how do I see security logs without turning on sendmail? (Minor
correction ...)
Lane
lane at joeandlane.com
Wed Dec 13 11:40:03 PST 2006
On Wednesday 13 December 2006 13:33, Lane wrote:
> Tuareg
> ...
> follow
> to
> difficult
> it
> find
> I
> as
> post
> top
> don't
> please
>
> ... to say it another way ...
>
> please
> don't
> top
> post,
> as
> I
> find
> it
> difficult
> to
> follow ...
>
> On Wednesday 13 December 2006 13:12, Tuareg wrote:
> > Hi Lane,
> >
> > We have tried that too..
> >
> > We have the same rules that in the other servers where we can send e-mail
> > without launching sendmail as daemon.
> >
> > Anyway we have tried disabling all the rules with: ipfw -f -q flush
> >
> > And listing the rules:
> >
> > 65535 87358 61876 allow ip from any to any
> >
> >
> > mail -v root at localhost
> > Subject: test
> > test.
> > .
> > EOT
> > root at localhost... Connecting to localhost.my.domain. via relay...
> > root at localhost... Deferred: Operation timed out with localhost.my.domain.
> >
> > mail -v user at other.domain.com
> > Subject: test
> > test
> > .
> > EOT
> > user at other.domain.com... Connecting to localhost.my.domain. via relay...
> > user at other.domain.com... Deferred: Operation timed out with
> > localhost.my.domain.
> >
> >
> > Also searched about sendmail in the BSD FAQ, Handbook, if we should
> > change some file in /etc/mail, but (maybe should look again?) didn't find
> > anything about which file should we modify, let's say.. submit.mc?
> > freebsd.submit.mc?
> >
> > Suggestions?
> >
> > Thank you for your help.
> >
> > On 12/8/06, Lane <lane at joeandlane.com> wrote:
> > > On Friday 08 December 2006 11:16, Tuareg wrote:
> > > > On 12/5/06, Lane <lane at joeandlane.com> wrote:
> > > > > On Tuesday 05 December 2006 21:49, Wasp King wrote:
> > > > > > is there a way that one can specify a log place to see
> > > > > > daily logs like you receive from root at localhost, when
> > > > > > sendmail is turned on?
> > > > > >
> > > > > > there must be a way to enable only local mail
> > > > > > delivery...but I am not sure how..
> > > > > >
> > > > > > would like to shut down sendmail but want to see
> > > > > > security logs.
> > > > > >
> > > > > > thanks.
> > > > > >
> > > > > > Zach
> > > > > > using FreeBSD 4.2 and sendmail 8.x (maybe).
> > >
> > > _______________________________________________________________________
> > >__
> > >
> > > > >__ IIRC, sendmail has three controlling values in /etc/rc.conf:
> > > > >
> > > > > sendmail_enable="YES"
> > > > > sendmail_enable="NO"
> > > > > and
> > > > > sendmail_enable="NONE"
> > > > >
> > > > > The third value, "NONE," causes the boot process to ignore any
> > > > > attempt
> > >
> > > to
> > >
> > > > > start sendmail.
> > > > >
> > > > > The second value, "NO," causes the boot process to start sendmail
> > > > > for "local
> > > > > delivery, only" (i.e. do NOT accept inbound connections from
> > > > > external hosts).
> > > > >
> > > > > The first value, "YES," causes the boot process to start sendmail
> > > > > for outgoing
> > > > > and incoming SMTP connections.
> > > > >
> > > > > There are many "tweaks" that you can use in /etc/rc.conf - (refer
> > > > > to /etc/defaults/rc.conf) - that will allow various flavors of
> > >
> > > sendmail
> > >
> > > > > usage. See also, /etc/rc.sendmail.
