how do I see security logs without turning on sendmail?
Lane
lane at joeandlane.com
Wed Dec 13 20:49:08 PST 2006
Tuareg,
I can't find the name of the quy who straightened me out on the fuction of
squid, but kudo's to him.
Clearly squid is not the culprit.
But I've done some eyeballing on /usr/sbin/periodic, and I think maybe it is
the culprit.
First lets have a look at your /etc/crontab file. Specifically we are
interested in the lines which contain the term "periodic"
If these lines include parameters, which are passed to /usr/sbin/periodic,
then they may be the reason for your periodic emails being sent WITHOUT
sendmail being enabled by the normal boot process.
Take a look at /usr/sbin/periodic. Note that it uses values
in /etc/defaults/periodic.conf as well as any override variables
in /etc/rc.conf. It could also be overridden in other ways such as by
defining the value "source_periodic_confs_defined" and "periodic_conf_files"
but this should have already showed up in /etc/rc.conf.
While you are examining /usr/sbin/periodic, look for the term "output"
In my copy of that script there is a comment that looks like:
#Where's our output going?
Then there is a "case" block:
case "$output" in
/*) pipe="cat >>$output";;
"") pipe=cat;;
*) pipe="mail -s '$host ${arg##*/} run output' $output";;
esac
If your predecessor had modified this script or, perhaps overridden it
using /etc/defaults/periodic.conf, then he may have either changed the *)
default case, or supplied parameters from /etc/crontab
(or /etc/defaults/periodic.conf) which could invoke sendmail directly. If he
used override variables, then he would probably also have added a case for )
pipe="sendmail -<arg1> <arg2> <argn>"
This would account for sendmail being completely disabled in /etc/rc.conf AND
for the messages being sent out via sendmail. However, as I read it, the
behaviour you have reported would only occur if /usr/sbin/periodic was
actually modified, as the use of the "$output" variables does NOT seem to
allow for invocation of sendmail directly. And I don't believe that "mail"
can force invocation of sendmail (although I may be wrong, as the man page
does imply that mail will use any means available to get the message out).
If this is the case (i.e. if "mail" is invoking sendmail directly) you could
check it by trying to send mail from the command line on one of the servers
that actually does what you want it to do. If it works, and if there are NO
modifications to /usr/sbin/periodic or override defaults
in /etc/defaults/periodic.conf, then it will be safe to assume that
this "feature" has been properly quashed in 6.x. You would then need to
follow the procedures for setting up sendmail for outgoing-only, as many have
already recommended.
In any case, the behaviour you desire would only work properly by making the
appropriate changes to /etc/mail/<hostname|freebsd>.mc, (i.e. SMART_HOST
and/or HUB settings), and then running "make install" in /etc/mail. (And this
is always going to be the case where sendmail is concerned)
I hope this information leads you to a resolution, as it has been a great
learning experience for me ... but my brain hurts :)
lane
More information about the freebsd-questions
mailing list