From owner-freebsd-questions@FreeBSD.ORG Fri Feb 27 16:12:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42C411065715 for ; Fri, 27 Feb 2009 16:12:22 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from smtp.3dresearch.com (dorabella.3dresearch.com [66.167.251.2]) by mx1.freebsd.org (Postfix) with ESMTP id 106508FC08 for ; Fri, 27 Feb 2009 16:12:21 +0000 (UTC) (envelope-from web@3dresearch.com) Received: from fracasso.3dresearch.com (pool-96-236-181-134.pitbpa.east.verizon.net [96.236.181.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vmail.3dresearch.com (Postfix) with ESMTP id 71BEAF708A; Fri, 27 Feb 2009 11:12:20 -0500 (EST) Received: from fracasso.3dresearch.com (fracasso.3dresearch.com [10.61.70.2]) by fracasso.3dresearch.com (Postfix) with ESMTP id D9B1117267; Fri, 27 Feb 2009 11:12:19 -0500 (EST) From: Janos Dohanics Organization: 3D RESEARCH To: Kirk Strauser Date: Fri, 27 Feb 2009 11:12:18 -0500 User-Agent: KMail/1.9.7 References: <200902270949.22494.kirk@strauser.com> In-Reply-To: <200902270949.22494.kirk@strauser.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200902271112.18992.web@3dresearch.com> Cc: freebsd-questions@freebsd.org Subject: Re: Disabling inbound email in a jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 16:12:22 -0000 On Friday 27 February 2009 10:49:22 am Kirk Strauser wrote: > I only want sendmail in a jail to do one thing: forward nightly reports > from root@localhost to a real account on another machine. What's the > proper way to configure this? By default, sendmail_enable="NO" in > /etc/rc.conf still gives a running sendmail that accepts mail from other > hosts: > > me@realhost$ echo foo | mail me@jail.example.com > > me@jail.example.com$ tail -f /var/log/maillog > Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: > from=, size=735, class=0, nrcpts=1, > msgid=<20090227154335.877A442071@realhost>, bodytype=7BIT, proto=ESMTP, > daemon=Daemon0, relay=jail.example.com [10.0.5.70] > Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: > to=, delay=00:00:00, xdelay=00:00:00, mailer=local, > pri=30983, relay=local, dsn=2.0.0, stat=Sent > > However, if I set sendmail_enable="NONE", then I can't send outbound email > either: > > me@jail.example.com$ echo foo | mail me@realhost > me@jail.example.com$ tail -f /var/log/maillog > Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, > size=28, class=0, nrcpts=1, > msgid=<200902271537.n1RFbbg3086513@jail.example.com>, relay=me@localhost > Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: > to=me@realhost, ctladdr=me (1001/1001), delay=00:00:00, xdelay=00:00:00, > mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, > stat=Deferred: Connection refused by [127.0.0.1] > > What's the happy medium between "sendmail wide open" (eg > sendmail_enable="NO" (WTF?)) and "disabled mail system" (eg > sendmail_enable="NONE")? You might want to disable sendmail and use mail/ssmtp - it's meant for scenarios just like yours. -- Janos Dohanics