From owner-freebsd-questions@FreeBSD.ORG Fri Feb 27 18:55:10 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48A7B10656D3 for ; Fri, 27 Feb 2009 18:55:10 +0000 (UTC) (envelope-from mikhailg@webanoide.org) Received: from msa.vap.navalradio.cl (smtp.vap.navalradio.cl [201.236.67.147]) by mx1.freebsd.org (Postfix) with ESMTP id B6DBF8FC12 for ; Fri, 27 Feb 2009 18:55:09 +0000 (UTC) (envelope-from mikhailg@webanoide.org) Received: from [172.18.80.120] ([172.18.80.120]) (authenticated bits=0) by msa.vap.navalradio.cl (8.14.2/8.14.2) with ESMTP id n1RIt7c5026783; Fri, 27 Feb 2009 18:55:07 GMT (envelope-from mikhailg@webanoide.org) Message-ID: <49A83702.90901@webanoide.org> Date: Fri, 27 Feb 2009 15:54:58 -0300 From: Mikhail Goriachev Organization: Webanoide User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: Kirk Strauser References: <200902270949.22494.kirk@strauser.com> In-Reply-To: <200902270949.22494.kirk@strauser.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Disabling inbound email in a jail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 18:55:12 -0000 Kirk Strauser wrote: > I only want sendmail in a jail to do one thing: forward nightly reports from root@localhost to a real account on another > machine. What's the proper way to configure this? Edit /etc/mail/aliases. All reports are pointed to root. But you can point it anywhere you want: root: someaccount@example.org After that execute: # newaliases and you're done. No sendmail_enable is required or whatsoever in the /etc/rc.conf. By default, sendmail_enable="NO" in /etc/rc.conf still gives a > running sendmail that accepts mail from other hosts: > > me@realhost$ echo foo | mail me@jail.example.com This shouldn't have worked. By default you should've received "stat=Deferred: Connection refused by jail.example.com". This is the case if you're sending from a physically different machine to another machine's jail. By default sendmail listens only on localhost and doesn't accept outside connections. It is only used for internal submission, such as daily reports. If you're sending from a host to its jail, then this is another story. In most cases you'll get some unexpected results. > me@jail.example.com$ tail -f /var/log/maillog > Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: from=, size=735, class=0, > nrcpts=1, msgid=<20090227154335.877A442071@realhost>, bodytype=7BIT, proto=ESMTP, daemon=Daemon0, > relay=jail.example.com [10.0.5.70] > Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: to=, delay=00:00:00, > xdelay=00:00:00, mailer=local, pri=30983, relay=local, dsn=2.0.0, stat=Sent > > However, if I set sendmail_enable="NONE", then I can't send outbound email either: > > me@jail.example.com$ echo foo | mail me@realhost > me@jail.example.com$ tail -f /var/log/maillog > Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, size=28, class=0, nrcpts=1, > msgid=<200902271537.n1RFbbg3086513@jail.example.com>, relay=me@localhost > Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: to=me@realhost, ctladdr=me (1001/1001), > delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, > stat=Deferred: Connection refused by [127.0.0.1] > > What's the happy medium between "sendmail wide open" (eg sendmail_enable="NO" (WTF?)) and "disabled mail > system" (eg sendmail_enable="NONE")? sendmail_enable="YES" accepts outside and local connections sendmail_enable="NO" (the default) accepts local connections only sendmail_enable="NONE" doesn't start the daemon, sendmail is off Have a look at /etc/rc.d/sendmail for further hints. Regards, Mikhail