> > > > >
> > > > > In your case sendmail_enable="NO" should allow the local system to
> > > > > send "periodic" information to root at localhost, or whatever alias
> > > > > you
> > >
> > > use
> > >
> > > > > in /etc/mail/aliases, while disallowing external hosts from sending
> > >
> > > email
> > >
> > > > > by
> > > > > way of the local host. Note that this requires that you pay heed
> > > > > to /etc/mail/Makefile and associated README documentation
> > > > > in /usr/src/contrib/sendmail and below.
> > > > >
> > > > > Best of luck!
> > > > >
> > > > >
> > > > > lane
> > > >
> > > > Hi... Where I'm working, have many servers with FreeBSD 4.x and 5.x,
> > >
> > > this
> > >
> > > > servers are enable to send mail but the daemon of sendmail is not
> > >
> > > launched.
> > >
> > > > Now, we have installed FreeBSD 6.1 STABLE, but can't reply this
> > > > schema.
> > > >
> > > > Which file needs to be modified in /etc/mail to allow the server to
> > > > send emails to our real mailserver so we can receive the results of
> > > > some
> > >
> > > scripts
> > >
> > > > without launching the daemon of sendmail?
> > > >
> > > > We have tried using sendmail="NO", in rc.conf, but we only get this
> > > > messages:
> > > >
> > > > user at mydomain.com... Connecting to [127.0.0.1] via relay...
> > > > user at mydomain.com... Deferred: Permission denied
> > > >
> > > > Thank you for your help in advance.
> > > > _______________________________________________
> > > > freebsd-questions at freebsd.org mailing list
> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > > To unsubscribe, send any mail to
> > > > "freebsd-questions-unsubscribe at freebsd.org"
> > >
> > > Tuareg,
> > >
> > > Your problem is likely related to ipfw, or "firewall_type",
> > > "firewall_enable"
> > > in /etc/rc.conf.
> > >
> > > The "permission denied" error implies that your firewall ruleset is
> > > preventing
> > > the outgoing connection. Try:
> > >
> > > ipfw show
> > >
> > > to see your current firewall rules.
> > >
> > > Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get
> > > some more
> > > information on the firewall issues.
> > >
> > > When you've gotten that resolved you should have enough information to
> > > get sendmail working the way you want.
> > >
> > > lane
> > > _______________________________________________
> > > freebsd-questions at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to "
> > > freebsd-questions-unsubscribe at freebsd.org"
>
> Tuareg,
>
> What happens when you do this:
>
> telnet localhost
Of course I mean:
telnet locahost 25
:)
>
> Does the connection time out? Or do you get a sendmail prompt?
>
> I'm sort of mixed up on the order of the posts, here. But let me see if I
> can rephrase the problem .... and then possibly help you find a solution
> ...
>
> It seems to me that the problem is that you cannot determine how to make
> FreeBSD 6.x do like other hosts under your influence, so that it will send
> email from root at localhost to another (possibly a hub) server? Is that
> correct?
>
>
> First I assume that these other FreeBSD installations are also using
> sendmail. If that is NOT correct then your best hope is to replicate your
> mta configuration from those other hosts. In fact that might not be a bad
> idea regardless of what they are running :)
>
> But again, assuming you want to run sendmail and ONLY allow the localhost
> to transmit out to another host for collection and/or distribution, enter
> this value into /etc/rc.conf:
>
> sendmail_enable="NO"
>
> Now edit /etc/mail/freebsd.mc. Locate the term "SMART_HOST," uncomment
> that line, and enter the IP address or fully qualified domain name of your
> upstream server in place of 'your.isp.mail.server'
>
> Note: If 'your.isp.mail.server' is NOT resolvable on the localhost, then
> you must use the IP address. When you use the IP address, you must put it
> in [square brackets], like [192.168.2.1].
>
> Now from /etc/mail, type
>
> make all install
>
> then shutdown and restart the server using your method of choice, or just
> type
>
> /etc/rc.d/sendmail restart
>
> And try to send email again. All should work now.
>
> But you must remember to configure the TARGET mail server to allow this
> host to send. I'll leave that as an exercise for you.
>
> lane
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list