Date: Wed, 13 Dec 2006 13:33:20 -0600 From: Lane <lane@joeandlane.com> To: Tuareg <tuaregmex@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: how do I see security logs without turning on sendmail? Message-ID: <200612131333.20652.lane@joeandlane.com> In-Reply-To: <7a4a15bd0612131112x25e1cc4mcfb85843edcf596@mail.gmail.com> References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> <200612081139.27993.lane@joeandlane.com> <7a4a15bd0612131112x25e1cc4mcfb85843edcf596@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tuareg ... follow to difficult it find I as post top don't please ... to say it another way ... please don't top post, as I find it difficult to follow ... On Wednesday 13 December 2006 13:12, Tuareg wrote: > Hi Lane, > > We have tried that too.. > > We have the same rules that in the other servers where we can send e-mail > without launching sendmail as daemon. > > Anyway we have tried disabling all the rules with: ipfw -f -q flush > > And listing the rules: > > 65535 87358 61876 allow ip from any to any > > > mail -v root@localhost > Subject: test > test. > . > EOT > root@localhost... Connecting to localhost.my.domain. via relay... > root@localhost... Deferred: Operation timed out with localhost.my.domain. > > mail -v user@other.domain.com > Subject: test > test > . > EOT > user@other.domain.com... Connecting to localhost.my.domain. via relay... > user@other.domain.com... Deferred: Operation timed out with > localhost.my.domain. > > > Also searched about sendmail in the BSD FAQ, Handbook, if we should change > some file in /etc/mail, but (maybe should look again?) didn't find anything > about which file should we modify, let's say.. submit.mc? > freebsd.submit.mc? > > Suggestions? > > Thank you for your help. > > On 12/8/06, Lane <lane@joeandlane.com> wrote: > > On Friday 08 December 2006 11:16, Tuareg wrote: > > > On 12/5/06, Lane <lane@joeandlane.com> wrote: > > > > On Tuesday 05 December 2006 21:49, Wasp King wrote: > > > > > is there a way that one can specify a log place to see > > > > > daily logs like you receive from root@localhost, when > > > > > sendmail is turned on? > > > > > > > > > > there must be a way to enable only local mail > > > > > delivery...but I am not sure how.. > > > > > > > > > > would like to shut down sendmail but want to see > > > > > security logs. > > > > > > > > > > thanks. > > > > > > > > > > Zach > > > > > using FreeBSD 4.2 and sendmail 8.x (maybe). > > > > _________________________________________________________________________ > > > > > >__ IIRC, sendmail has three controlling values in /etc/rc.conf: > > > > > > > > sendmail_enable="YES" > > > > sendmail_enable="NO" > > > > and > > > > sendmail_enable="NONE" > > > > > > > > The third value, "NONE," causes the boot process to ignore any > > > > attempt > > > > to > > > > > > start sendmail. > > > > > > > > The second value, "NO," causes the boot process to start sendmail for > > > > "local > > > > delivery, only" (i.e. do NOT accept inbound connections from external > > > > hosts). > > > > > > > > The first value, "YES," causes the boot process to start sendmail for > > > > outgoing > > > > and incoming SMTP connections. > > > > > > > > There are many "tweaks" that you can use in /etc/rc.conf - (refer > > > > to /etc/defaults/rc.conf) - that will allow various flavors of > > > > sendmail > > > > > > usage. See also, /etc/rc.sendmail. > > > > > > > > In your case sendmail_enable="NO" should allow the local system to > > > > send "periodic" information to root@localhost, or whatever alias you > > > > use > > > > > > in /etc/mail/aliases, while disallowing external hosts from sending > > > > email > > > > > > by > > > > way of the local host. Note that this requires that you pay heed > > > > to /etc/mail/Makefile and associated README documentation > > > > in /usr/src/contrib/sendmail and below. > > > > > > > > Best of luck! > > > > > > > > > > > > lane > > > > > > Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x, > > > > this > > > > > servers are enable to send mail but the daemon of sendmail is not > > > > launched. > > > > > Now, we have installed FreeBSD 6.1 STABLE, but can't reply this schema. > > > > > > Which file needs to be modified in /etc/mail to allow the server to > > > send emails to our real mailserver so we can receive the results of > > > some > > > > scripts > > > > > without launching the daemon of sendmail? > > > > > > We have tried using sendmail="NO", in rc.conf, but we only get this > > > messages: > > > > > > user@mydomain.com... Connecting to [127.0.0.1] via relay... > > > user@mydomain.com... Deferred: Permission denied > > > > > > Thank you for your help in advance. > > > _______________________________________________ > > > freebsd-questions@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > > To unsubscribe, send any mail to > > > "freebsd-questions-unsubscribe@freebsd.org" > > > > Tuareg, > > > > Your problem is likely related to ipfw, or "firewall_type", > > "firewall_enable" > > in /etc/rc.conf. > > > > The "permission denied" error implies that your firewall ruleset is > > preventing > > the outgoing connection. Try: > > > > ipfw show > > > > to see your current firewall rules. > > > > Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get some > > more > > information on the firewall issues. > > > > When you've gotten that resolved you should have enough information to > > get sendmail working the way you want. > > > > lane > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" Tuareg, What happens when you do this: telnet localhost Does the connection time out? Or do you get a sendmail prompt? I'm sort of mixed up on the order of the posts, here. But let me see if I can rephrase the problem .... and then possibly help you find a solution ... It seems to me that the problem is that you cannot determine how to make FreeBSD 6.x do like other hosts under your influence, so that it will send email from root@localhost to another (possibly a hub) server? Is that correct? First I assume that these other FreeBSD installations are also using sendmail. If that is NOT correct then your best hope is to replicate your mta configuration from those other hosts. In fact that might not be a bad idea regardless of what they are running :) But again, assuming you want to run sendmail and ONLY allow the localhost to transmit out to another host for collection and/or distribution, enter this value into /etc/rc.conf: sendmail_enable="NO" Now edit /etc/mail/freebsd.mc. Locate the term "SMART_HOST," uncomment that line, and enter the IP address or fully qualified domain name of your upstream server in place of 'your.isp.mail.server' Note: If 'your.isp.mail.server' is NOT resolvable on the localhost, then you must use the IP address. When you use the IP address, you must put it in [square brackets], like [192.168.2.1]. Now from /etc/mail, type make all install then shutdown and restart the server using your method of choice, or just type /etc/rc.d/sendmail restart And try to send email again. All should work now. But you must remember to configure the TARGET mail server to allow this host to send. I'll leave that as an exercise for you. lane
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612131333.20652.lane>