolved you should have enough information to get sendmail working the way you want. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, What happens when you do this: telnet localhost Does the connection time out? Or do you get a sendmail prompt? I'm sort of mixed up on the order of the posts, here. But let me see if I can rephrase the problem and then possibly help you
Re: how do I see security logs without turning on sendmail?
Tuareg, What happens when you do this: telnet localhost Does the connection time out? Or do you get a sendmail prompt? I think you mean: telnet localhost 25 Makes a bit of difference! -- Jay Chandler Network Administrator, Chapman University ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail? (Minor correction ...)
On Wednesday 13 December 2006 13:33, Lane wrote: Tuareg ... follow to difficult it find I as post top don't please ... to say it another way ... please don't top post, as I find it difficult to follow ... On Wednesday 13 December 2006 13:12, Tuareg wrote: Hi Lane, We have tried that too.. We have the same rules that in the other servers where we can send e-mail without launching sendmail as daemon. Anyway we have tried disabling all the rules with: ipfw -f -q flush And listing the rules: 65535 87358 61876 allow ip from any to any mail -v [EMAIL PROTECTED] Subject: test test. . EOT [EMAIL PROTECTED] Connecting to localhost.my.domain. via relay... [EMAIL PROTECTED] Deferred: Operation timed out with localhost.my.domain. mail -v [EMAIL PROTECTED] Subject: test test . EOT [EMAIL PROTECTED] Connecting to localhost.my.domain. via relay... [EMAIL PROTECTED] Deferred: Operation timed out with localhost.my.domain. Also searched about sendmail in the BSD FAQ, Handbook, if we should change some file in /etc/mail, but (maybe should look again?) didn't find anything about which file should we modify, let's say.. submit.mc? freebsd.submit.mc? Suggestions? Thank you for your help. On 12/8/06, Lane [EMAIL PROTECTED] wrote: On Friday 08 December 2006 11:16, Tuareg wrote: On 12/5/06, Lane [EMAIL PROTECTED] wrote: On Tuesday 05 December 2006 21:49, Wasp King wrote: is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. thanks. Zach using FreeBSD 4.2 and sendmail 8.x (maybe). ___ __ __ IIRC, sendmail has three controlling values in /etc/rc.conf: sendmail_enable=YES sendmail_enable=NO and sendmail_enable=NONE The third value, NONE, causes the boot process to ignore any attempt to start sendmail. The second value, NO, causes the boot process to start sendmail for local delivery, only (i.e. do NOT accept inbound connections from external hosts). The first value, YES, causes the boot process to start sendmail for outgoing and incoming SMTP connections. There are many tweaks that you can use in /etc/rc.conf - (refer to /etc/defaults/rc.conf) - that will allow various flavors of sendmail usage. See also, /etc/rc.sendmail. In your case sendmail_enable=NO should allow the local system to send periodic information to [EMAIL PROTECTED], or whatever alias you use in /etc/mail/aliases, while disallowing external hosts from sending email by way of the local host. Note that this requires that you pay heed to /etc/mail/Makefile and associated README documentation in /usr/src/contrib/sendmail and below. Best of luck! lane Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x, this servers are enable to send mail but the daemon of sendmail is not launched. Now, we have installed FreeBSD 6.1 STABLE, but can't reply this schema. Which file needs to be modified in /etc/mail to allow the server to send emails to our real mailserver so we can receive the results of some scripts without launching the daemon of sendmail? We have tried using sendmail=NO, in rc.conf, but we only get this messages: [EMAIL PROTECTED] Connecting to [127.0.0.1] via relay... [EMAIL PROTECTED] Deferred: Permission denied Thank you for your help in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Your problem is likely related to ipfw, or firewall_type, firewall_enable in /etc/rc.conf. The permission denied error implies that your firewall ruleset is preventing the outgoing connection. Try: ipfw show to see your current firewall rules. Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get some more information on the firewall issues. When you've gotten that resolved you should have enough information to get sendmail working the way you want. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg,
