Date: Sun, 9 Mar 2003 09:14:29 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@FreeBSD.ORG Subject: Re: (send)mailing from jail-host to jail Message-ID: <20030309091429.GA81043@happy-idiot-talk.infracaninophi> In-Reply-To: <20030308234745.Q94847-100000@mail.econolodgetulsa.com> References: <20030308234745.Q94847-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 08, 2003 at 11:53:20PM -0800, Josh Brooks wrote:
>
> system A is a normal freeBSD system with two IP addresses.
>
> system B is a jail on system A, using the second IP.
>
> When I send mail from A to B, i get an error saying that the MX record
> points back to myself.
>
> Presumably this is because sendmail running on jail-host takes account of
> both ips when it starts, and thinks both iPs belong to it.
>
> So, how can I start sendmail on system A so that it only thinks of
> itself as encompassing the first IP ?
On the host system, configure sendmail MTA to only bind to the
principal host's IP address and to the loopback address by including
the following lines in /etc/mail/`hostname`.mc:
FEATURE(no_default_msa)dnl ## overridden with DAEMON_OPTIONS below
DAEMON_OPTIONS(`Name=IPv4, Addr=123.45.67.89, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv4, Addr=127.0.0.1, Family=inet')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=123.45.67.89, Port=587, M=E')dnl
DAEMON_OPTIONS(`Name=MSA, Addr=127.0.0.1, Port=587, M=E')dnl
DAEMON_OPTIONS(`Name=IPv6, Addr=::1, Family=inet6')dnl
On the jailed system, you'll find that you can have sendmail listening
on the loopback address. That means you'll have to modify the config
for both the sendmail MTA and MSP instances. Lets start with the
sendmail MSP. You need to force mail submission through the external
IP rather than the loopback address:
--- freebsd.submit.mc Wed Feb 19 17:30:09 2003
+++ arbitrary.submit.mc Wed Feb 19 17:50:39 2003
@@ -22,5 +22,4 @@
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
dnl
-dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
-FEATURE(`msp', `[127.0.0.1]')dnl
+FEATURE(`msp', `[smtp.example.com]', `MSA')dnl
(Nb. the [square brackets] in the above serve to suppress sendmail's
usual lookup of MX records for the destination address. That's
usually what you want in this situation.)
Now, 'smtp.example.com' can be on a completely different server, or on
the host environment of your jail server or it can presumably be an
instance of sendmail MTA running in your jail, although I haven't
personally tried that last variant. If the sendmail MTA you pipe the
messages into isn't in your jail system, then you don't need to run a
sendmail MTA in the jail at all, which you can do with something like
the following in the jail's /etc/rc.conf:
sendmail_enable="NO"
sendmail_msp_queue_enable="YES"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
If you try to run a senamil MTA inside the jail, you'll need to change
the DAEMON_OPTIONS() as above, except leaving out the bindings to the
loopback addresses 127.0.0.1 and ::1
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030309091429.GA81043>