subject:"Sendmail 8.14.5\/8.14.5 on fbsd\-9.1R \(EC2\)"

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

2013-04-27 Thread Matthew Seaman

On 26/04/2013 16:51, jflowers wrote:
 All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have no
 sendmail process listen on the server interface.  That's being done by assp
 which proxies messages to 127.0.0.1:1025.  Unfortunately, I haven't been able
 to figure out how to turn off the default.  Sockstat shows:
 
 root sendmail   1672  4  tcp4   *:25  *:*
 root sendmail   1672  5  tcp6   *:25  *:*
 root sendmail   1672  6  tcp4   127.0.0.1:1025*:*
 root sendmail   1672  7  tcp4   111.222.333.444:587   *:*
 
 The relevant mc entries are:
 
 DAEMON_OPTIONS(`Name=IPv4, Family=inet')
 DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
 DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA')
 VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains')
 FEATURE(`no_default_msa')
 DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E')
 
 The MSA isn't strictly necessary now but I thought might have a future use.
 
 So, what am I missing?  How do I turn *:25 off so that when assp goes down (as
 it frequently does) I'm not running an open relay (all user/domain validation
 is done in assp).
 
 Any pointers in the right direction appreciated.

You pretty much already have the answer already.  Add 'Addr=127.0.0.1'
or 'Addr=::1' clauses to your first two DAEMON_OPTIONS lines.  That will
limit sendmail to listening on port 25 only on the loopback interface.

Or indeed, remove those two lines entirely to leave sendmail only
listening on port 587.  This should not prevent sendmail from sending
outgoing messages, but will prevent any incoming.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.

PGP: http://www.infracaninophile.co.uk/pgpkey
JID: matt...@infracaninophile.co.uk



signature.asc
Description: OpenPGP digital signature

Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

2013-04-27 Thread jflowers

DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA')
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains')
FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E')

Thanks Matthew.  Your second suggestion solved it for me. No default and I
still have sendmail listening on port 1025 so it's just what I wanted.

'Wish I understood everything I know about that.'

--
Jim Flowers jflow...@ezo.net

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

2013-04-27 Thread doug



On Sat, 27 Apr 2013, Matthew Seaman wrote:


On 26/04/2013 16:51, jflowers wrote:

All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have no
sendmail process listen on the server interface.  That's being done by assp
which proxies messages to 127.0.0.1:1025.  Unfortunately, I haven't been able
to figure out how to turn off the default.  Sockstat shows:

root sendmail   1672  4  tcp4   *:25  *:*
root sendmail   1672  5  tcp6   *:25  *:*
root sendmail   1672  6  tcp4   127.0.0.1:1025*:*
root sendmail   1672  7  tcp4   111.222.333.444:587   *:*

The relevant mc entries are:

DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA')
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains')
FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E')

The MSA isn't strictly necessary now but I thought might have a future use.

So, what am I missing?  How do I turn *:25 off so that when assp goes down (as
it frequently does) I'm not running an open relay (all user/domain validation
is done in assp).

Any pointers in the right direction appreciated.


You pretty much already have the answer already.  Add 'Addr=127.0.0.1'
or 'Addr=::1' clauses to your first two DAEMON_OPTIONS lines.  That will
limit sendmail to listening on port 25 only on the loopback interface.

Or indeed, remove those two lines entirely to leave sendmail only
listening on port 587.  This should not prevent sendmail from sending
outgoing messages, but will prevent any incoming.


If sendmail is listening on port 587, it will relay for any valid sender who can 
reach that port.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

2013-04-27 Thread Matthew Seaman

On 27/04/2013 17:43, doug wrote:
 DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E')

 If sendmail is listening on port 587, it will relay for any valid sender
 who can reach that port.

You see where it says 'M=E' in that DAEMON_OPTIONS line?  That should
probably be changed to 'M=Ea' meaning 'require authentication'.  That's
usually the right thing to do for a message submission agent, and the
use of authentication will allow senders to relay through the daemon
without the usual anti-relaying checks.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey




signature.asc
Description: OpenPGP digital signature

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

2013-04-27 Thread Bernt Hansson


2013-04-27 18:43, doug skrev:


If sendmail is listening on port 587, it will relay for any valid sender
who can reach that port.


Only if it is listed in /etc/mail/access file.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

2013-04-26 Thread jflowers

All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have no
sendmail process listen on the server interface.  That's being done by assp
which proxies messages to 127.0.0.1:1025.  Unfortunately, I haven't been able
to figure out how to turn off the default.  Sockstat shows:

root sendmail   1672  4  tcp4   *:25  *:*
root sendmail   1672  5  tcp6   *:25  *:*
root sendmail   1672  6  tcp4   127.0.0.1:1025*:*
root sendmail   1672  7  tcp4   111.222.333.444:587   *:*

The relevant mc entries are:

DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA')
VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains')
FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E')

The MSA isn't strictly necessary now but I thought might have a future use.

So, what am I missing?  How do I turn *:25 off so that when assp goes down (as
it frequently does) I'm not running an open relay (all user/domain validation
is done in assp).

Any pointers in the right direction appreciated.

Thanks


--
Jim Flowers jflow...@ezo.net

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)

6 matches

Site Navigation

Mail list logo

Footer information