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, What happens when you do this: telnet localhost telnet localhost 25 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Operation timed out telnet: Unable to connect to remote host Does the connection time out? Or do you get a sendmail prompt? Yes, the connection time out. No, I don't get the sendmail prompt, because there is no sendmail running. ps axwww | grep sendmail 47237 p0 R+ 0:00.00 grep sendmail I'm sort of mixed up on the order of the posts, here. But let me see if I can rephrase the problem and then possibly help you find a solution ... It seems to me that the problem is that you cannot determine how to make FreeBSD 6.x do like other hosts under your influence, so that it will send email from [EMAIL PROTECTED] to another (possibly a hub) server? Is that correct? Yes, we have older versions of FreeBSD (4.x and 5.x) running on remote servers where we can't interrupt the service, in this servers, we can send e-mails to our main e-mail server, were we get reports of scripts. In those servers, we don't have running sendmail, look: ps axwww | grep sendmail 19702 p0 D+ 0:00.00 grep sendmail % %telnet localhost 25 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Permission denied telnet: Unable to connect to remote host But, we are able to send emails: mail -v [EMAIL PROTECTED] Subject: Test Testing from FreeBSD 4.6-RELEASE . EOT [EMAIL PROTECTED] Connecting to main.server.com via esmtp... 220 main.server.com ESMTP EHLO server.FreeBSD.4.6-RELEASE 250-main.server.com Hello 250-8BITMIME 250-SIZE 31457280 250-ETRN 250-DSN 250 PIPELINING MAIL From:[EMAIL PROTECTED] SIZE=78 250 Sender OK RCPT To:[EMAIL PROTECTED] 250 Recipient OK DATA 354 Enter your message, followed by a dot on a line by itself . 250 AYQ81844 Message accepted for delivery [EMAIL PROTECTED] Sent (AYQ81844 Message accepted for delivery) Closing connection to main.server.com QUIT 221 main.server.com Goodbye First I assume that these other FreeBSD installations are also using sendmail. If that is NOT correct then your best hope is to replicate your mta configuration from those other hosts. In fact that might not be a bad idea regardless of what they are running :) You are right, all this installations are also using sendmail. But again, assuming you want to run sendmail and ONLY allow the localhost to transmit out to another host for collection and/or distribution, enter this value into /etc/rc.conf: sendmail_enable=NO Now edit /etc/mail/freebsd.mc. Locate the term SMART_HOST, uncomment that line, and enter the IP address or fully qualified domain name of your upstream server in place of 'your.isp.mail.server' Note: If 'your.isp.mail.server' is NOT resolvable on the localhost, then you must use the IP address. When you use the IP address, you must put it in [square brackets], like [192.168.2.1]. Now from /etc/mail, type make all install then shutdown and restart the server using your method of choice, or just type /etc/rc.d/sendmail restart And try to send email again. All should work now. But you must remember to configure the TARGET mail server to allow this host to send. I'll leave that as an exercise for you. lane Have some doubts... about this procedure.. I'm going to explain why In this server (from the example, server.FreeBSD.4.6-RELEASE, where we can send e-mail, but sendmail it's not running, rc.conf contains: sendmail_enable=NONE, sendmail it's not running: ps axwww | grep sendmail 19702 p0 D+ 0:00.00 grep sendmail And how I showed you in this messages, we are able to send messages, well.. root can do it, as a normal user I can't: mail -v [EMAIL PROTECTED] Subject: TEST Testing from FreeBSD 4.6-RELEASE . EOT collect: Cannot write ./dfkBDJDkW19705 (bfcommit, uid=xxx): Permission denied queueup: cannot create queue temp file ./tfkBDJDkW19705, uid=xxx: Permission denied The older sysadmin who made this configuration with FreeBSD 4.6-RELEASE, quit the job and didn't leave any documentation, a how to, nothing, were he explain how he did this. That's the reason why we are looking to repeat this configuration with FreeBSD 6.1-RELEASE, but couldn't do it.. yet. Thank you for your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Wednesday 13 December 2006 14:31, Tuareg wrote: On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, What happens when you do this: telnet localhost telnet localhost 25 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Operation timed out telnet: Unable to connect to remote host Does the connection time out? Or do you get a sendmail prompt? Yes, the connection time out. No, I don't get the sendmail prompt, because there is no sendmail running. ps axwww | grep sendmail 47237 p0 R+ 0:00.00 grep sendmail I'm sort of mixed up on the order of the posts, here. But let me see if I can rephrase the problem and then possibly help you find a solution ... It seems to me that the problem is that you cannot determine how to make FreeBSD 6.x do like other hosts under your influence, so that it will send email from [EMAIL PROTECTED] to another (possibly a hub) server? Is that correct? Yes, we have older versions of FreeBSD (4.x and 5.x) running on remote servers where we can't interrupt the service, in this servers, we can send e-mails to our main e-mail server, were we get reports of scripts. In those servers, we don't have running sendmail, look: ps axwww | grep sendmail 19702 p0 D+ 0:00.00 grep sendmail % %telnet localhost 25 Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Permission denied telnet: Unable to connect to remote host But, we are able to send emails: mail -v [EMAIL PROTECTED] Subject: Test Testing from FreeBSD 4.6-RELEASE . EOT [EMAIL PROTECTED] Connecting to main.server.com via esmtp... 