Date: Wed, 13 Dec 2006 13:41:28 -0600 From: Lane <lane@joeandlane.com> To: freebsd-questions@freebsd.org Subject: Re: how do I see security logs without turning on sendmail? (Minor correction ...) Message-ID: <200612131341.29104.lane@joeandlane.com> In-Reply-To: <200612131333.20652.lane@joeandlane.com> References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> <7a4a15bd0612131112x25e1cc4mcfb85843edcf596@mail.gmail.com> <200612131333.20652.lane@joeandlane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 13 December 2006 13:33, Lane wrote: > Tuareg > ... > follow > to > difficult > it > find > I > as > post > top > don't > please > > ... to say it another way ... > > please > don't > top > post, > as > I > find > it > difficult > to > follow ... > > On Wednesday 13 December 2006 13:12, Tuareg wrote: > > Hi Lane, > > > > We have tried that too.. > > > > We have the same rules that in the other servers where we can send e-mail > > without launching sendmail as daemon. > > > > Anyway we have tried disabling all the rules with: ipfw -f -q flush > > > > And listing the rules: > > > > 65535 87358 61876 allow ip from any to any > > > > > > mail -v root@localhost > > Subject: test > > test. > > . > > EOT > > root@localhost... Connecting to localhost.my.domain. via relay... > > root@localhost... Deferred: Operation timed out with localhost.my.domain. > > > > mail -v user@other.domain.com > > Subject: test > > test > > . > > EOT > > user@other.domain.com... Connecting to localhost.my.domain. via relay... > > user@other.domain.com... Deferred: Operation timed out with > > localhost.my.domain. > > > > > > Also searched about sendmail in the BSD FAQ, Handbook, if we should > > change some file in /etc/mail, but (maybe should look again?) didn't find > > anything about which file should we modify, let's say.. submit.mc? > > freebsd.submit.mc? > > > > Suggestions? > > > > Thank you for your help. > > > > On 12/8/06, Lane <lane@joeandlane.com> wrote: > > > On Friday 08 December 2006 11:16, Tuareg wrote: > > > > On 12/5/06, Lane <lane@joeandlane.com> wrote: > > > > > On Tuesday 05 December 2006 21:49, Wasp King wrote: > > > > > > is there a way that one can specify a log place to see > > > > > > daily logs like you receive from root@localhost, when > > > > > > sendmail is turned on? > > > > > > > > > > > > there must be a way to enable only local mail > > > > > > delivery...but I am not sure how.. > > > > > > > > > > > > would like to shut down sendmail but want to see > > > > > > security logs. > > > > > > > > > > > > thanks. > > > > > > > > > > > > Zach > > > > > > using FreeBSD 4.2 and sendmail 8.x (maybe). > > > > > > _______________________________________________________________________ > > >__ > > > > > > > >__ IIRC, sendmail has three controlling values in /etc/rc.conf: > > > > > > > > > > sendmail_enable="YES" > > > > > sendmail_enable="NO" > > > > > and > > > > > sendmail_enable="NONE" > > > > > > > > > > The third value, "NONE," causes the boot process to ignore any > > > > > attempt > > > > > > to > > > > > > > > start sendmail. > > > > > > > > > > The second value, "NO," causes the boot process to start sendmail > > > > > for "local > > > > > delivery, only" (i.e. do NOT accept inbound connections from > > > > > external hosts). > > > > > > > > > > The first value, "YES," causes the boot process to start sendmail > > > > > for outgoing > > > > > and incoming SMTP connections. > > > > > > > > > > There are many "tweaks" that you can use in /etc/rc.conf - (refer > > > > > to /etc/defaults/rc.conf) - that will allow various flavors of > > > > > > sendmail > > > > > > > > usage. See also, /etc/rc.sendmail. > > > > > > > > > > In your case sendmail_enable="NO" should allow the local system to > > > > > send "periodic" information to root@localhost, or whatever alias > > > > > you > > > > > > use > > > > > > > > in /etc/mail/aliases, while disallowing external hosts from sending > > > > > > email > > > > > > > > by > > > > > way of the local host. Note that this requires that you pay heed > > > > > to /etc/mail/Makefile and associated README documentation > > > > > in /usr/src/contrib/sendmail and below. > > > > > > > > > > Best of luck! > > > > > > > > > > > > > > > lane > > > > > > > > Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x, > > > > > > this > > > > > > > servers are enable to send mail but the daemon of sendmail is not > > > > > > launched. > > > > > > > Now, we have installed FreeBSD 6.1 STABLE, but can't reply this > > > > schema. > > > > > > > > Which file needs to be modified in /etc/mail to allow the server to > > > > send emails to our real mailserver so we can receive the results of > > > > some > > > > > > scripts > > > > > > > without launching the daemon of sendmail? > > > > > > > > We have tried using sendmail="NO", in rc.conf, but we only get this > > > > messages: > > > > > > > > user@mydomain.com... Connecting to [127.0.0.1] via relay... > > > > user@mydomain.com... Deferred: Permission denied > > > > > > > > Thank you for your help in advance. > > > > _______________________________________________ > > > > freebsd-questions@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > > To unsubscribe, send any mail to > > > > "freebsd-questions-unsubscribe@freebsd.org" > > > > > > Tuareg, > > > > > > Your problem is likely related to ipfw, or "firewall_type", > > > "firewall_enable" > > > in /etc/rc.conf. > > > > > > The "permission denied" error implies that your firewall ruleset is > > > preventing > > > the outgoing connection. Try: > > > > > > ipfw show > > > > > > to see your current firewall rules. > > > > > > Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get > > > some more > > > information on the firewall issues. > > > > > > When you've gotten that resolved you should have enough information to > > > get sendmail working the way you want. > > > > > > lane > > > _______________________________________________ > > > freebsd-questions@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > To unsubscribe, send any mail to " > > > freebsd-questions-unsubscribe@freebsd.org" > > Tuareg, > > What happens when you do this: > > telnet localhost Of course I mean: telnet locahost 25 :) > > Does the connection time out? Or do you get a sendmail prompt? > > I'm sort of mixed up on the order of the posts, here. But let me see if I > can rephrase the problem .... and then possibly help you find a solution > ... > > It seems to me that the problem is that you cannot determine how to make > FreeBSD 6.x do like other hosts under your influence, so that it will send > email from root@localhost to another (possibly a hub) server? Is that > correct? > > > First I assume that these other FreeBSD installations are also using > sendmail. If that is NOT correct then your best hope is to replicate your > mta configuration from those other hosts. In fact that might not be a bad > idea regardless of what they are running :) > > But again, assuming you want to run sendmail and ONLY allow the localhost > to transmit out to another host for collection and/or distribution, enter > this value into /etc/rc.conf: > > sendmail_enable="NO" > > Now edit /etc/mail/freebsd.mc. Locate the term "SMART_HOST," uncomment > that line, and enter the IP address or fully qualified domain name of your > upstream server in place of 'your.isp.mail.server' > > Note: If 'your.isp.mail.server' is NOT resolvable on the localhost, then > you must use the IP address. When you use the IP address, you must put it > in [square brackets], like [192.168.2.1]. > > Now from /etc/mail, type > > make all install > > then shutdown and restart the server using your method of choice, or just > type > > /etc/rc.d/sendmail restart > > And try to send email again. All should work now. > > But you must remember to configure the TARGET mail server to allow this > host to send. I'll leave that as an exercise for you. > > lane > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612131341.29104.lane>