Date: Sat, 26 Aug 2006 20:33:18 -0400 From: Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org> To: Dirk Engling <erdgeist@erdgeist.org> Cc: hackers@freebsd.org Subject: Re: jails, cron and sendmail Message-ID: <17648.59470.572563.377998@bhuda.mired.org> In-Reply-To: <44F0E38F.5030809@erdgeist.org> References: <44F0E38F.5030809@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In <44F0E38F.5030809@erdgeist.org>, Dirk Engling <erdgeist@erdgeist.org> typed: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > I have the following problem: since I need and do not like any kind of > smtp activity in my jails (there's no 127.0.0.1 in a jail, all services > listen to the jails external interface), I put those lines into my > /etc/rc.conf: > > sendmail_enable="NO" > sendmail_outbound_enable="NO" > sendmail_submit_enable="NO" You may want sendmail_msp_queue_enable="NO" as well. sendmail_enable="NONE" is a shorthand for turning all four of them off, though I believe it's been depreciated. > this works fine: nothing listening on the jails interface... except that > cron tries to deliver its status mails and fails. > > While failing, sendmail seems to hog cpu and finally floods > /var/spool/clientmqueue and /var/log/maillog. > > My quick fix now is to replace /usr/libexec/sendmail/sendmail with > /usr/bin/true in /etc/mail/mailer.conf, however: it seems problematic > that cron insists on a mail sub system, when all it should do is execute > stuff periodically. There should be an option to let it only log to a file. And to which crontab file and lines should the option apply? > For my jails this would make sense, too: I never read root's mails > locally, anyway. > > Am I missing the obvious solution here? Posibly. Worse yet, you're missing some obvious problems. cron mails any output from each line to someone - exactly who depends on which crontab file it is, and if it specifies a user to run as. Replacing all of those with a single log file isn't generally very useful. A syslog hook of some kind might be work. In any case, you can fix each line in a crontab to not send mail by redirecting it's output - both stdout and stderr - to a file. Except some of the things run from cron want to send mail all on their own, so fixing cron won't solve your problem. Why are you running cron inside the jails at all? Are you letting your users run it? If not, can you disable it, and instead run scripts from your real crontab that do the appropriate thigns in each jail? <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17648.59470.572563.377998>