Date: Mon, 15 Jan 2007 11:46:43 -0600 From: Tuareg <tuaregmex@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: how do I see security logs without turning on sendmail? Message-ID: <7a4a15bd0701150946j39f70d33ucf5550786d921383@mail.gmail.com> In-Reply-To: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/5/06, Wasp King <waspking2003@yahoo.com> wrote: > > is there a way that one can specify a log place to see > daily logs like you receive from root@localhost, when > sendmail is turned on? > > there must be a way to enable only local mail > delivery...but I am not sure how.. > > would like to shut down sendmail but want to see > security logs. > > thanks. > > Zach > using FreeBSD 4.2 and sendmail 8.x (maybe). > Well, after many suggestions from you on this topic last months/year... We have tried something that let us sent messages from this servers, but we would like the hear from you, how does this affect the server, we know that this is not the better solution, but it's what it worked for us. Found this link: http://security.uoregon.edu/sendmail/ After reading this part: Turning off 127.0.0.1:25 Altogether The creation of an MSP process allows for some flexibility in client-class mail configuration. Because the MSP has a queue of its own, messages can either be queued or delivered immediately. So in some special cases, a machine can run without a sendmail listener. This however, is an unusual and not-recommended practice. It is merely listed here to elaborate on the differences between MTA's and MSP's. The "submit.mc" and "submit.cf" in this case would be: FEATURE(`msp',`centralmailserver') D{MTAHost}centralmailserver Obviously, it says that it's unusual and not-recommend, but didn't say exactly the reason.. (maybe you can tell me why, because I have knowledge in the configuration of sendmail, can configure it to avoid be used as relay, use of rbl lists, etc, but I'm not exactly an expert). Well, after reading this... went to one of the new servers.. and read /etc/mail/README 1. Designate an alternative host for the submission agent to contact by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC in /etc/make.conf to an alternate .mc file) and using 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line to FEATURE(msp, hostname) where hostname is the fully qualified hostname of the alternative host. So, I modified the respective lines... %cat /etc/mail/freebsd.submit.mc . . . # # This is the FreeBSD configuration for a set-group-ID sm-msp sendmail # that acts as a initial mail submission program. # # divert(0)dnl VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.submit.mc,v 1.1.16.12006/04/13 04:00:23 gshapiro Exp $') define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_INIT_GROUPS', `True')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl dnl dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] FEATURE(`msp', `[my.main.server]')dnl %make install-submit-cf And now, I'm able to receive the e-mail of our monitoring scripts in our main e-mailserver. I compared the file of the old servers, but this method wasn't used, so.. can't tell you yet.. how the old server were modified to be able to send mails without using sendmail as daemon. Here is the result of the tests: %mail -v user@my.main.server Subject: TEST test . EOT user@my.main.server... Connecting to smtp.my.main.server. via relay... 220-my.main.server ESMTP Mail Server. 220-Ready on Mon, 15 Jan 2007 11:32:53 -0600 (CST). >>> EHLO new.monitored.server. 250-my.main.server Hello new.monitored.server [xxx.xxx.xxx.xxx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-SIZE 15000000 250-DSN 250-ONEX 250-ETRN 250-XUSR 250 HELP >>> MAIL From:<user@new.monitored.server> SIZE=50 250 2.1.0 <user@new.monitored.server>... Sender ok >>> RCPT To:<user@my.main.server> 250 2.1.5 <user@my.main.server>... Recipient ok >>> DATA 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 l0FHWrV68053 Message accepted for delivery user@my.main.server... Sent (l0FHWrV123456 Message accepted for delivery) Closing connection to smtp.my.main.server. >>> QUIT 221 2.0.0 my.main.server closing connection tail -f /var/log/maillog Jan 15 11:32:53 monitored sendmail[70665]: l0FHWqLe707332: to= user@my.main.server, ctladdr=user (10001/120), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30050, relay=smtp.my.main.server. [ xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (l0FHWrV123456 Message accepted for delivery) Suggestions on this? P.S. Yes.. I know we can use smmtp, but please remember, what we wanted it's to avoid installing software and open the port 25, just wanted to sent the result of scripts via e-mail. Thanks for your comments/suggestions/and any other stuff... on this "solution" (at least for us)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7a4a15bd0701150946j39f70d33ucf5550786d921383>