Date: Mon, 27 Mar 2006 11:47:47 -0600 From: "Jack Stone" <antennex@hotmail.com> To: david.robillard@gmail.com, freebsd-questions@freebsd.org Subject: Re: Sendmail and Jails Message-ID: <BAY106-F122DC902FA6B9B823A98EACCD20@phx.gbl> In-Reply-To: <226ae0c60603270744q1a444c4du9d2e38baaa28f48@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: "David Robillard" <david.robillard@gmail.com>
>To: "FreeBSD Questions Mailing List" <freebsd-questions@freebsd.org>
>CC: "Jack Stone" <antennex@hotmail.com>
>Subject: Re: Sendmail and Jails
>Date: Mon, 27 Mar 2006 10:44:29 -0500
>
>------------------------------
>
>Message: 23
>Date: Sat, 25 Mar 2006 19:32:01 -0500
>From: Anish Mistry <mistry.7@osu.edu>
>Subject: Re: Sendmail and Jails
>To: freebsd-questions@freebsd.org
>Cc: Jack Stone <antennex@hotmail.com>
>Message-ID: <200603251932.11154.mistry.7@osu.edu>
>Content-Type: text/plain; charset="iso-8859-1"
>
>On Saturday 25 March 2006 18:42, Jack Stone wrote:
> > I have been setting up jails on various production servers on
> > FBSD-6.0 & 4.11.
> >
> > I was wondering how/where to configure & avoid the port conficts
> > for sendmail as follows:
> >
> > - main host - all sendmail services in & out (or at least out)
> > - jail - just outgoing services
> >
> > I gather I will need to configure one or the other on a non-std
> > port as both will try to grab the same ports: 25 & 587
> >
> > Any tips appreciated.
>
>Hi Jack,
>
>Since all jails and the main host have their own IP address, it is
>quite easy to do the setup you ask for. The idea here is to tell
>sendmail(8) on which IP it should bind to. No need to fuss around with
>ports or anything like that :o)
>
>For the sake of example, let's say we have this:
>
>main.host.com: 192.168.1.1
>jail.host.com: 192.168.1.2
>
>On the main host, make sure you have
>
>sendmail_enable="YES"
>
>in /etc/rc.conf. This will tell sendmail to run and listen for outside
>requests.
>Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1)
>command is enclosed in back-ticks).
>
>sudo vi /etc/mail/`uname -n`.mc
>
>Include whatever sendmail(8) MC macro configuration you need and make
>sure you have this line which tells sendmail(8) to listen on
>192.168.1.1 on TCP port 25.
>
>DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl
>
>Save the `uname -n`.mc file and restart sendmail:
>
>cd /etc/mail
>sudo make install restart
>
>Make sure you check /var/log/maillog for any errors.
>
>Now for the jails, you only have to configure sendmail in whatever way
>you need and have this
>
>sendmail_enable="NO"
>
>in /etc/rc.conf. This tells sendmail to process mail only if it is
>originating from the localhost. I would recommend configuring each
>jails as a sendmail null client to your main host. For example:
>
>OSTYPE(`freebsd6')dnl
>FEATURE(`nullclient', `main.host.com')dnl
>
>Which will cause all jails to "punt" their mail directly to your
>main.host.com machine.
>
>If you're not sure about which ports are opened by sendmail in the
>main host or the jails, run the sockstat(1) command.
>
>Also, sendmail relies on DNS for everything, so make sure your DNS
>systems is on par with the various hostnames you use. Otherwise,
>you'll end up with long boot time and a whole bunch of broken mail
>problems.
>
>Finally, make sure you upgrade sendmail to version 8.13.6 because
>previous versions contain a vulnerability. Install port mail/sendmail.
>(this is my sendmail configuration in make.conf)
>
>sudo vi /etc/make.conf
>
>NO_SENDMAIL= true
>
>SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf
>
>.if ${.CURDIR:M*/mail/sendmail}
>SENDMAIL_WITHOUT_IPV6=yes \
>SENDMAIL_WITHOUT_NIS=yes \
>SENDMAIL_WITH_TLS=yes \
>SENDMAIL_WITH_SMTPS=yes \
>SENDMAIL_WITH_SASL=yes \
>SENDMAIL_WITH_SASL2=yes \
>SENDMAIL_WITH_LDAP=yes \
>SENDMAIL_WITH_BERKELEYDB_VER=42 \
>SENDMAIL_WITH_SOCKETMAP=yes \
># SENDMAIL_WITH_CYRUSLOOKUP=no \
>SENDMAIL_WITH_PICKY_HELO_CHECK=yes \
>SENDMAIL_WITH_SHARED_MILTER=yes
>.endif
>
>cd /usr/ports/mail/sendmail
>sudo make install
>sudo make mailer.conf
>sudo make clean
>
>Check if you're using the right one:
>
>sendmail -bt -d0.1 < /dev/null
>
>Let me know if you need more assistance. Of course, YMMV.
>
>Cheers,
>
>David
>
>
>--
>David Robillard
>UNIX systems admin, CISSP
David: Thank you so much for this detailed "howto" on my question of
configuring sendmail to handle both the main host and a jail on the same
ports -- the info I found in the sendmail readme said to use different
ports, (like 925 & 987) but if you advice works, this is great!
I wondered how I was going to use a bunch of jails without jumping thru
hoops!
Thanks again.
_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY106-F122DC902FA6B9B823A98EACCD20>