From owner-freebsd-questions@FreeBSD.ORG  Sat Apr 27 16:43:39 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 421EFBDD
 for <freebsd-questions@FreeBSD.org>; Sat, 27 Apr 2013 16:43:39 +0000 (UTC)
 (envelope-from doug@fledge.watson.org)
Received: from fledge.watson.org (fledge.watson.org [204.107.128.50])
 by mx1.freebsd.org (Postfix) with ESMTP id E39D010C9
 for <freebsd-questions@FreeBSD.org>; Sat, 27 Apr 2013 16:43:38 +0000 (UTC)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1])
 by fledge.watson.org (8.14.6/8.14.6) with ESMTP id r3RGhcGe028998
 for <freebsd-questions@FreeBSD.org>; Sat, 27 Apr 2013 12:43:38 -0400 (EDT)
 (envelope-from doug@fledge.watson.org)
Received: from localhost (doug@localhost)
 by fledge.watson.org (8.14.6/8.14.6/Submit) with ESMTP id r3RGhcJj028995
 for <freebsd-questions@FreeBSD.org>; Sat, 27 Apr 2013 12:43:38 -0400 (EDT)
 (envelope-from doug@fledge.watson.org)
Date: Sat, 27 Apr 2013 12:43:38 -0400 (EDT)
From: doug <doug@fledge.watson.org>
To: freebsd-questions@FreeBSD.org
Subject: Re: Sendmail  8.14.5/8.14.5 on fbsd-9.1R (EC2)
In-Reply-To: <517B8ED2.3060103@infracaninophile.co.uk>
Message-ID: <alpine.BSF.2.00.1304271240410.26949@fledge.watson.org>
References: <20130426153728.M27769@ezo.net>
 <517B8ED2.3060103@infracaninophile.co.uk>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3
 (fledge.watson.org [127.0.0.1]); Sat, 27 Apr 2013 12:43:38 -0400 (EDT)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: doug@safeport.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Apr 2013 16:43:39 -0000


On Sat, 27 Apr 2013, Matthew Seaman wrote:

> On 26/04/2013 16:51, jflowers wrote:
>> All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have no
>> sendmail process listen on the server interface.  That's being done by assp
>> which proxies messages to 127.0.0.1:1025.  Unfortunately, I haven't been able
>> to figure out how to turn off the default.  Sockstat shows:
>>
>> root     sendmail   1672  4  tcp4   *:25                  *:*
>> root     sendmail   1672  5  tcp6   *:25                  *:*
>> root     sendmail   1672  6  tcp4   127.0.0.1:1025        *:*
>> root     sendmail   1672  7  tcp4   111.222.333.444:587   *:*
>>
>> The relevant mc entries are:
>>
>> DAEMON_OPTIONS(`Name=IPv4, Family=inet')
>> DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
>> DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA')
>> VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains')
>> FEATURE(`no_default_msa')
>> DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E')
>>
>> The MSA isn't strictly necessary now but I thought might have a future use.
>>
>> So, what am I missing?  How do I turn *:25 off so that when assp goes down (as
>> it frequently does) I'm not running an open relay (all user/domain validation
>> is done in assp).
>>
>> Any pointers in the right direction appreciated.
>
> You pretty much already have the answer already.  Add 'Addr=127.0.0.1'
> or 'Addr=::1' clauses to your first two DAEMON_OPTIONS lines.  That will
> limit sendmail to listening on port 25 only on the loopback interface.
>
> Or indeed, remove those two lines entirely to leave sendmail only
> listening on port 587.  This should not prevent sendmail from sending
> outgoing messages, but will prevent any incoming.

If sendmail is listening on port 587, it will relay for any valid sender who can 
reach that port.