Sendmail IP interface assignment -- how to?

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Oct 3 22:55:59 PDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Rob wrote:
> Hi All,
> 
> Working on standard sendmail 8.13.8 on FreeBSD 6.2.  Machine has a 2nd
> NIC that I want to use for a jail environment, so I'm trying to get rid
> of all the extraneous servers listening on it.
> 
> Sendmail was of course listening on the smtp and submission ports on all
> interfaces.  I tracked down the sendmail option DaemonPortOptions to
> configure this.
> 
> In the STANDARD sendmail.cf file there was:
>    O DaemonPortOptions=Name=MTA
>    O DaemonPortOptions=Port=587, Name=MSA, M=E
> 
> So I edited the .mc macro to add:
>    DAEMON_OPTIONS(`Addr=127.0.0.1,Port=smtp,Name=MTA')
>    DAEMON_OPTIONS(`Addr=172.23.23.10,Port=smtp,Name=MTA')
> 
> Which built sendmail.cf with:
>    O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA
>    O DaemonPortOptions=Addr=172.23.23.10,Port=smtp,Name=MTA
>    O DaemonPortOptions=Port=587, Name=MSA, M=E
> 
> That closed port 25 on the extra NIC, but netstat still shows "tcp4
> *.submission LISTEN".  I definitely need to close port 587 in the 2nd
> NIC, but I was wondering about "best practices" for this.  Shouldn't the
> submission thing ONLY be on the localhost IP?  I'm thinking I can use:
>    DAEMON_OPTIONS(`Addr=127.0.0.1,Port=587,Name=MSA,M=E')
> 
> Am I going in the right direction here?  It looks like I've turned off
> smtp as intended, but wondering if I'm doing the right thing with
> restricting submission.  Any other suggestions on configuring this? 
> (other than "don't use sendmail")  This is on a live server, so I don't
> want to hose things up too much experimenting!

You also need:

FEATURE(no_default_msa)

otherwise, you're definitely heading in the right direction.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHBIBo8Mjk52CukIwRCMqsAJ9koqDKX8+yEo4PlgkpnkMomBzP1QCfZWL4
oMPDP3aRNnQ5IsKd0v7F3tc=
=SqaV
-----END PGP SIGNATURE-----

More information about the freebsd-questions mailing list