From owner-freebsd-hackers@FreeBSD.ORG Sun Aug 27 03:20:14 2006 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74F1C16A4DE for ; Sun, 27 Aug 2006 03:20:14 +0000 (UTC) (envelope-from mwm-keyword-freebsdhackers2.e313df@mired.org) Received: from mired.org (vpn.mired.org [66.92.153.74]) by mx1.FreeBSD.org (Postfix) with SMTP id CB72A43D46 for ; Sun, 27 Aug 2006 03:20:13 +0000 (GMT) (envelope-from mwm-keyword-freebsdhackers2.e313df@mired.org) Received: (qmail 83597 invoked by uid 1001); 27 Aug 2006 00:33:20 -0000 Received: by bhuda.mired.org (tmda-sendmail, from uid 1001); Sat, 26 Aug 2006 20:33:20 -0400 (EDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17648.59470.572563.377998@bhuda.mired.org> Date: Sat, 26 Aug 2006 20:33:18 -0400 To: Dirk Engling In-Reply-To: <44F0E38F.5030809@erdgeist.org> References: <44F0E38F.5030809@erdgeist.org> X-Mailer: VM 7.17 under 21.4 (patch 19) "Constant Variable" XEmacs Lucid X-Primary-Address: mwm@mired.org X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`; h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Delivery-Agent: TMDA/1.0.3 (Seattle Slew) From: Mike Meyer Cc: hackers@freebsd.org Subject: Re: jails, cron and sendmail X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2006 03:20:14 -0000 In <44F0E38F.5030809@erdgeist.org>, Dirk Engling typed: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > I have the following problem: since I need and do not like any kind of > smtp activity in my jails (there's no 127.0.0.1 in a jail, all services > listen to the jails external interface), I put those lines into my > /etc/rc.conf: > > sendmail_enable="NO" > sendmail_outbound_enable="NO" > sendmail_submit_enable="NO" You may want sendmail_msp_queue_enable="NO" as well. sendmail_enable="NONE" is a shorthand for turning all four of them off, though I believe it's been depreciated. > this works fine: nothing listening on the jails interface... except that > cron tries to deliver its status mails and fails. > > While failing, sendmail seems to hog cpu and finally floods > /var/spool/clientmqueue and /var/log/maillog. > > My quick fix now is to replace /usr/libexec/sendmail/sendmail with > /usr/bin/true in /etc/mail/mailer.conf, however: it seems problematic > that cron insists on a mail sub system, when all it should do is execute > stuff periodically. There should be an option to let it only log to a file. And to which crontab file and lines should the option apply? > For my jails this would make sense, too: I never read root's mails > locally, anyway. > > Am I missing the obvious solution here? Posibly. Worse yet, you're missing some obvious problems. cron mails any output from each line to someone - exactly who depends on which crontab file it is, and if it specifies a user to run as. Replacing all of those with a single log file isn't generally very useful. A syslog hook of some kind might be work. In any case, you can fix each line in a crontab to not send mail by redirecting it's output - both stdout and stderr - to a file. Except some of the things run from cron want to send mail all on their own, so fixing cron won't solve your problem. Why are you running cron inside the jails at all? Are you letting your users run it? If not, can you disable it, and instead run scripts from your real crontab that do the appropriate thigns in each jail? http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.