Sendmail IP interface assignment -- how to?
Rob
bitabyss at gmail.com
Wed Oct 3 11:04:59 PDT 2007
Hi All,
Working on standard sendmail 8.13.8 on FreeBSD 6.2. Machine has a 2nd NIC that I want to use for a jail environment, so I'm trying to get rid of all the extraneous servers listening on it.
Sendmail was of course listening on the smtp and submission ports on all interfaces. I tracked down the sendmail option DaemonPortOptions to configure this.
In the STANDARD sendmail.cf file there was:
O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
So I edited the .mc macro to add:
DAEMON_OPTIONS(`Addr=127.0.0.1,Port=smtp,Name=MTA')
DAEMON_OPTIONS(`Addr=172.23.23.10,Port=smtp,Name=MTA')
Which built sendmail.cf with:
O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA
O DaemonPortOptions=Addr=172.23.23.10,Port=smtp,Name=MTA
O DaemonPortOptions=Port=587, Name=MSA, M=E
That closed port 25 on the extra NIC, but netstat still shows "tcp4 *.submission LISTEN". I definitely need to close port 587 in the 2nd NIC, but I was wondering about "best practices" for this. Shouldn't the submission thing ONLY be on the localhost IP? I'm thinking I can use:
DAEMON_OPTIONS(`Addr=127.0.0.1,Port=587,Name=MSA,M=E')
Am I going in the right direction here? It looks like I've turned off smtp as intended, but wondering if I'm doing the right thing with restricting submission. Any other suggestions on configuring this? (other than "don't use sendmail") This is on a live server, so I don't want to hose things up too much experimenting!
-Thanks, Rob
More information about the freebsd-questions
mailing list