Date: Mon, 12 Feb 2007 20:32:26 -0400 From: "Doug McComber" <doug.mccomber@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: force smtp auth Message-ID: <d714aaa60702121632o531a681t5bf6139153ef1645@mail.gmail.com> In-Reply-To: <C6148497-F6D8-4170-B31C-2C9A340692B1@goldmark.org> References: <d714aaa60702111827j47674b5dh13f400e36da0d042@mail.gmail.com> <C6148497-F6D8-4170-B31C-2C9A340692B1@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/12/07, Jeffrey Goldberg <jeffrey@goldmark.org> wrote: > On Feb 11, 2007, at 8:27 PM, Doug McComber wrote: > > > This is for a web server that runs Drupal. I don't use the server for > > email as I have that hosted elsewhere. I just want Drupal to be able > > to send email (from localhost) via smtp auth. This is working right > > now except mail can also be sent without using smtp auth. > > I'm not entirely sure what you are asking. Is all the mail that > Drupal sends from localhost? That is, is there a need for Drupal to > listen on port 25 (or 587) at all? If there is no need for > listening, then sendmail should be set up as a client only and listen > only to localhost. I don't work with sendmail on FreeBSD so I can't > say exactly how you do this, but getting something like > > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') > > in the .mc source for your sendmail.cf should tell it to listen to > daemon host. > > If you do want to connect to the machine remotely and have it relay > mail for you, then having something like > > DAEMON_OPTIONS(`Name=MSA, Port=587, M=E') > > in the mc file that is the source for your sendmail.cf file should do > the trick. That tells sendmail to listen on port 587 (smtp > submission port) and require authentication. The M=E is what > requires the authentication. > > Don't add that by hand, it is already nicely set up if you use > > FEATURE(`msp') > > If you want to force authentication even on localhost connections, > then I guess something like > > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA, M=E') > > should do the trick. > > Poking around I see that the src mc file is /usr/src/etc/sendmail/ > freebsd.mc > > However, there is a good chance that I've answered the wrong > question, because I'm not sure what it is that you are after. > > And someone who is familiar with managing sendmail on FreeBSD will be > able to tell you the FreeBSD way of doing things. > > -j > > > -- > Jeffrey Goldberg http://www.goldmark.org/jeff/ > > Thanks Jeffrey. What I'm after is that I want sendmail to require smtp auth regardless of who what or where. This is because I am only using sendmail on this server for php content management systems (drupal) to send verification emails. But, the reality is that over time a#$%oles will find a new security flaw in php and/or the cms and use my server to send spam (or worse). So, with smtp auth required for ALL smtp connections I can (hope to) stop this from happening. Anyway, what worked to force smtp auth was M=Ea. Thanks again, Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d714aaa60702121632o531a681t5bf6139153ef1645>