From owner-freebsd-questions@FreeBSD.ORG Sat Apr 27 08:39:50 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 9ACBC319 for ; Sat, 27 Apr 2013 08:39:50 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 2F08212EB for ; Sat, 27 Apr 2013 08:39:50 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.7/8.14.7) with ESMTP id r3R8dk4a020314 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sat, 27 Apr 2013 09:39:46 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.8.2 smtp.infracaninophile.co.uk r3R8dk4a020314 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1367051986; bh=3oxNIipW6cMlIwQey7ZVxHVLNBqy1gZ4Aizy9xDV3kQ=; h=Date:From:To:Subject:References:In-Reply-To; z=Date:=20Sat,=2027=20Apr=202013=2009:39:46=20+0100|From:=20Matthew =20Seaman=20|To:=20freebsd-questi ons@freebsd.org|Subject:=20Re:=20Sendmail=20=208.14.5/8.14.5=20on= 20fbsd-9.1R=20(EC2)|References:=20<20130426153728.M27769@ezo.net>| In-Reply-To:=20<20130426153728.M27769@ezo.net>; b=C/9nwe+qzrnW5M6CiNqBmwBkVCmwxACOjRXdemnXLAoYnH/ix3x6i82Da74Ah0eMT Slioq/TgPESA+nucQ47r7622Gss9urTvoS4mBh5nPXdbLa26yvNEfzkQI/yAuEHsWU p9OCRSQEgIzWQLYcVXAOiuXn3CpSOl0u2a5XQtQ4= Message-ID: <517B8ED2.3060103@infracaninophile.co.uk> Date: Sat, 27 Apr 2013 09:39:46 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2) References: <20130426153728.M27769@ezo.net> In-Reply-To: <20130426153728.M27769@ezo.net> X-Enigmail-Version: 1.5.1 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2GHDKERQQKKTSNDKPJIRW" X-Virus-Scanned: clamav-milter 0.97.8 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Apr 2013 08:39:50 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2GHDKERQQKKTSNDKPJIRW Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 26/04/2013 16:51, jflowers wrote: > All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have= no > sendmail process listen on the server interface. That's being done by = assp > which proxies messages to 127.0.0.1:1025. Unfortunately, I haven't bee= n able > to figure out how to turn off the default. Sockstat shows: >=20 > root sendmail 1672 4 tcp4 *:25 *:* > root sendmail 1672 5 tcp6 *:25 *:* > root sendmail 1672 6 tcp4 127.0.0.1:1025 *:* > root sendmail 1672 7 tcp4 111.222.333.444:587 *:* >=20 > The relevant mc entries are: >=20 > DAEMON_OPTIONS(`Name=3DIPv4, Family=3Dinet') > DAEMON_OPTIONS(`Name=3DIPv6, Family=3Dinet6, Modifiers=3DO') > DAEMON_OPTIONS(`Port=3D1025, Addr=3D127.0.0.1, Name=3DMTA') > VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains') > FEATURE(`no_default_msa') > DAEMON_OPTIONS(`Port=3D587, Addr=3D 111.222.333.444, Name=3DMSA, M=3DE'= ) >=20 > The MSA isn't strictly necessary now but I thought might have a future = use. >=20 > So, what am I missing? How do I turn *:25 off so that when assp goes d= own (as > it frequently does) I'm not running an open relay (all user/domain vali= dation > is done in assp). >=20 > Any pointers in the right direction appreciated. You pretty much already have the answer already. Add 'Addr=3D127.0.0.1' or 'Addr=3D::1' clauses to your first two DAEMON_OPTIONS lines. That wil= l limit sendmail to listening on port 25 only on the loopback interface. Or indeed, remove those two lines entirely to leave sendmail only listening on port 587. This should not prevent sendmail from sending outgoing messages, but will prevent any incoming. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matthew@infracaninophile.co.uk ------enig2GHDKERQQKKTSNDKPJIRW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlF7jtIACgkQ8Mjk52CukIwrMQCeOOs7vt2y6OvMv4DrsC0nA/XT WgYAoIQIltHNIEO5J40DTkTCHCeFqB8d =estq -----END PGP SIGNATURE----- ------enig2GHDKERQQKKTSNDKPJIRW--