From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 15:03:47 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0786716A4A7 for ; Thu, 14 Dec 2006 15:03:47 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id E97B243DC5 for ; Thu, 14 Dec 2006 15:00:51 +0000 (GMT) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id kBEExQqX098110; Thu, 14 Dec 2006 09:59:26 -0500 (EST) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id kBEExQHs098109; Thu, 14 Dec 2006 09:59:26 -0500 (EST) (envelope-from jerrymc) Date: Thu, 14 Dec 2006 09:59:26 -0500 From: Jerry McAllister To: Lane Message-ID: <20061214145926.GA98067@gizmo.acns.msu.edu> References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com> <200612131733.32763.lane@joeandlane.com> <200612132251.36352.lane@joeandlane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200612132251.36352.lane@joeandlane.com> User-Agent: Mutt/1.4.2.2i Cc: freebsd-questions@freebsd.org Subject: Re: how do I see security logs without turning on sendmail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Dec 2006 15:03:47 -0000 On Wed, Dec 13, 2006 at 10:51:36PM -0600, Lane wrote: > Tuareg, > > I can't find the name of the quy who straightened me out on the fuction of > squid, but kudo's to him. > > Clearly squid is not the culprit. > > But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it is > the culprit. > > First lets have a look at your /etc/crontab file. Specifically we are > interested in the lines which contain the term "periodic" > > If these lines include parameters, which are passed to /usr/sbin/periodic, > then they may be the reason for your periodic emails being sent WITHOUT > sendmail being enabled by the normal boot process. > > Take a look at /usr/sbin/periodic. Note that it uses values > in /etc/defaults/periodic.conf as well as any override variables > in /etc/rc.conf. It could also be overridden in other ways such as by > defining the value "source_periodic_confs_defined" and "periodic_conf_files" > but this should have already showed up in /etc/rc.conf. > > While you are examining /usr/sbin/periodic, look for the term "output" > > In my copy of that script there is a comment that looks like: > > #Where's our output going? > > Then there is a "case" block: > > case "$output" in > /*) pipe="cat >>$output";; > "") pipe=cat;; > *) pipe="mail -s '$host ${arg##*/} run output' $output";; > esac > > > If your predecessor had modified this script or, perhaps overridden it > using /etc/defaults/periodic.conf, then he may have either changed the *) > default case, or supplied parameters from /etc/crontab > (or /etc/defaults/periodic.conf) which could invoke sendmail directly. If he > used override variables, then he would probably also have added a case for ) > pipe="sendmail - " > > This would account for sendmail being completely disabled in /etc/rc.conf AND > for the messages being sent out via sendmail. However, as I read it, the > behaviour you have reported would only occur if /usr/sbin/periodic was > actually modified, as the use of the "$output" variables does NOT seem to > allow for invocation of sendmail directly. And I don't believe that "mail" > can force invocation of sendmail (although I may be wrong, as the man page > does imply that mail will use any means available to get the message out). > > If this is the case (i.e. if "mail" is invoking sendmail directly) you could > check it by trying to send mail from the command line on one of the servers > that actually does what you want it to do. If it works, and if there are NO > modifications to /usr/sbin/periodic or override defaults > in /etc/defaults/periodic.conf, then it will be safe to assume that > this "feature" has been properly quashed in 6.x. You would then need to > follow the procedures for setting up sendmail for outgoing-only, as many have > already recommended. I haven't followed this whole thread so I may be jumping in to the wrong place, but... Somewhere it is documented - I have read it - that various utilities such as mail invoke single instances of sendmail to transfer their _outgoing only_ messages. I think, in those cases, sendmail clears the mail queue before going away. They do not start sendmail as a daemon or to receive email. Probably some searching will find that documentation. ////jerry > > In any case, the behaviour you desire would only work properly by making the > appropriate changes to /etc/mail/.mc, (i.e. SMART_HOST > and/or HUB settings), and then running "make install" in /etc/mail. (And this > is always going to be the case where sendmail is concerned) > > I hope this information leads you to a resolution, as it has been a great > learning experience for me ... but my brain hurts :) > > lane > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"