From owner-freebsd-questions@FreeBSD.ORG Mon Mar 27 17:47:50 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D07E616A41F for ; Mon, 27 Mar 2006 17:47:50 +0000 (UTC) (envelope-from antennex@hotmail.com) Received: from hotmail.com (bay106-f12.bay106.hotmail.com [65.54.161.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5558243D46 for ; Mon, 27 Mar 2006 17:47:49 +0000 (GMT) (envelope-from antennex@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 27 Mar 2006 09:47:48 -0800 Message-ID: Received: from 65.54.161.200 by by106fd.bay106.hotmail.msn.com with HTTP; Mon, 27 Mar 2006 17:47:47 GMT X-Originating-IP: [65.68.247.73] X-Originating-Email: [antennex@hotmail.com] X-Sender: antennex@hotmail.com In-Reply-To: <226ae0c60603270744q1a444c4du9d2e38baaa28f48@mail.gmail.com> From: "Jack Stone" To: david.robillard@gmail.com, freebsd-questions@freebsd.org Date: Mon, 27 Mar 2006 11:47:47 -0600 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 27 Mar 2006 17:47:48.0902 (UTC) FILETIME=[90109C60:01C651C6] Cc: Subject: Re: Sendmail and Jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Mar 2006 17:47:50 -0000 >From: "David Robillard" >To: "FreeBSD Questions Mailing List" >CC: "Jack Stone" >Subject: Re: Sendmail and Jails >Date: Mon, 27 Mar 2006 10:44:29 -0500 > >------------------------------ > >Message: 23 >Date: Sat, 25 Mar 2006 19:32:01 -0500 >From: Anish Mistry >Subject: Re: Sendmail and Jails >To: freebsd-questions@freebsd.org >Cc: Jack Stone >Message-ID: <200603251932.11154.mistry.7@osu.edu> >Content-Type: text/plain; charset="iso-8859-1" > >On Saturday 25 March 2006 18:42, Jack Stone wrote: > > I have been setting up jails on various production servers on > > FBSD-6.0 & 4.11. > > > > I was wondering how/where to configure & avoid the port conficts > > for sendmail as follows: > > > > - main host - all sendmail services in & out (or at least out) > > - jail - just outgoing services > > > > I gather I will need to configure one or the other on a non-std > > port as both will try to grab the same ports: 25 & 587 > > > > Any tips appreciated. > >Hi Jack, > >Since all jails and the main host have their own IP address, it is >quite easy to do the setup you ask for. The idea here is to tell >sendmail(8) on which IP it should bind to. No need to fuss around with >ports or anything like that :o) > >For the sake of example, let's say we have this: > >main.host.com: 192.168.1.1 >jail.host.com: 192.168.1.2 > >On the main host, make sure you have > >sendmail_enable="YES" > >in /etc/rc.conf. This will tell sendmail to run and listen for outside >requests. >Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1) >command is enclosed in back-ticks). > >sudo vi /etc/mail/`uname -n`.mc > >Include whatever sendmail(8) MC macro configuration you need and make >sure you have this line which tells sendmail(8) to listen on >192.168.1.1 on TCP port 25. > >DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl > >Save the `uname -n`.mc file and restart sendmail: > >cd /etc/mail >sudo make install restart > >Make sure you check /var/log/maillog for any errors. > >Now for the jails, you only have to configure sendmail in whatever way >you need and have this > >sendmail_enable="NO" > >in /etc/rc.conf. This tells sendmail to process mail only if it is >originating from the localhost. I would recommend configuring each >jails as a sendmail null client to your main host. For example: > >OSTYPE(`freebsd6')dnl >FEATURE(`nullclient', `main.host.com')dnl > >Which will cause all jails to "punt" their mail directly to your >main.host.com machine. > >If you're not sure about which ports are opened by sendmail in the >main host or the jails, run the sockstat(1) command. > >Also, sendmail relies on DNS for everything, so make sure your DNS >systems is on par with the various hostnames you use. Otherwise, >you'll end up with long boot time and a whole bunch of broken mail >problems. > >Finally, make sure you upgrade sendmail to version 8.13.6 because >previous versions contain a vulnerability. Install port mail/sendmail. >(this is my sendmail configuration in make.conf) > >sudo vi /etc/make.conf > >NO_SENDMAIL= true > >SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf > >.if ${.CURDIR:M*/mail/sendmail} >SENDMAIL_WITHOUT_IPV6=yes \ >SENDMAIL_WITHOUT_NIS=yes \ >SENDMAIL_WITH_TLS=yes \ >SENDMAIL_WITH_SMTPS=yes \ >SENDMAIL_WITH_SASL=yes \ >SENDMAIL_WITH_SASL2=yes \ >SENDMAIL_WITH_LDAP=yes \ >SENDMAIL_WITH_BERKELEYDB_VER=42 \ >SENDMAIL_WITH_SOCKETMAP=yes \ ># SENDMAIL_WITH_CYRUSLOOKUP=no \ >SENDMAIL_WITH_PICKY_HELO_CHECK=yes \ >SENDMAIL_WITH_SHARED_MILTER=yes >.endif > >cd /usr/ports/mail/sendmail >sudo make install >sudo make mailer.conf >sudo make clean > >Check if you're using the right one: > >sendmail -bt -d0.1 < /dev/null > >Let me know if you need more assistance. Of course, YMMV. > >Cheers, > >David > > >-- >David Robillard >UNIX systems admin, CISSP David: Thank you so much for this detailed "howto" on my question of configuring sendmail to handle both the main host and a jail on the same ports -- the info I found in the sendmail readme said to use different ports, (like 925 & 987) but if you advice works, this is great! I wondered how I was going to use a bunch of jails without jumping thru hoops! Thanks again. _________________________________________________________________ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/