Sendmail ignores hosts.allow

Maxim Khitrov mkhitrov at gmail.com
Tue May 22 00:44:50 UTC 2007 

On 5/21/07, doug <doug at fledge.watson.org> wrote:
> sendmail_enable="NO" means there is no sendmail daemon running. You can verify
> this via "ps -aux | grep sendmail". Remove that statement. Without a reboot you
> can start sendmail by cd /etc/mail;   make start.
>
> Unless you have changed the freebsd.mc file and done a 'make install' I do not
> believe sendmail will accept from any connections except except on 127.0.0.1
> (localhost). This is what you want I think. If that's it as others have said,
> there is no reason to use the hosts.allow mechanism. This is independent of the
> jail environment.
>
>    sockstat|grep sendmail
>
> and you can see whats going on.
>

Not the case for me, having sendmail_enable="NO" and not having it in
rc.conf results in the same behavior. Here's sendmail rcvar output:

Without sendmail_enable in rc.conf:
# sendmail
$sendmail_enable=NO
# sendmail_submit
$sendmail_submit_enable=YES
# sendmail_clientmqueue
$sendmail_msp_queue_enable=YES

With sendmail_enable="NO":
# sendmail
$sendmail_enable=NO
# sendmail_submit
$sendmail_submit_enable=YES
# sendmail_clientmqueue
$sendmail_msp_queue_enable=YES

With sendmail_enable="NONE":
# sendmail
$sendmail_enable=NO
# sendmail_clientmqueue
$sendmail_msp_queue_enable=NO

So the first two are identical (I don't see why they wouldn't be). As
for the sendmail daemon, here's what grep tells me after the server is
started:

root at vps [/]# ps -aux | grep sendmail
smmsp 16473  0.0  0.1  3384  2276  ??  IsJ   4:47PM   0:00.00
sendmail: Queue runner at 00:30:00 for /var/spool/clientmqueue (sendmail
root  20951  0.0  0.1  3484  2480  ??  SsJ   5:37PM   0:00.00
sendmail: accepting connections (sendmail)
root  21303  0.0  0.0  1592   912  pn  S+J   5:37PM   0:00.00 grep sendmail

And here's sockstat output:

root at vps [/]# sockstat -l4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     sendmail   20951 4  tcp4   <ip>:25       *:*
root     syslogd    45182 6  udp4   <ip>:514      *:*
root     sshd       60371 3  tcp4   <ip>:22       *:*

As you can see, sendmail is happily listening for all incoming
connections with the "NO" setting. If it would only listen on
localhost, then that would be the end of my problems. However,
remember that the jail environment doesn't have localhost. In other
words 127.0.0.1 does not refer to the jail. Loopback for me is the
server's wan ip (hey that rhymes :), which is why I think that not
having 127.0.0.1 may be confusing to sendmail.

- Max

More information about the freebsd-questions mailing list