Date: Fri, 27 Jul 2007 15:07:51 +0200 From: Ernst de Haan <znerd@FreeBSD.org> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: freebsd-jail@FreeBSD.org Subject: Re: Mails from jails Message-ID: <7CCDD6B6-B1CC-4BEB-B12B-163F6FB761DC@FreeBSD.org> In-Reply-To: <20070727081952.wessjbs9vk00wk80@webmail.leidinger.net> References: <F3EEF171-8B44-47CC-AF0B-8012D8D3D362@FreeBSD.org> <20070727081952.wessjbs9vk00wk80@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexander, > In my jails at home I configured sendmail with a smarthost > (respectively a msp for the submit.mc) and use > sendmail_enable="NO" > sendmail_submit_enable="YES" > in rc.conf. But this means you are running sendmail in each and every jail, right? Isn't it better to keep the services per jail to a minimum, excluding services that are not necessarily required? Now you have the much- exploited sendmail daemon running in every jail. I haven't found a complete solution yet, but I would expect to be able to run an (E)SMTP daemon in one jail, listening only to 127.0.0.x (not on the external interface), allowing only connections from 127.0.0.255. However, I just noticed in the rc.sendmail(8) man page that it indicates this will not work: http://www.freebsd.org/cgi/man.cgi?query=rc.sendmail&sektion=8 Then all the other jails could just run sSMTP, connecting to the ESMTP service on the mail-jail, without AUTH (SASL) and SSL, just plain old SMTP. > My smarthost is postfix in another jail and it delivers via TLS > +sasl to a box with an official and static IP which is responsible > for the final delivery. So does the postfix daemon listen to an internal network address (127.0.0.x)? If so, this comes pretty close to what I'm looking for. Cheers, Ernst
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7CCDD6B6-B1CC-4BEB-B12B-163F6FB761DC>