From owner-freebsd-questions@FreeBSD.ORG Wed Oct 3 18:04:59 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B361516A419 for ; Wed, 3 Oct 2007 18:04:59 +0000 (UTC) (envelope-from bitabyss@gmail.com) Received: from cartman.xxiii.com (cartman.xxiii.com [208.62.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 6B0BB13C48A for ; Wed, 3 Oct 2007 18:04:59 +0000 (UTC) (envelope-from bitabyss@gmail.com) Received: from [172.23.23.190] (lan23.xxiii.com [208.62.177.50]) by cartman.xxiii.com (8.13.8/8.13.8) with ESMTP id l93I4wf6081743 for ; Wed, 3 Oct 2007 14:04:58 -0400 (EDT) (envelope-from bitabyss@gmail.com) Message-ID: <4703D9D0.6030900@gmail.com> Date: Wed, 03 Oct 2007 14:05:04 -0400 From: Rob User-Agent: Thunderbird 1.5.0.13 (Windows/20070809) MIME-Version: 1.0 To: FreeBSD Questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Sendmail IP interface assignment -- how to? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2007 18:04:59 -0000 Hi All, Working on standard sendmail 8.13.8 on FreeBSD 6.2. Machine has a 2nd NIC that I want to use for a jail environment, so I'm trying to get rid of all the extraneous servers listening on it. Sendmail was of course listening on the smtp and submission ports on all interfaces. I tracked down the sendmail option DaemonPortOptions to configure this. In the STANDARD sendmail.cf file there was: O DaemonPortOptions=Name=MTA O DaemonPortOptions=Port=587, Name=MSA, M=E So I edited the .mc macro to add: DAEMON_OPTIONS(`Addr=127.0.0.1,Port=smtp,Name=MTA') DAEMON_OPTIONS(`Addr=172.23.23.10,Port=smtp,Name=MTA') Which built sendmail.cf with: O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA O DaemonPortOptions=Addr=172.23.23.10,Port=smtp,Name=MTA O DaemonPortOptions=Port=587, Name=MSA, M=E That closed port 25 on the extra NIC, but netstat still shows "tcp4 *.submission LISTEN". I definitely need to close port 587 in the 2nd NIC, but I was wondering about "best practices" for this. Shouldn't the submission thing ONLY be on the localhost IP? I'm thinking I can use: DAEMON_OPTIONS(`Addr=127.0.0.1,Port=587,Name=MSA,M=E') Am I going in the right direction here? It looks like I've turned off smtp as intended, but wondering if I'm doing the right thing with restricting submission. Any other suggestions on configuring this? (other than "don't use sendmail") This is on a live server, so I don't want to hose things up too much experimenting! -Thanks, Rob