From owner-freebsd-questions@FreeBSD.ORG Thu Oct 4 14:32:29 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C077116A418 for ; Thu, 4 Oct 2007 14:32:29 +0000 (UTC) (envelope-from bitabyss@gmail.com) Received: from cartman.xxiii.com (cartman.xxiii.com [208.62.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 8056E13C45A for ; Thu, 4 Oct 2007 14:32:29 +0000 (UTC) (envelope-from bitabyss@gmail.com) Received: from [172.23.23.190] (lan23.xxiii.com [208.62.177.50]) by cartman.xxiii.com (8.13.8/8.13.8) with ESMTP id l94EWSQ5086910; Thu, 4 Oct 2007 10:32:28 -0400 (EDT) (envelope-from bitabyss@gmail.com) Message-ID: <4704F983.1060400@gmail.com> Date: Thu, 04 Oct 2007 10:32:35 -0400 From: Rob User-Agent: Thunderbird 1.5.0.13 (Windows/20070809) MIME-Version: 1.0 To: Matthew Seaman , FreeBSD Questions References: <4703D9D0.6030900@gmail.com> <47048068.4090806@infracaninophile.co.uk> In-Reply-To: <47048068.4090806@infracaninophile.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: Sendmail IP interface assignment -- how to? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2007 14:32:29 -0000 Matthew Seaman wrote: > Rob wrote: >> That closed port 25 on the extra NIC, but netstat still shows "tcp4 >> *.submission LISTEN". I definitely need to close port 587 in the 2nd >> NIC, but I was wondering about "best practices" for this. Shouldn't the >> submission thing ONLY be on the localhost IP? I'm thinking I can use: >> DAEMON_OPTIONS(`Addr=127.0.0.1,Port=587,Name=MSA,M=E') > > You also need: > FEATURE(no_default_msa) > otherwise, you're definitely heading in the right direction. Thanks, Matthew! That was the piece I was missing. I tried my Daemon_Options above, but found out its presence does not disable the default config to listen on all interfaces. I got it working by directly editing the .cf, but your trick does it from the macro config. The final result ended up as: FEATURE(no_default_msa)dnl # turn off MSA on all ports; only ue what's in Daemon_Options DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1,Name=MTA') DAEMON_OPTIONS(`Port=smtp,Addr=172.23.23.10,Name=MTA') DAEMON_OPTIONS(`Port=2525,Addr=172.23.23.10,Name=MTA')dnl # smtp on alt port DAEMON_OPTIONS(`Port=587,Addr=127.0.0.1,Name=MSA,M=E') Once I knew the right keywords to google, I found this article that might be of use to others: "Five Tips for a Better sendmail Configuration" http://www.onlamp.com/pub/a/onlamp/2004/01/15/sendmail.html?page=1 -Thanks, Rob