Mails from jails

Alexander Leidinger Alexander at
Fri Jul 27 06:45:50 UTC 2007

Quoting Ernst de Haan <znerd at> (from Thu, 26 Jul 2007  
23:15:20 +0200):

> I want to restrict my jail sandboxes to sending mail only. Could anyone
> give me some advice? This is for a web-/applicationserver that needs to
> be able to send mail, but should never be running any mail service on
> external network interfaces.
> My preference is a minimalistic approach; I was thinking of creating
> one specialized sandbox that only provides mail sending functionality
> for the other sandboxes:
> - make it listen for SMTP connections on the loopback device
>   (e.g., only allowing incoming connections from
>   the other sandboxes (;
> - forward the mail to a 'real' SMTP server using mail/ssmtp,
>   via a secure (SSL) connection, with authentication;
> Does anyone have experience with such an approach? If so, what would
> you use for the SMTP forwarding? Any advice?

In my jails at home I configured sendmail with a smarthost  
(respectively a msp for the and use
in rc.conf.

My smarthost is postfix in another jail and it delivers via TLS+sasl  
to a box with an official and static IP which is responsible for the  
final delivery.


Fact is solidified opinion.    Alexander @ PGP ID = B0063FE7       netchild @  : PGP ID = 72077137

More information about the freebsd-jail mailing list