220 main.server.com ESMTP EHLO server.FreeBSD.4.6-RELEASE 250-main.server.com Hello 250-8BITMIME 250-SIZE 31457280 250-ETRN 250-DSN 250 PIPELINING MAIL From:[EMAIL PROTECTED] SIZE=78 250 Sender OK RCPT To:[EMAIL PROTECTED] 250 Recipient OK DATA 354 Enter your message, followed by a dot on a line by itself . 250 AYQ81844 Message accepted for delivery [EMAIL PROTECTED] Sent (AYQ81844 Message accepted for delivery) Closing connection to main.server.com QUIT 221 main.server.com Goodbye First I assume that these other FreeBSD installations are also using sendmail. If that is NOT correct then your best hope is to replicate your mta configuration from those other hosts. In fact that might not be a bad idea regardless of what they are running :) You are right, all this installations are also using sendmail. But again, assuming you want to run sendmail and ONLY allow the localhost to transmit out to another host for collection and/or distribution, enter this value into /etc/rc.conf: sendmail_enable=NO Now edit /etc/mail/freebsd.mc. Locate the term SMART_HOST, uncomment that line, and enter the IP address or fully qualified domain name of your upstream server in place of 'your.isp.mail.server' Note: If 'your.isp.mail.server' is NOT resolvable on the localhost, then you must use the IP address. When you use the IP address, you must put it in [square brackets], like [192.168.2.1]. Now from /etc/mail, type make all install then shutdown and restart the server using your method of choice, or just type /etc/rc.d/sendmail restart And try to send email again. All should work now. But you must remember to configure the TARGET mail server to allow this host to send. I'll leave that as an exercise for you. lane Have some doubts... about this procedure.. I'm going to explain why In this server (from the example, server.FreeBSD.4.6-RELEASE, where we can send e-mail, but sendmail it's not running, rc.conf contains: sendmail_enable=NONE, sendmail it's not running: ps axwww | grep sendmail 19702 p0 D+ 0:00.00 grep sendmail And how I showed you in this messages, we are able to send messages, well.. root can do it, as a normal user I can't: mail -v [EMAIL PROTECTED] Subject: TEST Testing from FreeBSD 4.6-RELEASE . EOT collect: Cannot write ./dfkBDJDkW19705 (bfcommit, uid=xxx): Permission denied queueup: cannot create queue temp file ./tfkBDJDkW19705, uid=xxx: Permission denied The older sysadmin who made this configuration with FreeBSD 4.6-RELEASE, quit the job and didn't leave any documentation, a how to, nothing, were he explain how he did this. That's the reason why we are looking to repeat this configuration with FreeBSD 6.1-RELEASE, but couldn't do it.. yet. Thank you for your help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Post /etc/rc.conf from one of the servers that does what you want and that should lead us to what mta is handling email. Also, please post a copy of ls -al /usr/local/etc/rc.d from that same working server, just in case there is a custom script starting the mta. lane
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, Post /etc/rc.conf from one of the servers that does what you want and that should lead us to what mta is handling email. cat /etc/rc.conf ### Network daemon (miscellaneous) NFS options: ### sendmail_enable=NONE # Run the sendmail daemon (or NO). cron_enable=YES # Run the periodic job daemon. portmap_enable=NO # Run the portmapper service (or NO). usbd_enable=NO sshd_enable=YES tcp_drop_synfin=YES tcp_restrict_rst=YES syslogd_enable=YES# Run syslog daemon (or NO). syslogd_flags=-s -s # Flags to syslogd (if enabled). Also, please post a copy of ls -al /usr/local/etc/rc.d from that same working server, just in case there is a custom script starting the mta. lane ls -al /usr/local/etc/rc.d total 10 drwxr-xr-x 2 root wheel 512 Jan 23 2003 . drwxr-xr-x 4 root wheel 512 Oct 30 18:06 .. -rwxr--r-- 1 root wheel 624 Jan 14 2003 squid.sh And that's all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Wednesday 13 December 2006 16:36, Tuareg wrote: On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, Post /etc/rc.conf from one of the servers that does what you want and that should lead us to what mta is handling email. cat /etc/rc.conf ### Network daemon (miscellaneous) NFS options: ### sendmail_enable=NONE # Run the sendmail daemon (or NO). cron_enable=YES # Run the periodic job daemon. portmap_enable=NO # Run the portmapper service (or NO). usbd_enable=NO