Date: Thu, 04 Oct 2007 06:55:52 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Rob <bitabyss@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Sendmail IP interface assignment -- how to? Message-ID: <47048068.4090806@infracaninophile.co.uk> In-Reply-To: <4703D9D0.6030900@gmail.com> References: <4703D9D0.6030900@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Rob wrote:
> Hi All,
>
> Working on standard sendmail 8.13.8 on FreeBSD 6.2. Machine has a 2nd
> NIC that I want to use for a jail environment, so I'm trying to get rid
> of all the extraneous servers listening on it.
>
> Sendmail was of course listening on the smtp and submission ports on all
> interfaces. I tracked down the sendmail option DaemonPortOptions to
> configure this.
>
> In the STANDARD sendmail.cf file there was:
> O DaemonPortOptions=Name=MTA
> O DaemonPortOptions=Port=587, Name=MSA, M=E
>
> So I edited the .mc macro to add:
> DAEMON_OPTIONS(`Addr=127.0.0.1,Port=smtp,Name=MTA')
> DAEMON_OPTIONS(`Addr=172.23.23.10,Port=smtp,Name=MTA')
>
> Which built sendmail.cf with:
> O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA
> O DaemonPortOptions=Addr=172.23.23.10,Port=smtp,Name=MTA
> O DaemonPortOptions=Port=587, Name=MSA, M=E
>
> That closed port 25 on the extra NIC, but netstat still shows "tcp4
> *.submission LISTEN". I definitely need to close port 587 in the 2nd
> NIC, but I was wondering about "best practices" for this. Shouldn't the
> submission thing ONLY be on the localhost IP? I'm thinking I can use:
> DAEMON_OPTIONS(`Addr=127.0.0.1,Port=587,Name=MSA,M=E')
>
> Am I going in the right direction here? It looks like I've turned off
> smtp as intended, but wondering if I'm doing the right thing with
> restricting submission. Any other suggestions on configuring this?
> (other than "don't use sendmail") This is on a live server, so I don't
> want to hose things up too much experimenting!
You also need:
FEATURE(no_default_msa)
otherwise, you're definitely heading in the right direction.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHBIBo8Mjk52CukIwRCMqsAJ9koqDKX8+yEo4PlgkpnkMomBzP1QCfZWL4
oMPDP3aRNnQ5IsKd0v7F3tc=
=SqaV
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47048068.4090806>