Date: Sun, 5 Jan 1997 18:47:29 -0600 (CST) From: Jimbo Bahooli <moke@fools.ecpnet.com> To: freebsd-security@freebsd.org Subject: sendmail....tricks... Message-ID: <Pine.BSF.3.95.970105182549.18011A-100000@fools.ecpnet.com>
next in thread | raw e-mail | index | archive | help
Well in watching this mailing list and many others, the solution to the sendmail problem seems to be not run it as root. Yet, because of the performance hit many do not wish to start it from inetd. I have found somewhat of hack solution with a few downfalls, but seems to work. The first idea, which i have successfully accomplished, is logging and access control via tcp wrappers. This idea uses netcat, /usr/ports/net/netcat, and some configuration. First, I setup sendmail to bind to a different port by changing this line in sendmail.cf to: O DaemonPortOptions=Port=26 This could easily be a port above 1024 allowing it to bind to its port as a non-root user. Second, I linked /usr/local/bin/nc (netcat) to /usr/local/bin/recvmail to make logs more readable when tcp wrappers style logging is used. Third, I added a line to /etc/inetd.conf, smtp stream tcp nowait nobody /usr/libexec/tcpd /usr/local/bin/recvmail -w 3 127.0.0.1 26 (all on one line of course) Restarted everything, and now I get nice log entries of each mail connect, with the increased overhead of running a netcat, which compared to a new sendmail from inetd is very small. Any comments on this? Time permitting I am going to explore running sendmail on a non-root port and having netcat forward connections to it from inetd. -moke@fools.ecpnet.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970105182549.18011A-100000>