sshd_enable=YES tcp_drop_synfin=YES tcp_restrict_rst=YES syslogd_enable=YES# Run syslog daemon (or NO). syslogd_flags=-s -s # Flags to syslogd (if enabled). Also, please post a copy of ls -al /usr/local/etc/rc.d from that same working server, just in case there is a custom script starting the mta. lane ls -al /usr/local/etc/rc.d total 10 drwxr-xr-x 2 root wheel 512 Jan 23 2003 . drwxr-xr-x 4 root wheel 512 Oct 30 18:06 .. -rwxr--r-- 1 root wheel 624 Jan 14 2003 squid.sh And that's all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Yours is a mystery. Let's see the output of tail -200 /var/log/maillog from the working machine. Clearly there is no mta being started on boot. But I'm not familiar enough with squid to say for sure that it is not the daemon in question. It may be that squid is configurable so that it could be delivering the log messages. I'll make it and see what I can see. In the mean time, if anyone else has some ready experience to say for certain that this is probably what's happening, then jump right in. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, Yours is a mystery. Exactly... I can't find how the server is sending the emails without having sendmail active. Let's see the output of tail -200 /var/log/maillog from the working machine. Ok, here we go Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYP95973 Message accepted for delivery) Dec 13 01:00:02 myhost sendmail[41626]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 01:00:03 myhost sendmail[41626]: kBD702J41626: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 01:00:04 myhost sendmail[41629]: kBD702J41626: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYM94014 Message accepted for delivery) Dec 13 02:00:01 myhost sendmail[41741]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 02:00:01 myhost sendmail[41741]: kBD801C41741: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 02:00:02 myhost sendmail[41744]: kBD801C41741: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYQ08859 Message accepted for delivery) Dec 13 03:00:01 myhost sendmail[41850]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 03:00:02 myhost sendmail[41850]: kBD901x41850: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 03:00:03 myhost sendmail[41853]: kBD901x41850: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYX97507 Message accepted for delivery) Dec 13 04:00:01 myhost sendmail[41954]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 04:00:01 myhost sendmail[41954]: kBDA01S41954: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 04:00:02 myhost sendmail[41957]: kBDA01S41954: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYN10182 Message accepted for delivery) Dec 13 05:00:01 myhost sendmail[42057]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 05:00:02 myhost sendmail[42057]: kBDB01842057: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 05:00:03 myhost sendmail[42060]: kBDB01842057: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYY07081 Message accepted for delivery) Dec 13 06:00:01 myhost sendmail[42160]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 06:00:01 myhost sendmail[42160]: kBDC01p42160: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 06:00:02 myhost sendmail[42163]: kBDC01p42160: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYQ28469 Message accepted for delivery) Dec 13 07:00:02 myhost sendmail[42257]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 07:00:02 myhost sendmail[42257]: kBDD02342257: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 07:00:03 myhost sendmail[42260]: kBDD02342257: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYY16076 Message accepted for delivery) Dec 13 08:00:03 myhost sendmail[42364]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 08:00:03 myhost sendmail[42364]: kBDE03W42364: from=root, size=136, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 08:00:05 myhost sendmail[42367]: kBDE03W42364: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=30136, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYQ38182 Message accepted for delivery) Dec 13 09:00:01 myhost sendmail[42461]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 09:00:01 myhost sendmail[42461]: kBDF01U42461: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 09:00:02 myhost sendmail[42464]: kBDF01U42461: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01,
