Date: Thu, 14 Dec 2006 09:59:26 -0500 From: Jerry McAllister <jerrymc@msu.edu> To: Lane <lane@joeandlane.com> Cc: freebsd-questions@freebsd.org Subject: Re: how do I see security logs without turning on sendmail? Message-ID: <20061214145926.GA98067@gizmo.acns.msu.edu> In-Reply-To: <200612132251.36352.lane@joeandlane.com> References: <20061206034909.27125.qmail@web37214.mail.mud.yahoo.com> <7a4a15bd0612131522t2942b44bo4412d1e16c6ed2e6@mail.gmail.com> <200612131733.32763.lane@joeandlane.com> <200612132251.36352.lane@joeandlane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 13, 2006 at 10:51:36PM -0600, Lane wrote: > Tuareg, > > I can't find the name of the quy who straightened me out on the fuction of > squid, but kudo's to him. > > Clearly squid is not the culprit. > > But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it is > the culprit. > > First lets have a look at your /etc/crontab file. Specifically we are > interested in the lines which contain the term "periodic" > > If these lines include parameters, which are passed to /usr/sbin/periodic, > then they may be the reason for your periodic emails being sent WITHOUT > sendmail being enabled by the normal boot process. > > Take a look at /usr/sbin/periodic. Note that it uses values > in /etc/defaults/periodic.conf as well as any override variables > in /etc/rc.conf. It could also be overridden in other ways such as by > defining the value "source_periodic_confs_defined" and "periodic_conf_files" > but this should have already showed up in /etc/rc.conf. > > While you are examining /usr/sbin/periodic, look for the term "output" > > In my copy of that script there is a comment that looks like: > > #Where's our output going? > > Then there is a "case" block: > > case "$output" in > /*) pipe="cat >>$output";; > "") pipe=cat;; > *) pipe="mail -s '$host ${arg##*/} run output' $output";; > esac > > > If your predecessor had modified this script or, perhaps overridden it > using /etc/defaults/periodic.conf, then he may have either changed the *) > default case, or supplied parameters from /etc/crontab > (or /etc/defaults/periodic.conf) which could invoke sendmail directly. If he > used override variables, then he would probably also have added a case for ) > pipe="sendmail -<arg1> <arg2> <argn>" > > This would account for sendmail being completely disabled in /etc/rc.conf AND > for the messages being sent out via sendmail. However, as I read it, the > behaviour you have reported would only occur if /usr/sbin/periodic was > actually modified, as the use of the "$output" variables does NOT seem to > allow for invocation of sendmail directly. And I don't believe that "mail" > can force invocation of sendmail (although I may be wrong, as the man page > does imply that mail will use any means available to get the message out). > > If this is the case (i.e. if "mail" is invoking sendmail directly) you could > check it by trying to send mail from the command line on one of the servers > that actually does what you want it to do. If it works, and if there are NO > modifications to /usr/sbin/periodic or override defaults > in /etc/defaults/periodic.conf, then it will be safe to assume that > this "feature" has been properly quashed in 6.x. You would then need to > follow the procedures for setting up sendmail for outgoing-only, as many have > already recommended. I haven't followed this whole thread so I may be jumping in to the wrong place, but... Somewhere it is documented - I have read it - that various utilities such as mail invoke single instances of sendmail to transfer their _outgoing only_ messages. I think, in those cases, sendmail clears the mail queue before going away. They do not start sendmail as a daemon or to receive email. Probably some searching will find that documentation. ////jerry > > In any case, the behaviour you desire would only work properly by making the > appropriate changes to /etc/mail/<hostname|freebsd>.mc, (i.e. SMART_HOST > and/or HUB settings), and then running "make install" in /etc/mail. (And this > is always going to be the case where sendmail is concerned) > > I hope this information leads you to a resolution, as it has been a great > learning experience for me ... but my brain hurts :) > > lane > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061214145926.GA98067>