From owner-freebsd-questions@FreeBSD.ORG Wed Jan 17 22:12:13 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CF2A16A47C for ; Wed, 17 Jan 2007 22:12:13 +0000 (UTC) (envelope-from tuaregmex@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by mx1.freebsd.org (Postfix) with ESMTP id 9B9E213C457 for ; Wed, 17 Jan 2007 22:12:12 +0000 (UTC) (envelope-from tuaregmex@gmail.com) Received: by nf-out-0910.google.com with SMTP id k27so4527nfc for ; Wed, 17 Jan 2007 14:12:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=NGtiJ5R0iX+5MBioN7jZ6YrI7vNidGxMCWx5+WnoJKudjqQN/k304XJbYNVMVvb+odNkYG2gXM9tWbQ9Ec+SdxGj450wfvDhtk4pziHet3aC75i8McMOsy8GPpw1TCE8TlY8OBa4Tr/4poc8ELwnOmPAGg1BZjB4nnK8DbnoFmU= Received: by 10.49.10.3 with SMTP id n3mr83904nfi.1169071931470; Wed, 17 Jan 2007 14:12:11 -0800 (PST) Received: by 10.48.219.19 with HTTP; Wed, 17 Jan 2007 14:12:11 -0800 (PST) Message-ID: <7a4a15bd0701171412m4a920c9i179c93d78e8996e5@mail.gmail.com> Date: Wed, 17 Jan 2007 16:12:11 -0600 From: Tuareg To: freebsd-questions@freebsd.org In-Reply-To: <7a4a15bd0701151218t2589e706q4a66673fb8f03e0c@mail.gmail.com> MIME-Version: 1.0 References: <20061214064340.B476016A505@hub.freebsd.org> <20061214080822.GA14597@ns.umpquanet.com> <20061214151354.GB98067@gizmo.acns.msu.edu> <7a4a15bd0612151119x55eb1e77m794d5b533f5231db@mail.gmail.com> <7a4a15bd0701151218t2589e706q4a66673fb8f03e0c@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: how do I see security logs without turning on sendmail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jan 2007 22:12:13 -0000 On 1/15/07, Tuareg wrote: > > Sending again... it seems that the list dont want me to send mails from > gmail... :( > > Well, after many suggestions from you on this topic last months/year... > > We have tried something that let us sent messages from this servers, but > we would like the hear from you, how does this affect the server, we know > that this is not the better solution, but it's what it worked for us. > > Found this link: http://security.uoregon.edu/sendmail/ > > After reading this part: > > Turning off 127.0.0.1:25 Altogether > > The creation of an MSP process allows for some flexibility in client-class > mail configuration. Because the MSP has a queue of its own, messages can > either be queued or delivered immediately. So in some special cases, a > machine can run without a sendmail listener. This however, is an unusual and > not-recommended practice. It is merely listed here to elaborate on the > differences between MTA's and MSP's. > > The "submit.mc" and " submit.cf" in this case would be: > > FEATURE(`msp',`centralmailserver') > D{MTAHost}centralmailserver > > > Obviously, it says that it's unusual and not-recommend, but didn't say > exactly the reason.. (maybe you can tell me why, because I have knowledge in > the configuration of sendmail, can configure it to avoid be used as relay, > use of rbl lists, etc, but I'm not exactly an expert). > > Well, after reading this... went to one of the new servers.. and read > /etc/mail/README > > 1. Designate an alternative host for the submission agent to contact > by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC > in /etc/make.conf to an alternate .mc file) and using > 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line > to FEATURE(msp, hostname) where hostname is the fully qualified > hostname > of the alternative host. > > > So, I modified the respective lines... > > %cat /etc/mail/freebsd.submit.mc > . > . > . > > # > # This is the FreeBSD configuration for a set-group-ID sm-msp sendmail > # that acts as a initial mail submission program. > # > # > > divert(0)dnl > VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.submit.mc,v 1.1.16.12006/04/13 04:00:23 gshapiro Exp $') > define(`confCF_VERSION', `Submit')dnl > define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining > define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet > define(`confTIME_ZONE', `USE_TZ')dnl > define(`confDONT_INIT_GROUPS', `True')dnl > define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl > dnl > dnl If you use IPv6 only, change [ 127.0.0.1] to [IPv6:::1] > FEATURE(`msp', `[ my.main.server]')dnl > > %make install-submit-cf > > And now, I'm able to receive the e-mail of our monitoring scripts in our > main e-mailserver. > > I compared the file of the old servers, but this method wasn't used, so.. > can't tell you yet.. how the old server were modified to be able to send > mails without using sendmail as daemon. > > Here is the result of the tests: > > > %mail -v user@my.main.server > Subject: TEST > test > . > EOT > user@my.main.server... Connecting to smtp.my.main.server. via relay... > 220-my.main.server ESMTP Mail Server. > 220-Ready on Mon, 15 Jan 2007 11:32:53 -0600 (CST). > >>> EHLO new.monitored.server. > 250-my.main.server Hello new.monitored.server [xxx.xxx.xxx.xxx], pleased > to meet you > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250-SIZE 15000000 > 250-DSN > 250-ONEX > 250-ETRN > 250-XUSR > 250 HELP > >>> MAIL From:< user@new.monitored.server > SIZE=50 > 250 2.1.0 ... Sender ok > >>> RCPT To:< user@my.main.server> > 250 2.1.5 ... Recipient ok > >>> DATA > 354 Enter mail, end with "." on a line by itself > >>> . > 250 2.0.0 l0FHWrV68053 Message accepted for delivery > user@my.main.server... Sent (l0FHWrV123456 Message accepted for delivery) > Closing connection to smtp.my.main.server. > >>> QUIT > 221 2.0.0 my.main.server closing connection > > > tail -f /var/log/maillog > > Jan 15 11:32:53 monitored sendmail[70665]: l0FHWqLe707332: to= > user@my.main.server, ctladdr=user (10001/120), delay=00:00:01, > xdelay=00:00:01, mailer=relay, pri=30050, relay= smtp.my.main.server. [ > xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (l0FHWrV123456 Message accepted for > delivery) > > > This was done with FreeBSD 6.1 STABLE. > > > Suggestions on this? > > P.S. Yes.. I know we can use smmtp, but please remember, what we wanted > it's to avoid installing software and open the port 25, just wanted to sent > the result of scripts via e-mail. > > Thanks for your comments/suggestions/and any other stuff... on this > "solution" (at least for us) > No comments/suggestions about this?