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Lane [EMAIL PROTECTED] wrote: On Wednesday 13 December 2006 16:36, Tuareg wrote: On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, Post /etc/rc.conf from one of the servers that does what you want and that should lead us to what mta is handling email. cat /etc/rc.conf ### Network daemon (miscellaneous) NFS options: ### sendmail_enable=NONE # Run the sendmail daemon (or NO). cron_enable=YES # Run the periodic job daemon. portmap_enable=NO # Run the portmapper service (or NO). usbd_enable=NO sshd_enable=YES tcp_drop_synfin=YES tcp_restrict_rst=YES syslogd_enable=YES# Run syslog daemon (or NO). syslogd_flags=-s -s # Flags to syslogd (if enabled). Also, please post a copy of ls -al /usr/local/etc/rc.d from that same working server, just in case there is a custom script starting the mta. lane ls -al /usr/local/etc/rc.d total 10 drwxr-xr-x 2 root wheel 512 Jan 23 2003 . drwxr-xr-x 4 root wheel 512 Oct 30 18:06 .. -rwxr--r-- 1 root wheel 624 Jan 14 2003 squid.sh And that's all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Yours is a mystery. Let's see the output of tail -200 /var/log/maillog from the working machine. Clearly there is no mta being started on boot. But I'm not familiar enough with squid to say for sure that it is not the daemon in question. It may be that squid is configurable so that it could be delivering the log messages. I'll make it and see what I can see. In the mean time, if anyone else has some ready experience to say for certain that this is probably what's happening, then jump right in. lane ___ You need something to be able to send emails to mail servers. Either a MUA which is capable of doing so (of which mail(8) is not) or an MTA locally. Are you sure you didn't follow these instructions on the other servers: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/outgoing-only.html How about trying them? Chad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Wednesday 13 December 2006 17:22, Tuareg wrote: On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, Yours is a mystery. Exactly... I can't find how the server is sending the emails without having sendmail active. Let's see the output of tail -200 /var/log/maillog from the working machine. Ok, here we go Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYP95973 Message accepted for delivery) Dec 13 01:00:02 myhost sendmail[41626]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 01:00:03 myhost sendmail[41626]: kBD702J41626: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 01:00:04 myhost sendmail[41629]: kBD702J41626: to= [EMAIL PROTECTED], ctladdr=root (0/0), delay=00:00:02, xdelay=00:00:01, mailer=esmtp, pri=30137, relay=main.server.com. [xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (AYM94014 Message accepted for delivery) Tuareg, clearly sendmail is running. That is indicated by sendmail[41626] in your /var/log/sendmail log. The question, of course, is how does it get started. The answer is still mysterious ... unless, of course, it is being managed by squid. In that case it might not be running as a daemon process, but could be invoked by squid when it needs to send mail. But I'm just guessing at this point. I really don't know enough about squid to give you an authoritative answer. I've got to step out for a few hours, but I'll see what I can find out on squid and get back to you in the morning. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Chad Gross [EMAIL PROTECTED] wrote: You need something to be able to send emails to mail servers. Either a MUA which is capable of doing so (of which mail(8) is not) or an MTA locally. Are you sure you didn't follow these instructions on the other servers: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/outgoing-only.html No, I've already checked this option, but not, ssmtp port it's not being used. How about trying them? Could be, but its just that my boss believes that we can replicate the configuration of the old servers without installing anything else. Chad Thank you Chad. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, clearly sendmail is running. That is indicated by sendmail[41626] in your /var/log/sendmail log. The question, of course, is how does it get started. The answer is still mysterious ... unless, of course, it is being managed by squid. In that case it might not be running as a daemon process, but could be invoked by squid when it needs to send mail. That's exactly what is getting us crazy, know how. But I'm just guessing at this point. I really don't know enough about squid to give you an authoritative answer. I've got to step out for a few hours, but I'll see what I can find out on squid and get back to you in the morning. lane Thank you for your help and don't worry, we really appreciate all your help. It's time to get some fresh air, and tomorrow bring our brains to get this thing done. Cheers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Wed, Dec 13, 2006 at 05:22:41PM -0600, Tuareg wrote: Dec 13 00:00:00 myhost newsyslog[41433]: logfile turned over Dec 13 00:00:02 myhost sendmail[41485]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 1 Dec 13 00:00:02 myhost sendmail[41485]: kBD602j41485: from=root, size=137, class=0, nrcpts=1, msgid= [EMAIL PROTECTED], [EMAIL PROTECTED] Dec 13 00:00:03 myhost sendmail[41488]: kBD602j41485: