Date: Mon, 27 Mar 2006 11:47:47 -0600 From: "Jack Stone" <antennex@hotmail.com> To: david.robillard@gmail.com, freebsd-questions@freebsd.org Subject: Re: Sendmail and Jails Message-ID: <BAY106-F122DC902FA6B9B823A98EACCD20@phx.gbl> In-Reply-To: <226ae0c60603270744q1a444c4du9d2e38baaa28f48@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: "David Robillard" <david.robillard@gmail.com> >To: "FreeBSD Questions Mailing List" <freebsd-questions@freebsd.org> >CC: "Jack Stone" <antennex@hotmail.com> >Subject: Re: Sendmail and Jails >Date: Mon, 27 Mar 2006 10:44:29 -0500 > >------------------------------ > >Message: 23 >Date: Sat, 25 Mar 2006 19:32:01 -0500 >From: Anish Mistry <mistry.7@osu.edu> >Subject: Re: Sendmail and Jails >To: freebsd-questions@freebsd.org >Cc: Jack Stone <antennex@hotmail.com> >Message-ID: <200603251932.11154.mistry.7@osu.edu> >Content-Type: text/plain; charset="iso-8859-1" > >On Saturday 25 March 2006 18:42, Jack Stone wrote: > > I have been setting up jails on various production servers on > > FBSD-6.0 & 4.11. > > > > I was wondering how/where to configure & avoid the port conficts > > for sendmail as follows: > > > > - main host - all sendmail services in & out (or at least out) > > - jail - just outgoing services > > > > I gather I will need to configure one or the other on a non-std > > port as both will try to grab the same ports: 25 & 587 > > > > Any tips appreciated. > >Hi Jack, > >Since all jails and the main host have their own IP address, it is >quite easy to do the setup you ask for. The idea here is to tell >sendmail(8) on which IP it should bind to. No need to fuss around with >ports or anything like that :o) > >For the sake of example, let's say we have this: > >main.host.com: 192.168.1.1 >jail.host.com: 192.168.1.2 > >On the main host, make sure you have > >sendmail_enable="YES" > >in /etc/rc.conf. This will tell sendmail to run and listen for outside >requests. >Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1) >command is enclosed in back-ticks). > >sudo vi /etc/mail/`uname -n`.mc > >Include whatever sendmail(8) MC macro configuration you need and make >sure you have this line which tells sendmail(8) to listen on >192.168.1.1 on TCP port 25. > >DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl > >Save the `uname -n`.mc file and restart sendmail: > >cd /etc/mail >sudo make install restart > >Make sure you check /var/log/maillog for any errors. > >Now for the jails, you only have to configure sendmail in whatever way >you need and have this > >sendmail_enable="NO" > >in /etc/rc.conf. This tells sendmail to process mail only if it is >originating from the localhost. I would recommend configuring each >jails as a sendmail null client to your main host. For example: > >OSTYPE(`freebsd6')dnl >FEATURE(`nullclient', `main.host.com')dnl > >Which will cause all jails to "punt" their mail directly to your >main.host.com machine. > >If you're not sure about which ports are opened by sendmail in the >main host or the jails, run the sockstat(1) command. > >Also, sendmail relies on DNS for everything, so make sure your DNS >systems is on par with the various hostnames you use. Otherwise, >you'll end up with long boot time and a whole bunch of broken mail >problems. > >Finally, make sure you upgrade sendmail to version 8.13.6 because >previous versions contain a vulnerability. Install port mail/sendmail. >(this is my sendmail configuration in make.conf) > >sudo vi /etc/make.conf > >NO_SENDMAIL= true > >SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf > >.if ${.CURDIR:M*/mail/sendmail} >SENDMAIL_WITHOUT_IPV6=yes \ >SENDMAIL_WITHOUT_NIS=yes \ >SENDMAIL_WITH_TLS=yes \ >SENDMAIL_WITH_SMTPS=yes \ >SENDMAIL_WITH_SASL=yes \ >SENDMAIL_WITH_SASL2=yes \ >SENDMAIL_WITH_LDAP=yes \ >SENDMAIL_WITH_BERKELEYDB_VER=42 \ >SENDMAIL_WITH_SOCKETMAP=yes \ ># SENDMAIL_WITH_CYRUSLOOKUP=no \ >SENDMAIL_WITH_PICKY_HELO_CHECK=yes \ >SENDMAIL_WITH_SHARED_MILTER=yes >.endif > >cd /usr/ports/mail/sendmail >sudo make install >sudo make mailer.conf >sudo make clean > >Check if you're using the right one: > >sendmail -bt -d0.1 < /dev/null > >Let me know if you need more assistance. Of course, YMMV. > >Cheers, > >David > > >-- >David Robillard >UNIX systems admin, CISSP David: Thank you so much for this detailed "howto" on my question of configuring sendmail to handle both the main host and a jail on the same ports -- the info I found in the sendmail readme said to use different ports, (like 925 & 987) but if you advice works, this is great! I wondered how I was going to use a bunch of jails without jumping thru hoops! Thanks again. _________________________________________________________________ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY106-F122DC902FA6B9B823A98EACCD20>