Date: Wed, 15 Aug 2001 19:24:30 -0500 From: "Scot W. Hetzel" <hetzels@westbend.net> To: <security@FreeBSD.ORG> Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <016b01c125e9$e9c82420$11fd2fd8@westbend.net> References: <200108151940.f7FJepc73604@hak.lan.Awfulhak.org> <p0510100cb7a09144a1c3@[128.113.24.47]> <20010815170217.F14206@pir.net>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Peter Radcliffe" <pir@pir.net>
> Garance A Drosihn <drosih@rpi.edu> probably said:
> > "cron'd events", such as if you add your own cron jobs, cron will
> > email you if the process fails, or output from the process when
> > it succeeds (depending on how you have the job setup). Cron itself
> > expects it can send mail. So does lpd (if a user does 'lpr -m',
> > for instance).
>
> So why can't we run sendmail by default, just with no '-bd' option
> so it doesn't listen on port 25. Local mail will get delivered,
> it's not a remote security problem ...
>
With the latest changes in 4.4-PRERELEASE, rc, rc.conf have options to setup
the server for outbound only mode:
sendmail_enable="YES" # Run the sendmail inbound daemon (or NO).
sendmail_flags="-bd -q30m" # Flags to sendmail (as a server)
sendmail_outbound_enable="NO" # Dequeue stuck mail (or YES).
sendmail_outbound_flags="-q30m" # Flags to sendmail (outbound only)
So setting "sendmail_enable" to "NO" and setting "sendmail_outbound_enable"
to "Yes" will accomplish this task.
All that's needed is to fix sysinstall to choose 3 modes for sendmail:
1. Normal mode
2. Queue mode
3. Disabled
Scot
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?016b01c125e9$e9c82420$11fd2fd8>