to= [...] clearly sendmail is running, but not as a daemon. It gets called for every single mail by some other process running as root. You suspect squid to do so? (unlikely, why should a webcache send emails...) Well, then run squid as another user and watch the logs, should be from=squiduser then... The problem with too much root- processes is, you can't tell which one is going mad. enjoy, Armin -- PUBBOX Postmaster + spam-killer. Free email addresses at http://pubbox.net/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Wednesday December 13, 2006 at 06:26:58 (PM) Chad Gross wrote: On 12/13/06, Lane [EMAIL PROTECTED] wrote: On Wednesday 13 December 2006 16:36, Tuareg wrote: On 12/13/06, Lane [EMAIL PROTECTED] wrote: Tuareg, Post /etc/rc.conf from one of the servers that does what you want and that should lead us to what mta is handling email. cat /etc/rc.conf ### Network daemon (miscellaneous) NFS options: ### sendmail_enable=NONE # Run the sendmail daemon (or NO). cron_enable=YES # Run the periodic job daemon. portmap_enable=NO # Run the portmapper service (or NO). usbd_enable=NO sshd_enable=YES tcp_drop_synfin=YES tcp_restrict_rst=YES syslogd_enable=YES# Run syslog daemon (or NO). syslogd_flags=-s -s # Flags to syslogd (if enabled). Also, please post a copy of ls -al /usr/local/etc/rc.d from that same working server, just in case there is a custom script starting the mta. lane ls -al /usr/local/etc/rc.d total 10 drwxr-xr-x 2 root wheel 512 Jan 23 2003 . drwxr-xr-x 4 root wheel 512 Oct 30 18:06 .. -rwxr--r-- 1 root wheel 624 Jan 14 2003 squid.sh And that's all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Yours is a mystery. Let's see the output of tail -200 /var/log/maillog from the working machine. Clearly there is no mta being started on boot. But I'm not familiar enough with squid to say for sure that it is not the daemon in question. It may be that squid is configurable so that it could be delivering the log messages. I'll make it and see what I can see. In the mean time, if anyone else has some ready experience to say for certain that this is probably what's happening, then jump right in. lane ___ You need something to be able to send emails to mail servers. Either a MUA which is capable of doing so (of which mail(8) is not) or an MTA locally. Are you sure you didn't follow these instructions on the other servers: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/outgoing-only.html You need to check out this URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html Also, Sendmail is invoked from the /etc/defaults/rc.conf file. You over ride it in the /etc/rc.conf file. In FreeBSD 5.0, SENDMAIL_ENABLE=NONE is not the proper way to disable Sendmail. Check out the above URL for further information. -- Gerard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
Tuareg,
I can't find the name of the quy who straightened me out on the fuction of
squid, but kudo's to him.
Clearly squid is not the culprit.
But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it is
the culprit.
First lets have a look at your /etc/crontab file. Specifically we are
interested in the lines which contain the term periodic
If these lines include parameters, which are passed to /usr/sbin/periodic,
then they may be the reason for your periodic emails being sent WITHOUT
sendmail being enabled by the normal boot process.
Take a look at /usr/sbin/periodic. Note that it uses values
in /etc/defaults/periodic.conf as well as any override variables
in /etc/rc.conf. It could also be overridden in other ways such as by
defining the value source_periodic_confs_defined and periodic_conf_files
but this should have already showed up in /etc/rc.conf.
While you are examining /usr/sbin/periodic, look for the term output
In my copy of that script there is a comment that looks like:
#Where's our output going?
Then there is a case block:
case $output in
/*) pipe=cat $output;;
) pipe=cat;;
*) pipe=mail -s '$host ${arg##*/} run output' $output;;
esac
If your predecessor had modified this script or, perhaps overridden it
using /etc/defaults/periodic.conf, then he may have either changed the *)
default case, or supplied parameters from /etc/crontab
(or /etc/defaults/periodic.conf) which could invoke sendmail directly. If he
used override variables, then he would probably also have added a case for )
pipe=sendmail -arg1 arg2 argn
This would account for sendmail being completely disabled in /etc/rc.conf AND
for the messages being sent out via sendmail. However, as I read it, the
behaviour you have reported would only occur if /usr/sbin/periodic was
actually modified, as the use of the $output variables does NOT seem to
allow for invocation of sendmail directly. And I don't believe that mail
can force invocation of sendmail (although I may be wrong, as the man page
does imply that mail will use any means available to get the message out).
