Date: Tue, 22 May 2007 11:12:56 +1000 From: Mikhail Goriachev <mikhailg@webanoide.org> To: Maxim Khitrov <mkhitrov@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Sendmail ignores hosts.allow Message-ID: <46524398.5000802@webanoide.org> In-Reply-To: <26ddd1750705211744o5cc1189xa729c97636a32f41@mail.gmail.com> References: <26ddd1750705211537j78ed83fdm921f7f5e5df5c4@mail.gmail.com> <46522BE0.4080407@webanoide.org> <26ddd1750705211652q500f95a1t15280ca017ed46df@mail.gmail.com> <20070521201142.Y86945@fledge.watson.org> <26ddd1750705211744o5cc1189xa729c97636a32f41@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Maxim Khitrov wrote: > On 5/21/07, doug <doug@fledge.watson.org> wrote: >> sendmail_enable="NO" means there is no sendmail daemon running. You can verify >> this via "ps -aux | grep sendmail". Remove that statement. Without a reboot you >> can start sendmail by cd /etc/mail; make start. >> >> Unless you have changed the freebsd.mc file and done a 'make install' I do not >> believe sendmail will accept from any connections except except on 127.0.0.1 >> (localhost). This is what you want I think. If that's it as others have said, >> there is no reason to use the hosts.allow mechanism. This is independent of the >> jail environment. >> >> sockstat|grep sendmail >> >> and you can see whats going on. >> > > Not the case for me, having sendmail_enable="NO" and not having it in > rc.conf results in the same behavior. Here's sendmail rcvar output: Same behaviour because sendmail_enable="NO" is already present in /etc/defaults/rc.conf so putting in /etc/rc.conf or removing it from there is the same thing. > Without sendmail_enable in rc.conf: > # sendmail > $sendmail_enable=NO > # sendmail_submit > $sendmail_submit_enable=YES > # sendmail_clientmqueue > $sendmail_msp_queue_enable=YES > > With sendmail_enable="NO": > # sendmail > $sendmail_enable=NO > # sendmail_submit > $sendmail_submit_enable=YES > # sendmail_clientmqueue > $sendmail_msp_queue_enable=YES > > With sendmail_enable="NONE": > # sendmail > $sendmail_enable=NO > # sendmail_clientmqueue > $sendmail_msp_queue_enable=NO > > So the first two are identical (I don't see why they wouldn't be). As > for the sendmail daemon, here's what grep tells me after the server is > started: > > root@vps [/]# ps -aux | grep sendmail > smmsp 16473 0.0 0.1 3384 2276 ?? IsJ 4:47PM 0:00.00 > sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail > root 20951 0.0 0.1 3484 2480 ?? SsJ 5:37PM 0:00.00 > sendmail: accepting connections (sendmail) > root 21303 0.0 0.0 1592 912 pn S+J 5:37PM 0:00.00 grep sendmail > > And here's sockstat output: > > root@vps [/]# sockstat -l4 > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > root sendmail 20951 4 tcp4 <ip>:25 *:* > root syslogd 45182 6 udp4 <ip>:514 *:* > root sshd 60371 3 tcp4 <ip>:22 *:* > > As you can see, sendmail is happily listening for all incoming > connections with the "NO" setting. If it would only listen on > localhost, then that would be the end of my problems. However, > remember that the jail environment doesn't have localhost. In other > words 127.0.0.1 does not refer to the jail. Loopback for me is the > server's wan ip (hey that rhymes :), which is why I think that not > having 127.0.0.1 may be confusing to sendmail. There you go. You just answered yourself. -- Mikhail Goriachev Webanoide Telephone: +61 (0)3 62252501 Mobile Phone: +61 (0)4 38255158 E-Mail: mikhailg@webanoide.org Web: www.webanoide.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46524398.5000802>