Date: Mon, 10 Mar 2003 09:08:26 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: (send)mailing from jail-host to jail Message-ID: <20030310090826.GB89038@happy-idiot-talk.infracaninophi> In-Reply-To: <20030309165946.F94847-100000@mail.econolodgetulsa.com> References: <20030309165946.F94847-100000@mail.econolodgetulsa.com>
index | next in thread | previous in thread | raw e-mail
On Sun, Mar 09, 2003 at 05:09:09PM -0800, Josh Brooks wrote:
>
> First off, thank you for your help. Here is what I did:
>
> first, I edited /etc/mail/freebsd.mc and made it look like this:
>
> dnl Uncomment both of the following lines to listen on IPv6 as well as
> dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
> dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6')
> FEATURE(no_default_msa)
> DAEMON_OPTIONS(`Name=IPv4, Addr=10.10.2.10, Family=inet')
> DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet')
> DAEMON_OPTIONS(`Name=MSA, Addr=10.10.2.10, Port=587, M=E')
> DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E')
> DAEMON_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6')
>
> Then I did:
>
> cd /etc/mail
> make all
> make install
>
> And I verified that it went into sendmail.cf by looking at these lines
> that are now in sendmail.cf:
>
> # SMTP daemon options
>
> O DaemonPortOptions=Name=IPv4, Addr=10.10.2.10, Family=inet
> O DaemonPortOptions=Name=IPv4, Addr=127.0.0.1, Family=inet
> O DaemonPortOptions=Name=MSA, Addr=10.10.2.10, Port=587, M=E
> O DaemonPortOptions=Name=MSA, Addr=127.0.0.1, Port=587, M=E
> O DaemonPortOptions=Name=IPv6, Addr=::1, Family=inet6
>
> Then I:
>
> /bin/sh /etc/rc.sendmail restart
>
>
> And there was no change in the behavior. When I send mail from the
> jail-host to the jail, I get a return mail saying "MX record for jail
> points back to jail-host" (which by the way, is patently WRONG - the mx
> record for jail resolves to X, and X is NOT jail-host...)
Hmmm... The point with the DAEMON_OPTIONS stuff is to make sendmail
bind to just the IP numbers for the host system and not to the
jails. What do you get from running:
% sockstat | grep sendmail
I've got a jailed setup much like the one you want to set up, and I get:
% sockstat | grep sendmail
root sendmail 17330 4 tcp4 81.2.69.218:25 *:*
root sendmail 17330 5 tcp4 127.0.0.1:25 *:*
root sendmail 17330 6 tcp4 81.2.69.218:587 *:*
root sendmail 17330 7 tcp4 127.0.0.1:587 *:*
root sendmail 17330 8 tcp6 ::1:25 *:*
smmsp sendmail 62897 3 dgram syslogd[62885]:3
root sendmail 17330 3 dgram syslogd[98]:3
smmsp sendmail 17329 3 dgram syslogd[98]:3
Where PID 62897 is the sendmail MSP queue runner in the jail. Note
that in this setup, nothing binds to and listens on any network ports
from within the jail.
> Also, I noticed in /var/log/maillog that when sendmail starts, it does
> a reverse lookup on all the IPs on the system, and it fails on one of them
> - leaving me a:
>
> Mar 9 16:44:25 www sm-mta[10541]: gethostbyaddr(10.10.2.12) failed: 1
>
> And this shows that sendmail is not doing what I tell it to in freebsd.mc-
> because if it was, it would NOT CARE AT ALL about that other IP on the
> system and whether or not it can reverse it, since as far as sendmail
> should be concerned, that IP does not exist.
Hmmm... I also have:
define(`confDOMAIN_NAME', `smtp.infracaninophile.co.uk')dnl
in my .mc file: that may stop sendmail trying to reverse lookup all
it's interfaces in an attempt to work out what its FQDN is.
> But, as you can see, it is continuing to care about other IPs on the box,
> such that it complains about an unrelated IP not being reversible, and
> continues to complain that the mx list for jail points back to jail-host
> (presumably because what jail _does_ resolve to is an IP it sees itself as
> owning...)
That can be because sendmail finds itself unexpectedly receiving the
message it thinks it is sending off to the next hop for further
processing. It usually means that the /etc/mail/local_host_names file
needs to be adjusted, but that may not be the case here.
> So ... is there any way to get this to work ?The only way I can find is to
> unconfig the network interface for the IP of `jail` and then start
> sendmail, and then reconfig the jail IP. That works, but it is incredibly
> lame.
Well, it works for me. I'd be interested to find out if the
confDOMAIN_NAME thing is significant. If so, then it seems that I
must have lucked out to have stumbled on that accidentally.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030310090826.GB89038>