If this is the case (i.e. if mail is invoking sendmail directly) you could
check it by trying to send mail from the command line on one of the servers
that actually does what you want it to do. If it works, and if there are NO
modifications to /usr/sbin/periodic or override defaults
in /etc/defaults/periodic.conf, then it will be safe to assume that
this feature has been properly quashed in 6.x. You would then need to
follow the procedures for setting up sendmail for outgoing-only, as many have
already recommended.
In any case, the behaviour you desire would only work properly by making the
appropriate changes to /etc/mail/hostname|freebsd.mc, (i.e. SMART_HOST
and/or HUB settings), and then running make install in /etc/mail. (And this
is always going to be the case where sendmail is concerned)
I hope this information leads you to a resolution, as it has been a great
learning experience for me ... but my brain hurts :)
lane
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/5/06, Lane [EMAIL PROTECTED] wrote: On Tuesday 05 December 2006 21:49, Wasp King wrote: is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. thanks. Zach using FreeBSD 4.2 and sendmail 8.x (maybe). ___ IIRC, sendmail has three controlling values in /etc/rc.conf: sendmail_enable=YES sendmail_enable=NO and sendmail_enable=NONE The third value, NONE, causes the boot process to ignore any attempt to start sendmail. The second value, NO, causes the boot process to start sendmail for local delivery, only (i.e. do NOT accept inbound connections from external hosts). The first value, YES, causes the boot process to start sendmail for outgoing and incoming SMTP connections. There are many tweaks that you can use in /etc/rc.conf - (refer to /etc/defaults/rc.conf) - that will allow various flavors of sendmail usage. See also, /etc/rc.sendmail. In your case sendmail_enable=NO should allow the local system to send periodic information to [EMAIL PROTECTED], or whatever alias you use in /etc/mail/aliases, while disallowing external hosts from sending email by way of the local host. Note that this requires that you pay heed to /etc/mail/Makefile and associated README documentation in /usr/src/contrib/sendmail and below. Best of luck! lane Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x, this servers are enable to send mail but the daemon of sendmail is not launched. Now, we have installed FreeBSD 6.1 STABLE, but can't reply this schema. Which file needs to be modified in /etc/mail to allow the server to send emails to our real mailserver so we can receive the results of some scripts without launching the daemon of sendmail? We have tried using sendmail=NO, in rc.conf, but we only get this messages: [EMAIL PROTECTED] Connecting to [127.0.0.1] via relay... [EMAIL PROTECTED] Deferred: Permission denied Thank you for your help in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Friday 08 December 2006 11:16, Tuareg wrote: On 12/5/06, Lane [EMAIL PROTECTED] wrote: On Tuesday 05 December 2006 21:49, Wasp King wrote: is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. thanks. Zach using FreeBSD 4.2 and sendmail 8.x (maybe). _ __ IIRC, sendmail has three controlling values in /etc/rc.conf: sendmail_enable=YES sendmail_enable=NO and sendmail_enable=NONE The third value, NONE, causes the boot process to ignore any attempt to start sendmail. The second value, NO, causes the boot process to start sendmail for local delivery, only (i.e. do NOT accept inbound connections from external hosts). The first value, YES, causes the boot process to start sendmail for outgoing and incoming SMTP connections. There are many tweaks that you can use in /etc/rc.conf - (refer to /etc/defaults/rc.conf) - that will allow various flavors of sendmail usage. See also, /etc/rc.sendmail. In your case sendmail_enable=NO should allow the local system to send periodic information to [EMAIL PROTECTED], or whatever alias you use in /etc/mail/aliases, while disallowing external hosts from sending email by way of the local host. Note that this requires that you pay heed to /etc/mail/Makefile and associated README documentation in /usr/src/contrib/sendmail and below. Best of luck! lane Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x, this servers are enable to send mail but the daemon of sendmail is not launched. Now, we have installed FreeBSD 6.1 STABLE, but can't reply this schema. Which file needs to be modified in /etc/mail to allow the server to send emails to our real mailserver so we can receive the results of some scripts without launching the daemon of sendmail? We have tried using sendmail=NO, in rc.conf, but we only get this messages: [EMAIL PROTECTED] Connecting to [127.0.0.1] via relay... [EMAIL PROTECTED] Deferred: Permission denied Thank you for your help in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Tuareg, Your problem is likely related to ipfw, or firewall_type, firewall_enable in /etc/rc.conf. The permission denied error implies that your firewall ruleset is preventing the outgoing connection. Try: ipfw show to see your current firewall rules. Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get some more information on the firewall issues. When you've gotten that resolved you should have enough information to get sendmail working the way you want. lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
