Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 Sep 2000 13:41:31 -0600
From:      Lyndon Nerenberg <lyndon@orthanc.ab.ca>
To:        Neil Blakey-Milner <nbm@mithrandr.moria.org>
Cc:        Nate Williams <nate@yogotech.com>, Warner Losh <imp@village.org>, security@FreeBSD.ORG, Peter Wemm <peter@netplex.com.au>
Subject:   Re: sendmail default run state 
Message-ID:  <200009231941.e8NJfV143262@orthanc.ab.ca>
In-Reply-To: Your message of "Sat, 23 Sep 2000 02:11:19 %2B0200." <20000923021119.A35919@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
>>>>> "Neil" == Neil Blakey-Milner <nbm@mithrandr.moria.org> writes:

    Neil> How do you enable nullclient from rc.conf?

Ship the system with two pre-built sendmail configuration files:

     /etc/mail/sendmail.cf.{full,nullclient}

In rc.conf:

     sendmail_config="full"	# Set to "nullclient" if you want to
				# forward all local mail to a central
				# mail hub. Set sendmail_smarthost
				# to the name of your mail hub.
     sendmail_smarthost="mail.example.com"

Change the code fragment in /etc/rc where sendmail is started to:

     rm -f /etc/mail/smarthost
     if [ -n "${sendmail_smarthost} ] ; then
	echo "${sendmail_smarthost" > /etc/mail/smarthost
     fi
     if [ -r /etc/mail/sendmail.cf.${sendmail_config} ] ; then
	echo -n ' sendmail'
	/usr/sbin/sendmail ${sendmail_flags} -C/etc/mail/sendmail.cf.${sendmail_config}
     fi

sendmail.cf.nullclient would have an entry that picked up the smarthost
from the contents of /etc/mail/smarthost.

    Neil> What happens if your smarthost server goes down - when does
    Neil> sendmail check your queue again?

Whenever you tell it to via the -q parameter. E.g.:

    /usr/sbin/sendmail -q20m 

will start sendmail, not listen on port 25 (or 587), and run the outbound
queue every 20 minutes.

    Neil> Two different issues - sendmail for queueing and delivery,
    Neil> but not listening to network, and sendmail with smarthost.
    Neil> We can emulate the first in the rc system, but not obviously
    Neil> easily the second.

It's not that hard. In fact there are quite a few things we could do
to allow for things like a SUBMIT only configuration (listen to port
587, but not port 25), etc. The problem is they would be very specific
to sendmail.

--lyndon


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009231941.e8NJfV143262>