From owner-freebsd-security  Sat Sep 23 12:41:53 2000
Delivered-To: freebsd-security@freebsd.org
Received: from orthanc.ab.ca (207-167-15-66.dsl.worldgate.ca [207.167.15.66])
	by hub.freebsd.org (Postfix) with ESMTP id 24D5037B422
	for <security@FreeBSD.ORG>; Sat, 23 Sep 2000 12:41:49 -0700 (PDT)
Received: from orthanc.ab.ca (localhost [127.0.0.1])
	by orthanc.ab.ca (8.11.0.Beta3/8.11.0.Beta3) with ESMTP id e8NJfV143262;
	Sat, 23 Sep 2000 13:41:31 -0600 (MDT)
Message-Id: <200009231941.e8NJfV143262@orthanc.ab.ca>
To: Neil Blakey-Milner <nbm@mithrandr.moria.org>
Cc: Nate Williams <nate@yogotech.com>, Warner Losh <imp@village.org>,
	security@FreeBSD.ORG, Peter Wemm <peter@netplex.com.au>
Subject: Re: sendmail default run state 
In-reply-to: Your message of "Sat, 23 Sep 2000 02:11:19 +0200."
             <20000923021119.A35919@mithrandr.moria.org> 
Date: Sat, 23 Sep 2000 13:41:31 -0600
From: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>>>> "Neil" == Neil Blakey-Milner <nbm@mithrandr.moria.org> writes:

    Neil> How do you enable nullclient from rc.conf?

Ship the system with two pre-built sendmail configuration files:

     /etc/mail/sendmail.cf.{full,nullclient}

In rc.conf:

     sendmail_config="full"	# Set to "nullclient" if you want to
				# forward all local mail to a central
				# mail hub. Set sendmail_smarthost
				# to the name of your mail hub.
     sendmail_smarthost="mail.example.com"

Change the code fragment in /etc/rc where sendmail is started to:

     rm -f /etc/mail/smarthost
     if [ -n "${sendmail_smarthost} ] ; then
	echo "${sendmail_smarthost" > /etc/mail/smarthost
     fi
     if [ -r /etc/mail/sendmail.cf.${sendmail_config} ] ; then
	echo -n ' sendmail'
	/usr/sbin/sendmail ${sendmail_flags} -C/etc/mail/sendmail.cf.${sendmail_config}
     fi

sendmail.cf.nullclient would have an entry that picked up the smarthost
from the contents of /etc/mail/smarthost.

    Neil> What happens if your smarthost server goes down - when does
    Neil> sendmail check your queue again?

Whenever you tell it to via the -q parameter. E.g.:

    /usr/sbin/sendmail -q20m 

will start sendmail, not listen on port 25 (or 587), and run the outbound
queue every 20 minutes.

    Neil> Two different issues - sendmail for queueing and delivery,
    Neil> but not listening to network, and sendmail with smarthost.
    Neil> We can emulate the first in the rc system, but not obviously
    Neil> easily the second.

It's not that hard. In fact there are quite a few things we could do
to allow for things like a SUBMIT only configuration (listen to port
587, but not port 25), etc. The problem is they would be very specific
to sendmail.

--lyndon


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message