Re: Sendmail and Jails
From: "David Robillard" <[EMAIL PROTECTED]> To: "FreeBSD Questions Mailing List" CC: "Jack Stone" <[EMAIL PROTECTED]> Subject: Re: Sendmail and Jails Date: Mon, 27 Mar 2006 10:44:29 -0500 -- Message: 23 Date: Sat, 25 Mar 2006 19:32:01 -0500 From: Anish Mistry <[EMAIL PROTECTED]> Subject: Re: Sendmail and Jails To: freebsd-questions@freebsd.org Cc: Jack Stone <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" On Saturday 25 March 2006 18:42, Jack Stone wrote: > I have been setting up jails on various production servers on > FBSD-6.0 & 4.11. > > I was wondering how/where to configure & avoid the port conficts > for sendmail as follows: > > - main host - all sendmail services in & out (or at least out) > - jail - just outgoing services > > I gather I will need to configure one or the other on a non-std > port as both will try to grab the same ports: 25 & 587 > > Any tips appreciated. Hi Jack, Since all jails and the main host have their own IP address, it is quite easy to do the setup you ask for. The idea here is to tell sendmail(8) on which IP it should bind to. No need to fuss around with ports or anything like that :o) For the sake of example, let's say we have this: main.host.com: 192.168.1.1 jail.host.com: 192.168.1.2 On the main host, make sure you have sendmail_enable="YES" in /etc/rc.conf. This will tell sendmail to run and listen for outside requests. Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1) command is enclosed in back-ticks). sudo vi /etc/mail/`uname -n`.mc Include whatever sendmail(8) MC macro configuration you need and make sure you have this line which tells sendmail(8) to listen on 192.168.1.1 on TCP port 25. DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl Save the `uname -n`.mc file and restart sendmail: cd /etc/mail sudo make install restart Make sure you check /var/log/maillog for any errors. Now for the jails, you only have to configure sendmail in whatever way you need and have this sendmail_enable="NO" in /etc/rc.conf. This tells sendmail to process mail only if it is originating from the localhost. I would recommend configuring each jails as a sendmail null client to your main host. For example: OSTYPE(`freebsd6')dnl FEATURE(`nullclient', `main.host.com')dnl Which will cause all jails to "punt" their mail directly to your main.host.com machine. If you're not sure about which ports are opened by sendmail in the main host or the jails, run the sockstat(1) command. Also, sendmail relies on DNS for everything, so make sure your DNS systems is on par with the various hostnames you use. Otherwise, you'll end up with long boot time and a whole bunch of broken mail problems. Finally, make sure you upgrade sendmail to version 8.13.6 because previous versions contain a vulnerability. Install port mail/sendmail. (this is my sendmail configuration in make.conf) sudo vi /etc/make.conf NO_SENDMAIL= true SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf .if ${.CURDIR:M*/mail/sendmail} SENDMAIL_WITHOUT_IPV6=yes \ SENDMAIL_WITHOUT_NIS=yes \ SENDMAIL_WITH_TLS=yes \ SENDMAIL_WITH_SMTPS=yes \ SENDMAIL_WITH_SASL=yes \ SENDMAIL_WITH_SASL2=yes \ SENDMAIL_WITH_LDAP=yes \ SENDMAIL_WITH_BERKELEYDB_VER=42 \ SENDMAIL_WITH_SOCKETMAP=yes \ # SENDMAIL_WITH_CYRUSLOOKUP=no \ SENDMAIL_WITH_PICKY_HELO_CHECK=yes \ SENDMAIL_WITH_SHARED_MILTER=yes .endif cd /usr/ports/mail/sendmail sudo make install sudo make mailer.conf sudo make clean Check if you're using the right one: sendmail -bt -d0.1 < /dev/null Let me know if you need more assistance. Of course, YMMV. Cheers, David -- David Robillard UNIX systems admin, CISSP David: Thank you so much for this detailed "howto" on my question of configuring sendmail to handle both the main host and a jail on the same ports -- the info I found in the sendmail readme said to use different ports, (like 925 & 987) but if you advice works, this is great! I wondered how I was going to use a bunch of jails without jumping thru hoops! Thanks again. _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail and Jails
-- Message: 23 Date: Sat, 25 Mar 2006 19:32:01 -0500 From: Anish Mistry <[EMAIL PROTECTED]> Subject: Re: Sendmail and Jails To: freebsd-questions@freebsd.org Cc: Jack Stone <[EMAIL PROTECTED]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" On Saturday 25 March 2006 18:42, Jack Stone wrote: > I have been setting up jails on various production servers on > FBSD-6.0 & 4.11. > > I was wondering how/where to configure & avoid the port conficts > for sendmail as follows: > > - main host - all sendmail services in & out (or at least out) > - jail - just outgoing services > > I gather I will need to configure one or the other on a non-std > port as both will try to grab the same ports: 25 & 587 > > Any tips appreciated. Hi Jack, Since all jails and the main host have their own IP address, it is quite easy to do the setup you ask for. The idea here is to tell sendmail(8) on which IP it should bind to. No need to fuss around with ports or anything like that :o) For the