Sendmail ignores hosts.allow

Mikhail Goriachev mikhailg at webanoide.org
Tue May 22 01:13:01 UTC 2007 

Maxim Khitrov wrote:
> On 5/21/07, doug <doug at fledge.watson.org> wrote:
>> sendmail_enable="NO" means there is no sendmail daemon running. You can verify
>> this via "ps -aux | grep sendmail". Remove that statement. Without a reboot you
>> can start sendmail by cd /etc/mail;   make start.
>>
>> Unless you have changed the freebsd.mc file and done a 'make install' I do not
>> believe sendmail will accept from any connections except except on 127.0.0.1
>> (localhost). This is what you want I think. If that's it as others have said,
>> there is no reason to use the hosts.allow mechanism. This is independent of the
>> jail environment.
>>
>>    sockstat|grep sendmail
>>
>> and you can see whats going on.
>>
> 
> Not the case for me, having sendmail_enable="NO" and not having it in
> rc.conf results in the same behavior. Here's sendmail rcvar output:


Same behaviour because sendmail_enable="NO" is already present in
/etc/defaults/rc.conf so putting in /etc/rc.conf or removing it from
there is the same thing.


> Without sendmail_enable in rc.conf:
> # sendmail
> $sendmail_enable=NO
> # sendmail_submit
> $sendmail_submit_enable=YES
> # sendmail_clientmqueue
> $sendmail_msp_queue_enable=YES
> 
> With sendmail_enable="NO":
> # sendmail
> $sendmail_enable=NO
> # sendmail_submit
> $sendmail_submit_enable=YES
> # sendmail_clientmqueue
> $sendmail_msp_queue_enable=YES
> 
> With sendmail_enable="NONE":
> # sendmail
> $sendmail_enable=NO
> # sendmail_clientmqueue
> $sendmail_msp_queue_enable=NO
> 
> So the first two are identical (I don't see why they wouldn't be). As
> for the sendmail daemon, here's what grep tells me after the server is
> started:
> 
> root at vps [/]# ps -aux | grep sendmail
> smmsp 16473  0.0  0.1  3384  2276  ??  IsJ   4:47PM   0:00.00
> sendmail: Queue runner at 00:30:00 for /var/spool/clientmqueue (sendmail
> root  20951  0.0  0.1  3484  2480  ??  SsJ   5:37PM   0:00.00
> sendmail: accepting connections (sendmail)
> root  21303  0.0  0.0  1592   912  pn  S+J   5:37PM   0:00.00 grep sendmail
> 
> And here's sockstat output:
> 
> root at vps [/]# sockstat -l4
> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
> root     sendmail   20951 4  tcp4   <ip>:25       *:*
> root     syslogd    45182 6  udp4   <ip>:514      *:*
> root     sshd       60371 3  tcp4   <ip>:22       *:*
> 
> As you can see, sendmail is happily listening for all incoming
> connections with the "NO" setting. If it would only listen on
> localhost, then that would be the end of my problems. However,
> remember that the jail environment doesn't have localhost. In other
> words 127.0.0.1 does not refer to the jail. Loopback for me is the
> server's wan ip (hey that rhymes :), which is why I think that not
> having 127.0.0.1 may be confusing to sendmail.


There you go. You just answered yourself.


-- 
Mikhail Goriachev
Webanoide

Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: mikhailg at webanoide.org
Web: www.webanoide.org

More information about the freebsd-questions mailing list