Thanks. this seem to work for me! --- Lane [EMAIL PROTECTED] wrote: ___ IIRC, sendmail has three controlling values in /etc/rc.conf: sendmail_enable=YES sendmail_enable=NO and sendmail_enable=NONE The third value, NONE, causes the boot process to ignore any attempt to start sendmail. The second value, NO, causes the boot process to start sendmail for local delivery, only (i.e. do NOT accept inbound connections from external hosts). The first value, YES, causes the boot process to start sendmail for outgoing and incoming SMTP connections. There are many tweaks that you can use in /etc/rc.conf - (refer to /etc/defaults/rc.conf) - that will allow various flavors of sendmail usage. See also, /etc/rc.sendmail. In your case sendmail_enable=NO should allow the local system to send periodic information to [EMAIL PROTECTED], or whatever alias you use in /etc/mail/aliases, while disallowing external hosts from sending email by way of the local host. Note that this requires that you pay heed to /etc/mail/Makefile and associated README documentation in /usr/src/contrib/sendmail and below. Best of luck! lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Have a burning question? Go to www.Answers.yahoo.com and get answers from real people who know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
Wasp King wrote: there must be a way to enable only local mail delivery...but I am not sure how.. Someone already posted the rc.conf switches to disable sendmail. Use those, esp sendmail_enable=NONE to get rid of it. Then install an alternate. I use SSMTP from the ports. -Wayne ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On 12/5/06, Wasp King [EMAIL PROTECTED] wrote: is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. Look at /etc/defaults/periodic.conf (grep outp /etc/defaults/periodic.conf) NB: changes should usually go in a file named /etc/periodic.conf -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: how do I see security logs without turning on sendmail?
Business and Technology Solutions The Royal Automobile Club of W.A. 832 Wellington Street -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd- [EMAIL PROTECTED] On Behalf Of Wasp King Sent: Wednesday, 6 December 2006 12:49 PM To: freebsd-questions@freebsd.org Subject: how do I see security logs without turning on sendmail? is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. thanks. Zach using FreeBSD 4.2 and sendmail 8.x (maybe). In you /etc/rc.conf.local file add: sendmail_enable=no This will only allow Sendmail accept and deliver local mail. Regards, Russell Wood DISCLAIMER: Disclaimer. This e-mail is private and confidential. If you are not the intended recipient, please advise us by return e-mail immediately, and delete the e-mail and any attachments without using or disclosing the contents in any way. The views expressed in this e-mail are those of the author, and do not represent those of this company unless this is clearly indicated. You should scan this e-mail and any attachments for viruses. This company accepts no liability for any direct or indirect damage or loss resulting from the use of any attachments to this e-mail. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: how do I see security logs without turning on sendmail?
On Tuesday 05 December 2006 21:49, Wasp King wrote: is there a way that one can specify a log place to see daily logs like you receive from [EMAIL PROTECTED], when sendmail is turned on? there must be a way to enable only local mail delivery...but I am not sure how.. would like to shut down sendmail but want to see security logs. thanks. Zach using FreeBSD 4.2 and sendmail 8.x (maybe). ___ IIRC, sendmail has three controlling values in /etc/rc.conf: sendmail_enable=YES sendmail_enable=NO and sendmail_enable=NONE The third value, NONE, causes the boot process to ignore any attempt to start sendmail. The second value, NO, causes the boot process to start sendmail for local delivery, only (i.e. do NOT accept inbound connections from external hosts). The first value, YES, causes the boot process to start sendmail for outgoing and incoming SMTP connections. There are many tweaks that you can use in /etc/rc.conf - (refer to /etc/defaults/rc.conf) - that will allow various flavors of sendmail usage. See also, /etc/rc.sendmail. In your case sendmail_enable=NO should allow the local system to send periodic information to [EMAIL PROTECTED], or whatever alias you use in /etc/mail/aliases, while disallowing external hosts from sending email by way of the local host. Note that this requires that you pay heed to /etc/mail/Makefile and associated README documentation in /usr/src/contrib/sendmail and below. Best of luck! lane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
