Mails from jails
Ernst de Haan
znerd at FreeBSD.org
Thu Jul 26 21:46:10 UTC 2007
I want to restrict my jail sandboxes to sending mail only. Could
anyone give me some advice? This is for a web-/applicationserver that
needs to be able to send mail, but should never be running any mail
service on external network interfaces.
My preference is a minimalistic approach; I was thinking of creating
one specialized sandbox that only provides mail sending functionality
for the other sandboxes:
- make it listen for SMTP connections on the loopback device
(e.g. 127.0.0.5), only allowing incoming connections from
the other sandboxes (127.0.0.255);
- forward the mail to a 'real' SMTP server using mail/ssmtp,
via a secure (SSL) connection, with authentication;
Does anyone have experience with such an approach? If so, what would
you use for the SMTP forwarding? Any advice?
Cheers,
Ernst
More information about the freebsd-jail
mailing list