sake of example, let's say we have this: main.host.com: 192.168.1.1 jail.host.com: 192.168.1.2 On the main host, make sure you have sendmail_enable="YES" in /etc/rc.conf. This will tell sendmail to run and listen for outside requests. Next, edit the /etc/mail/`uname -n`.mc file (make sure the uname(1) command is enclosed in back-ticks). sudo vi /etc/mail/`uname -n`.mc Include whatever sendmail(8) MC macro configuration you need and make sure you have this line which tells sendmail(8) to listen on 192.168.1.1 on TCP port 25. DAEMON_OPTIONS(`Port=25, Addr=192.168.1.1, Name=MTA, Family=inet')dnl Save the `uname -n`.mc file and restart sendmail: cd /etc/mail sudo make install restart Make sure you check /var/log/maillog for any errors. Now for the jails, you only have to configure sendmail in whatever way you need and have this sendmail_enable="NO" in /etc/rc.conf. This tells sendmail to process mail only if it is originating from the localhost. I would recommend configuring each jails as a sendmail null client to your main host. For example: OSTYPE(`freebsd6')dnl FEATURE(`nullclient', `main.host.com')dnl Which will cause all jails to "punt" their mail directly to your main.host.com machine. If you're not sure about which ports are opened by sendmail in the main host or the jails, run the sockstat(1) command. Also, sendmail relies on DNS for everything, so make sure your DNS systems is on par with the various hostnames you use. Otherwise, you'll end up with long boot time and a whole bunch of broken mail problems. Finally, make sure you upgrade sendmail to version 8.13.6 because previous versions contain a vulnerability. Install port mail/sendmail. (this is my sendmail configuration in make.conf) sudo vi /etc/make.conf NO_SENDMAIL= true SENDMAIL_CF_DIR=/usr/local/share/sendmail/cf .if ${.CURDIR:M*/mail/sendmail} SENDMAIL_WITHOUT_IPV6=yes \ SENDMAIL_WITHOUT_NIS=yes \ SENDMAIL_WITH_TLS=yes \ SENDMAIL_WITH_SMTPS=yes \ SENDMAIL_WITH_SASL=yes \ SENDMAIL_WITH_SASL2=yes \ SENDMAIL_WITH_LDAP=yes \ SENDMAIL_WITH_BERKELEYDB_VER=42 \ SENDMAIL_WITH_SOCKETMAP=yes \ # SENDMAIL_WITH_CYRUSLOOKUP=no \ SENDMAIL_WITH_PICKY_HELO_CHECK=yes \ SENDMAIL_WITH_SHARED_MILTER=yes .endif cd /usr/ports/mail/sendmail sudo make install sudo make mailer.conf sudo make clean Check if you're using the right one: sendmail -bt -d0.1 < /dev/null Let me know if you need more assistance. Of course, YMMV. Cheers, David -- David Robillard UNIX systems admin, CISSP ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail and Jails
From: Anish Mistry <[EMAIL PROTECTED]> To: freebsd-questions@freebsd.org CC: Jack Stone <[EMAIL PROTECTED]> Subject: Re: Sendmail and Jails Date: Sat, 25 Mar 2006 19:32:01 -0500 On Saturday 25 March 2006 18:42, Jack Stone wrote: > I have been setting up jails on various production servers on > FBSD-6.0 & 4.11. > > I was wondering how/where to configure & avoid the port conficts > for sendmail as follows: > > - main host - all sendmail services in & out (or at least out) > - jail - just outgoing services > > I gather I will need to configure one or the other on a non-std > port as both will try to grab the same ports: 25 & 587 > > Any tips appreciated. It is generally easier to not have anything running in the host environment and just setup all your services in the jails. So instead of running that other sendmail in your host environment run it in a jail or only have it bind to a specific IP. -- Anish Mistry Thanks for the reply. I finally found the info I need in the README file for sendmail. Some clear examples about switching the ports which works for me as I cannot turn off the main host sendmail. Sorry, I hadn't found it earlier Jack _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Sendmail and Jails
On Saturday 25 March 2006 18:42, Jack Stone wrote: > I have been setting up jails on various production servers on > FBSD-6.0 & 4.11. > > I was wondering how/where to configure & avoid the port conficts > for sendmail as follows: > > - main host - all sendmail services in & out (or at least out) > - jail - just outgoing services > > I gather I will need to configure one or the other on a non-std > port as both will try to grab the same ports: 25 & 587 > > Any tips appreciated. It is generally easier to not have anything running in the host environment and just setup all your services in the jails. So instead of running that other sendmail in your host environment run it in a jail or only have it bind to a specific IP. -- Anish Mistry pgpVdAJbIjIGL.pgp Description: PGP signature
Sendmail and Jails
I have been setting up jails on various production servers on FBSD-6.0 & 4.11. I was wondering how/where to configure & avoid the port conficts for sendmail as follows: - main host - all sendmail services in & out (or at least out) - jail - just outgoing services I gather I will need to configure one or the other on a non-std port as both will try to grab the same ports: 25 & 587 Any tips appreciated. Regards, Jack _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"