how do I see security logs without turning on sendmail?

Lane lane at joeandlane.com
Wed Dec 13 11:30:53 PST 2006 

Tuareg
...
follow
to
difficult
it
find
I
as
post
top
don't
please

... to say it another way ...

please 
don't 
top 
post, 
as 
I 
find 
it 
difficult 
to 
follow ...

On Wednesday 13 December 2006 13:12, Tuareg wrote:
> Hi Lane,
>
> We have tried that too..
>
> We have the same rules that in the other servers where we can send e-mail
> without launching sendmail as daemon.
>
> Anyway we have tried disabling all the rules with: ipfw -f -q flush
>
> And listing the rules:
>
> 65535 87358 61876 allow ip from any to any
>
>
> mail -v root at localhost
> Subject: test
> test.
> .
> EOT
> root at localhost... Connecting to localhost.my.domain. via relay...
> root at localhost... Deferred: Operation timed out with localhost.my.domain.
>
> mail -v user at other.domain.com
> Subject: test
> test
> .
> EOT
> user at other.domain.com... Connecting to localhost.my.domain. via relay...
> user at other.domain.com... Deferred: Operation timed out with
> localhost.my.domain.
>
>
> Also searched about sendmail in the BSD FAQ, Handbook, if we should change
> some file in /etc/mail, but (maybe should look again?) didn't find anything
> about which file should we modify, let's say.. submit.mc?
> freebsd.submit.mc?
>
> Suggestions?
>
> Thank you for your help.
>
> On 12/8/06, Lane <lane at joeandlane.com> wrote:
> > On Friday 08 December 2006 11:16, Tuareg wrote:
> > > On 12/5/06, Lane <lane at joeandlane.com> wrote:
> > > > On Tuesday 05 December 2006 21:49, Wasp King wrote:
> > > > > is there a way that one can specify a log place to see
> > > > > daily logs like you receive from root at localhost, when
> > > > > sendmail is turned on?
> > > > >
> > > > > there must be a way to enable only local mail
> > > > > delivery...but I am not sure how..
> > > > >
> > > > > would like to shut down sendmail but want to see
> > > > > security logs.
> > > > >
> > > > > thanks.
> > > > >
> > > > > Zach
> > > > > using FreeBSD 4.2 and sendmail 8.x (maybe).
> >
> > _________________________________________________________________________
> >
> > > >__ IIRC, sendmail has three controlling values in /etc/rc.conf:
> > > >
> > > > sendmail_enable="YES"
> > > > sendmail_enable="NO"
> > > > and
> > > > sendmail_enable="NONE"
> > > >
> > > > The third value, "NONE," causes the boot process to ignore any
> > > > attempt
> >
> > to
> >
> > > > start sendmail.
> > > >
> > > > The second value, "NO," causes the boot process to start sendmail for
> > > > "local
> > > > delivery, only" (i.e. do NOT accept inbound connections from external
> > > > hosts).
> > > >
> > > > The first value, "YES," causes the boot process to start sendmail for
> > > > outgoing
> > > > and incoming SMTP connections.
> > > >
> > > > There are many "tweaks" that you can use in /etc/rc.conf - (refer
> > > > to /etc/defaults/rc.conf) - that will allow various flavors of
> >
> > sendmail
> >
> > > > usage.  See also, /etc/rc.sendmail.
> > > >
> > > > In your case sendmail_enable="NO" should allow the local system to
> > > > send "periodic" information to root at localhost, or whatever alias you
> >
> > use
> >
> > > > in /etc/mail/aliases, while disallowing external hosts from sending
> >
> > email
> >
> > > > by
> > > > way of the local host.  Note that this requires that you pay heed
> > > > to /etc/mail/Makefile and associated README documentation
> > > > in /usr/src/contrib/sendmail and below.
> > > >
> > > > Best of luck!
> > > >
> > > >
> > > > lane
> > >
> > > Hi...  Where I'm working, have many servers with FreeBSD 4.x and 5.x,
> >
> > this
> >
> > > servers are enable to send mail but the daemon of sendmail is not
> >
> > launched.
> >
> > > Now, we have installed FreeBSD 6.1 STABLE, but can't reply this schema.
> > >
> > > Which file needs to be modified in /etc/mail to allow the server to
> > > send emails to our real mailserver so we can receive the results of
> > > some
> >
> > scripts
> >
> > > without launching the daemon of sendmail?
> > >
> > > We have tried using sendmail="NO", in rc.conf, but we only get this
> > > messages:
> > >
> > > user at mydomain.com... Connecting to [127.0.0.1] via relay...
> > > user at mydomain.com... Deferred: Permission denied
> > >
> > > Thank you for your help in advance.
> > > _______________________________________________
> > > freebsd-questions at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to
> > > "freebsd-questions-unsubscribe at freebsd.org"
> >
> > Tuareg,
> >
> > Your problem is likely related to ipfw, or "firewall_type",
> > "firewall_enable"
> > in /etc/rc.conf.
> >
> > The "permission denied" error implies that your firewall ruleset is
> > preventing
> > the outgoing connection.  Try:
> >
> > ipfw show
> >
> > to see your current firewall rules.
> >
> > Also read through /etc/rc.firewall and /etc/defaults/rc.conf to get some
> > more
> > information on the firewall issues.
> >
> > When you've gotten that resolved you should have enough information to
> > get sendmail working the way you want.
> >
> > lane
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> > freebsd-questions-unsubscribe at freebsd.org"

Tuareg,

What happens when you do this:

telnet localhost

Does the connection time out?  Or do you get a sendmail prompt?

I'm sort of mixed up on the order of the posts, here.  But let me see if I can 
rephrase the problem .... and then possibly help you find a solution ...

It seems to me that the problem is that you cannot determine how to make 
FreeBSD 6.x do like other hosts under your influence, so that it will send 
email from root at localhost to another (possibly a hub) server?  Is that 
correct?


First I assume that these other FreeBSD installations are also using sendmail.  
If that is NOT correct then your best hope is to replicate your mta 
configuration from those other hosts.  In fact that might not be a bad idea 
regardless of what they are running :)

But again, assuming you want to run sendmail and ONLY allow the localhost to 
transmit out to another host for collection and/or distribution, enter this 
value into /etc/rc.conf:

sendmail_enable="NO"

Now edit /etc/mail/freebsd.mc.  Locate the term "SMART_HOST," uncomment that 
line, and enter the IP address or fully qualified domain name of your 
upstream server in place of 'your.isp.mail.server'

Note:  If 'your.isp.mail.server' is NOT resolvable on the localhost, then you 
must use the IP address.  When you use the IP address, you must put it in 
[square brackets], like [192.168.2.1].

Now from /etc/mail, type

make all install

then shutdown and restart the server using your method of choice, or just type

/etc/rc.d/sendmail restart

And try to send email again.  All should work now.

But you must remember to configure the TARGET mail server to allow this host 
to send.  I'll leave that as an exercise for you.

lane

More information about the freebsd-questions mailing list