From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 04:49:08 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 722AC16A5EC for ; Thu, 14 Dec 2006 04:49:08 +0000 (UTC) (envelope-from lane@joeandlane.com) Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DF4A43C9F for ; Thu, 14 Dec 2006 04:47:34 +0000 (GMT) (envelope-from lane@joeandlane.com) Received: from [66.47.111.183] (helo=joeandlane.com) by elasmtp-dupuy.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1GuiWh-0000Nh-UJ for freebsd-questions@freebsd.org; Wed, 13 Dec 2006 23:49:00 -0500 Received: from joeandlane.com (localhost.localnet.local [127.0.0.1]) by joeandlane.com (8.13.8/8.13.1) with ESMTP id kBE4paek036148 for ; Wed, 13 Dec 2006 22:51:36 -0600 (CST) (envelope-from lane@joeandlane.com) Received: from localhost (localhost [[UNIX: localhost]]) by joeandlane.com (8.13.8/8.13.1/Submit) id kBE4padH036147 for freebsd-questions@freebsd.org; Wed, 13 Dec 2006 22:51:36 -0600 (CST) (envelope-from lane@joeandlane.com) X-Authentication-Warning: joeandlane.com: lholcombe set sender to lane@joeandlane.com using -f From: Lane To: freebsd-questions@freebsd.org Date: Wed, 13 Dec 2006 22:51:36 -0600 User-Agent: KMail/1.9.4 References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com> <200612131733.32763.lane@joeandlane.com> In-Reply-To: <200612131733.32763.lane@joeandlane.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200612132251.36352.lane@joeandlane.com> X-CD-SOLUTIONS-MailScanner-Information: Please contact the ISP for more information X-CD-SOLUTIONS-MailScanner: Found to be clean X-CD-SOLUTIONS-MailScanner-From: lane@joeandlane.com X-ELNK-Trace: e56a4b6ca9bdfda11aa676d7e74259b7b3291a7d08dfec79d79e8f0f955abd55d2707dc27b4643ba350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 66.47.111.183 Subject: Re: how do I see security logs without turning on sendmail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 04:49:08 -0000 Tuareg, I can't find the name of the quy who straightened me out on the fuction of squid, but kudo's to him. Clearly squid is not the culprit. But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it is the culprit. First lets have a look at your /etc/crontab file. Specifically we are interested in the lines which contain the term "periodic" If these lines include parameters, which are passed to /usr/sbin/periodic, then they may be the reason for your periodic emails being sent WITHOUT sendmail being enabled by the normal boot process. Take a look at /usr/sbin/periodic. Note that it uses values in /etc/defaults/periodic.conf as well as any override variables in /etc/rc.conf. It could also be overridden in other ways such as by defining the value "source_periodic_confs_defined" and "periodic_conf_files" but this should have already showed up in /etc/rc.conf. While you are examining /usr/sbin/periodic, look for the term "output" In my copy of that script there is a comment that looks like: #Where's our output going? Then there is a "case" block: case "$output" in /*) pipe="cat >>$output";; "") pipe=cat;; *) pipe="mail -s '$host ${arg##*/} run output' $output";; esac If your predecessor had modified this script or, perhaps overridden it using /etc/defaults/periodic.conf, then he may have either changed the *) default case, or supplied parameters from /etc/crontab (or /etc/defaults/periodic.conf) which could invoke sendmail directly. If he used override variables, then he would probably also have added a case for ) pipe="sendmail - " This would account for sendmail being completely disabled in /etc/rc.conf AND for the messages being sent out via sendmail. However, as I read it, the behaviour you have reported would only occur if /usr/sbin/periodic was actually modified, as the use of the "$output" variables does NOT seem to allow for invocation of sendmail directly. And I don't believe that "mail" can force invocation of sendmail (although I may be wrong, as the man page does imply that mail will use any means available to get the message out). If this is the case (i.e. if "mail" is invoking sendmail directly) you could check it by trying to send mail from the command line on one of the servers that actually does what you want it to do. If it works, and if there are NO modifications to /usr/sbin/periodic or override defaults in /etc/defaults/periodic.conf, then it will be safe to assume that this "feature" has been properly quashed in 6.x. You would then need to follow the procedures for setting up sendmail for outgoing-only, as many have already recommended. In any case, the behaviour you desire would only work properly by making the appropriate changes to /etc/mail/.mc, (i.e. SMART_HOST and/or HUB settings), and then running "make install" in /etc/mail. (And this is always going to be the case where sendmail is concerned) I hope this information leads you to a resolution, as it has been a great learning experience for me ... but my brain hurts :) lane