From owner-freebsd-questions  Thu Jun 20 21:28:21 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from zephir.primus.ca (mail.tor.primus.ca [216.254.136.21])
	by hub.freebsd.org (Postfix) with ESMTP id 95DE937B405
	for <freebsd-questions@freebsd.org>; Thu, 20 Jun 2002 21:28:17 -0700 (PDT)
Received: from dialin-134-238.hamilton.primus.ca ([209.90.134.238])
	by zephir.primus.ca with esmtp (Exim 3.33 #16)
	id 17LG1u-0007gO-0A
	for freebsd-questions@FreeBSD.ORG; Fri, 21 Jun 2002 00:28:15 -0400
Date: Fri, 21 Jun 2002 00:28:04 -0400 (EDT)
From: Jason Hunt <jhunt@lynden.on.ca>
X-X-Sender: leth@lethargic.dyndns.org
To: freebsd-questions@FreeBSD.ORG
Subject: Re: sendmail broken with 4.6-RELEASE upgrade
In-Reply-To: <20020620224649.A6452@disturbed.org>
Message-ID: <20020621001335.V40748-100000@lethargic.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 20 Jun 2002, Mike Benjamin wrote:

> The obvious is fix is just to run -bd -q30m and open a TCP port, but I
> would like to avoid this method at all costs.  There (in theory) is no
> need to listen on a TCP port to achieve my desired mail delivery
> methods.
>

I'm not really clear myself on how these two programs interact.  I would
think that they would use a socket, but maybe they are making a connection
on port 25 to the localhost?  I would assume that the latter is the case,
since opening the port makes it work, correct?

So, if this is the case, could you block inbound TCP port 25 connections
on your NIC?  If it was a connection to the localhost, it would not pass
through the nic.  You could write your rules something like this:

- allow everything on lo0
- allow inbound established packets on xl0 (or whatever your NIC is)
- deny inbound packets on tcp port 25
- allow everything (the rest of it)

I might be missing something, I'm not sure.  Does this make sense?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message