From owner-freebsd-questions@FreeBSD.ORG Thu Oct 4 05:55:59 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9244716A41A for ; Thu, 4 Oct 2007 05:55:59 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id F0F2D13C45D for ; Thu, 4 Oct 2007 05:55:58 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.1/8.14.1) with ESMTP id l945tqjd023349; Thu, 4 Oct 2007 06:55:53 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <47048068.4090806@infracaninophile.co.uk> Date: Thu, 04 Oct 2007 06:55:52 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.6 (X11/20070803) MIME-Version: 1.0 To: Rob References: <4703D9D0.6030900@gmail.com> In-Reply-To: <4703D9D0.6030900@gmail.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Thu, 04 Oct 2007 06:55:53 +0100 (BST) X-Virus-Scanned: ClamAV 0.91.2/4462/Thu Oct 4 03:39:41 2007 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on happy-idiot-talk.infracaninophile.co.uk Cc: FreeBSD Questions Subject: Re: Sendmail IP interface assignment -- how to? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2007 05:55:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rob wrote: > Hi All, > > Working on standard sendmail 8.13.8 on FreeBSD 6.2. Machine has a 2nd > NIC that I want to use for a jail environment, so I'm trying to get rid > of all the extraneous servers listening on it. > > Sendmail was of course listening on the smtp and submission ports on all > interfaces. I tracked down the sendmail option DaemonPortOptions to > configure this. > > In the STANDARD sendmail.cf file there was: > O DaemonPortOptions=Name=MTA > O DaemonPortOptions=Port=587, Name=MSA, M=E > > So I edited the .mc macro to add: > DAEMON_OPTIONS(`Addr=127.0.0.1,Port=smtp,Name=MTA') > DAEMON_OPTIONS(`Addr=172.23.23.10,Port=smtp,Name=MTA') > > Which built sendmail.cf with: > O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA > O DaemonPortOptions=Addr=172.23.23.10,Port=smtp,Name=MTA > O DaemonPortOptions=Port=587, Name=MSA, M=E > > That closed port 25 on the extra NIC, but netstat still shows "tcp4 > *.submission LISTEN". I definitely need to close port 587 in the 2nd > NIC, but I was wondering about "best practices" for this. Shouldn't the > submission thing ONLY be on the localhost IP? I'm thinking I can use: > DAEMON_OPTIONS(`Addr=127.0.0.1,Port=587,Name=MSA,M=E') > > Am I going in the right direction here? It looks like I've turned off > smtp as intended, but wondering if I'm doing the right thing with > restricting submission. Any other suggestions on configuring this? > (other than "don't use sendmail") This is on a live server, so I don't > want to hose things up too much experimenting! You also need: FEATURE(no_default_msa) otherwise, you're definitely heading in the right direction. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHBIBo8Mjk52CukIwRCMqsAJ9koqDKX8+yEo4PlgkpnkMomBzP1QCfZWL4 oMPDP3aRNnQ5IsKd0v7F3tc= =SqaV -----END PGP SIGNATURE-----