Date: Sun, 27 Aug 2006 00:46:50 -0400 From: Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org> To: Dirk Engling <erdgeist@erdgeist.org> Cc: hackers@freebsd.org Subject: Re: jails, cron and sendmail Message-ID: <17649.9146.307818.780974@bhuda.mired.org> In-Reply-To: <20060827052733.F16322@erdgeist.org> References: <44F0E38F.5030809@erdgeist.org> <17648.59470.572563.377998@bhuda.mired.org> <20060827052733.F16322@erdgeist.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In <20060827052733.F16322@erdgeist.org>, Dirk Engling <erdgeist@erdgeist.org> typed: > On Sat, 26 Aug 2006, Mike Meyer wrote: > > Except some of the things run from cron want to send mail all on their > > own, so fixing cron won't solve your problem. > > Why are you running cron inside the jails at all? Are you letting your > > users run it? If not, can you disable it, and instead run scripts from > > your real crontab that do the appropriate thigns in each jail? > It's not me, it's the OS running cron to do its periodic checks, per > default. That's just a default. You can can change it by adding cron_enable="NO" to /etc/rc.conf in each jail. So maybe the question should be "Why haven't your turned off cron in the jails?" > Daniel Gerzo already pointed out, how to solve that. By checking periodic.conf? That doesn't prevent cron from sending mail; that just turns off the periodic scripts that cron launches, some of which also send mail. > Still: FreeBSD's /etc/ assumes and provides a working mail subsystem in > its default configuration. That exposes sendmail to the publicly visible > IP address. Shutting the mail sub system off causes trouble. In order: right, wrong and right. The default configuration doesn't expose sendmail to the publicly visible IP addres. The daemon it runs only listens for connections to the localhost address. > I hope, that describes my motivation to bring up the topic. Well, it's a bit ambiguous. If your concern is that the default configuration exposes sendmail on a public IP address, you're wrong. If your concern is that default sendmail is exposed in jails, then you need to fix that when you set up the jail. There are tools around for setting up jails for a variety of uses, but I don't think any are bundled with the system. If your concern is that shutting off a subsystem can break things - I'd say that's a *good* thing. One of the things that make Unix powerful is that it assumes the user knows what they are doing. If you've installed another mail package (there are a number of them in the ports tree), then you want to turn off sendmail. If the system assumed that you then no longer had a working mail system and shut down everything that tried to send mail, it would be wrong. Given the choice between a system that does exactly what I tell it to, and one that second guesses me, makes changes behind my back, and makes setting things up the way I want a PITA, I know which one I want. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17649.9146.307818.780974>