From owner-freebsd-questions@FreeBSD.ORG Mon Mar 27 15:44:31 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF8D216A41F for ; Mon, 27 Mar 2006 15:44:30 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2668043D4C for ; Mon, 27 Mar 2006 15:44:30 +0000 (GMT) (envelope-from david.robillard@gmail.com) Received: by wproxy.gmail.com with SMTP id 55so1512116wri for ; Mon, 27 Mar 2006 07:44:29 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=kl2uBLRylB18GQkIPng9DVxLkZVopbHAJHjCZKT6c7RiQzeQCvyOTH7g8LIQFBeLMkAlP3C6EFz+BAMEof4v95TSDAjys+zR1jhnLhYPKGWmR4v1eTog6MBxNu92ydo1EqlpP8DIfc5KczZ3IZnVME8bJ6KfThNg8WUDcBNsPZI= Received: by 10.65.235.4 with SMTP id m4mr2413800qbr; Mon, 27 Mar 2006 07:44:29 -0800 (PST) Received: by 10.64.156.11 with HTTP; Mon, 27 Mar 2006 07:44:29 -0800 (PST) Message-ID: <226ae0c60603270744q1a444c4du9d2e38baaa28f48@mail.gmail.com> Date: Mon, 27 Mar 2006 10:44:29 -0500 From: "David Robillard" To: "FreeBSD Questions Mailing List" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Cc: Jack Stone Subject: Re: Sendmail and Jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2006 15:44:31 -0000 ------------------------------ Message: 23 Date: Sat, 25 Mar 2006 19:32:01 -0500 From: Anish Mistry Subject: Re: Sendmail and Jails To: freebsd-questions@freebsd.org Cc: Jack Stone Message-ID: <200603251932.11154.mistry.7@osu.edu> Content-Type: text/plain; charset=3D"iso-8859-1" On Saturday 25 March 2006 18:42, Jack Stone wrote: > I have been setting up jails on various production servers on > FBSD-6.0 & 4.11. > > I was wondering how/where to configure & avoid the port conficts > for sendmail as follows: > > - main host - all sendmail services in & out (or at least out) > - jail - just outgoing services > > I gather I will need to configure one or the other on a non-std > port as both will try to grab the same ports: 25 & 587 > > Any tips appreciated. Hi Jack, Since all jails and the main host have their own IP address, it is quite easy to do the setup you ask for. The idea here is to tell sendmail(8) on which IP it should bind to. No need to fuss around with ports or anything like that :o) For the sake of example, let's say we have this: main.host.com: 192.168.1.1 jail.host.com: 192.168.1.2 On the main host, make sure you have sendmail_enable=3D"YES" in /etc/rc.conf. This will tell sendmail to run and listen for outside requ= ests. Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1) command is enclosed in back-ticks). sudo vi /etc/mail/`uname -n`.mc Include whatever sendmail(8) MC macro configuration you need and make sure you have this line which tells sendmail(8) to listen on 192.168.1.1 on TCP port 25. DAEMON_OPTIONS(`Port=3D25, Addr=3D192.168.1.1, Name=3DMTA, Family=3Dinet')d= nl Save the `uname -n`.mc file and restart sendmail: cd /etc/mail sudo make install restart Make sure you check /var/log/maillog for any errors. Now for the jails, you only have to configure sendmail in whatever way you need and have this sendmail_enable=3D"NO" in /etc/rc.conf. This tells sendmail to process mail only if it is originating from the localhost. I would recommend configuring each jails as a sendmail null client to your main host. For example: OSTYPE(`freebsd6')dnl FEATURE(`nullclient', `main.host.com')dnl Which will cause all jails to "punt" their mail directly to your main.host.com machine. If you're not sure about which ports are opened by sendmail in the main host or the jails, run the sockstat(1) command. Also, sendmail relies on DNS for everything, so make sure your DNS systems is on par with the various hostnames you use. Otherwise, you'll end up with long boot time and a whole bunch of broken mail problems. Finally, make sure you upgrade sendmail to version 8.13.6 because previous versions contain a vulnerability. Install port mail/sendmail. (this is my sendmail configuration in make.conf) sudo vi /etc/make.conf NO_SENDMAIL=3D true SENDMAIL_CF_DIR=3D/usr/local/share/sendmail/cf .if ${.CURDIR:M*/mail/sendmail} SENDMAIL_WITHOUT_IPV6=3Dyes \ SENDMAIL_WITHOUT_NIS=3Dyes \ SENDMAIL_WITH_TLS=3Dyes \ SENDMAIL_WITH_SMTPS=3Dyes \ SENDMAIL_WITH_SASL=3Dyes \ SENDMAIL_WITH_SASL2=3Dyes \ SENDMAIL_WITH_LDAP=3Dyes \ SENDMAIL_WITH_BERKELEYDB_VER=3D42 \ SENDMAIL_WITH_SOCKETMAP=3Dyes \ # SENDMAIL_WITH_CYRUSLOOKUP=3Dno \ SENDMAIL_WITH_PICKY_HELO_CHECK=3Dyes \ SENDMAIL_WITH_SHARED_MILTER=3Dyes .endif cd /usr/ports/mail/sendmail sudo make install sudo make mailer.conf sudo make clean Check if you're using the right one: sendmail -bt -d0.1 < /dev/null Let me know if you need more assistance. Of course, YMMV. Cheers, David -- David Robillard UNIX systems admin, CISSP