Disabling inbound email in a jail

Mikhail Goriachev mikhailg at webanoide.org
Fri Feb 27 10:55:12 PST 2009 

Kirk Strauser wrote:
> I only want sendmail in a jail to do one thing: forward nightly reports from root at localhost to a real account on another 
> machine.  What's the proper way to configure this?


Edit /etc/mail/aliases. All reports are pointed to root. But you can
point it anywhere you want:

root: someaccount at example.org

After that execute:

# newaliases

and you're done. No sendmail_enable is required or whatsoever in the
/etc/rc.conf.


  By default, sendmail_enable="NO" in /etc/rc.conf still gives a
> running sendmail that accepts mail from other hosts:
> 
> me at realhost$ echo foo | mail me at jail.example.com

This shouldn't have worked. By default you should've received
"stat=Deferred: Connection refused by jail.example.com". This is the
case if you're sending from a physically different machine to another
machine's jail.

By default sendmail listens only on localhost and doesn't accept outside
connections. It is only used for internal submission, such as daily reports.

If you're sending from a host to its jail, then this is another story.
In most cases you'll get some unexpected results.


> me at jail.example.com$ tail -f /var/log/maillog
> Feb 27 09:43:37 jail.example.com sm-mta[86832]: n1RFhbBp086832: from=<me at realhost>, size=735, class=0, 
> nrcpts=1, msgid=<20090227154335.877A442071 at realhost>, bodytype=7BIT, proto=ESMTP, daemon=Daemon0, 
> relay=jail.example.com [10.0.5.70]
> Feb 27 09:43:37 jail.example.com sm-mta[86833]: n1RFhbBp086832: to=<me at jail.example.com>, delay=00:00:00, 
> xdelay=00:00:00, mailer=local, pri=30983, relay=local, dsn=2.0.0, stat=Sent
> 
> However, if I set sendmail_enable="NONE", then I can't send outbound email either:
> 
> me at jail.example.com$ echo foo | mail me at realhost
> me at jail.example.com$ tail -f /var/log/maillog
> Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: from=me, size=28, class=0, nrcpts=1, 
> msgid=<200902271537.n1RFbbg3086513 at jail.example.com>, relay=me at localhost
> Feb 27 09:37:37 jail.example.com sendmail[86513]: n1RFbbg3086513: to=me at realhost, ctladdr=me (1001/1001), 
> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, 
> stat=Deferred: Connection refused by [127.0.0.1]
> 
> What's the happy medium between "sendmail wide open" (eg sendmail_enable="NO" (WTF?)) and "disabled mail 
> system" (eg sendmail_enable="NONE")?

sendmail_enable="YES" accepts outside and local connections
sendmail_enable="NO" (the default) accepts local connections only
sendmail_enable="NONE" doesn't start the daemon, sendmail is off

Have a look at /etc/rc.d/sendmail for further hints.



Regards,
Mikhail

More information about the freebsd-questions mailing list