Sendmail ignores hosts.allow
Mikhail Goriachev
mikhailg at webanoide.org
Tue May 22 01:13:01 UTC 2007
Maxim Khitrov wrote:
> On 5/21/07, doug <doug at fledge.watson.org> wrote:
>> sendmail_enable="NO" means there is no sendmail daemon running. You can verify
>> this via "ps -aux | grep sendmail". Remove that statement. Without a reboot you
>> can start sendmail by cd /etc/mail; make start.
>>
>> Unless you have changed the freebsd.mc file and done a 'make install' I do not
>> believe sendmail will accept from any connections except except on 127.0.0.1
>> (localhost). This is what you want I think. If that's it as others have said,
>> there is no reason to use the hosts.allow mechanism. This is independent of the
>> jail environment.
>>
>> sockstat|grep sendmail
>>
>> and you can see whats going on.
>>
>
> Not the case for me, having sendmail_enable="NO" and not having it in
> rc.conf results in the same behavior. Here's sendmail rcvar output:
Same behaviour because sendmail_enable="NO" is already present in
/etc/defaults/rc.conf so putting in /etc/rc.conf or removing it from
there is the same thing.
> Without sendmail_enable in rc.conf:
> # sendmail
> $sendmail_enable=NO
> # sendmail_submit
> $sendmail_submit_enable=YES
> # sendmail_clientmqueue
> $sendmail_msp_queue_enable=YES
>
> With sendmail_enable="NO":
> # sendmail
> $sendmail_enable=NO
> # sendmail_submit
> $sendmail_submit_enable=YES
> # sendmail_clientmqueue
> $sendmail_msp_queue_enable=YES
>
> With sendmail_enable="NONE":
> # sendmail
> $sendmail_enable=NO
> # sendmail_clientmqueue
> $sendmail_msp_queue_enable=NO
>
> So the first two are identical (I don't see why they wouldn't be). As
> for the sendmail daemon, here's what grep tells me after the server is
> started:
>
> root at vps [/]# ps -aux | grep sendmail
> smmsp 16473 0.0 0.1 3384 2276 ?? IsJ 4:47PM 0:00.00
> sendmail: Queue runner at 00:30:00 for /var/spool/clientmqueue (sendmail
> root 20951 0.0 0.1 3484 2480 ?? SsJ 5:37PM 0:00.00
> sendmail: accepting connections (sendmail)
> root 21303 0.0 0.0 1592 912 pn S+J 5:37PM 0:00.00 grep sendmail
>
> And here's sockstat output:
>
> root at vps [/]# sockstat -l4
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> root sendmail 20951 4 tcp4 <ip>:25 *:*
> root syslogd 45182 6 udp4 <ip>:514 *:*
> root sshd 60371 3 tcp4 <ip>:22 *:*
>
> As you can see, sendmail is happily listening for all incoming
> connections with the "NO" setting. If it would only listen on
> localhost, then that would be the end of my problems. However,
> remember that the jail environment doesn't have localhost. In other
> words 127.0.0.1 does not refer to the jail. Loopback for me is the
> server's wan ip (hey that rhymes :), which is why I think that not
> having 127.0.0.1 may be confusing to sendmail.
There you go. You just answered yourself.
--
Mikhail Goriachev
Webanoide
Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: mikhailg at webanoide.org
Web: www.webanoide.org
More information about the freebsd-questions
mailing list