sendmail on 127.0.0.1 only
i want to configure sendmail on slackware 10.0 to only listen on the loopback address. right now, netstat -lpn returns (among other things):
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1352/sendmail: acce
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1352/sendmail: acce
i need senmail to listen on port 25 locally, but it shouldn't receive mail from outside. normally i install qmail, but this is my friend's box and he doesn't want it.
i have never understood sendmail. i've managed mail servers for 6 years, but have never used it. sendmail just makes no sense... i've done some searching on the web, but nothing i've found seems to work, such as putting DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') in sendmail-slackware.mc and recompiling.
almost everything i found on google related to your question pretty much sounds like this:
(from http://www.deer-run.com/~hal/sysadmin/sendmail2.html )
maybe it's not a sendmail issue???
i'm not sure... anyways, i just wanted to contribute my two cents...
Since I have no experience of mail servers and you clearly have waaaay more than me :), do you think you can explain this to me?
If you disable external listening of port 25, doesn't that mean people can't e-mail you?
If I mailed your address, wouldn't I look up your domain, then connect to your port 25, which would then e-mail it to you? Or have I got something wrong :)?
Like I said, I am completely new to this sort of thing and have done very little research, I always thought you had to allow external clients to connect to port 25 but only allow them to e-mail your domain?
If you can explain that to me, that'd be great :)
Your best solution would be to block outside traffic to your port 25 using iptables.
Even if you need customized access (in the future), iptables should be the "gatekeeper".
I did this. It was a while back so I hope I get it right.
I suspect that you are already firewalled, but want to clean up at the source, not just rely on the 'gatekeeper'?
The critical file in all this is /etc/mail/sendmail.cf but you cannot modify this file directly, you have to use m4, so make sure m4 is installed, it is currently m4-1.4.1-i486-1.
sendmail-slackware.mc will be the template which is copied to config.mc which in turn is compiled to generate a new /etc/mail/sendmail.cf!
back up /usr/share/sendmail/cf/cf/sendmail-slackware.mc
then edit it:
dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
VERSIONID(`default setup for Slackware Linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl# No timeout for ident:
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
dnl# Toby starts here
dnl Don't create a default MSA configuration
dnl Limit the MSA to the loopback address
DAEMON_OPTIONS(`Name=MSA, Port=587, Addr=127.0.0.1, M=E')dnl
dnl Limit the MTA to the 127.0.0.1 interface
dnl#Toby ends here
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl# Also accept mail for localhost.localdomain:
see the new lines between dnl# Toby starts here - dnl#Toby ends here ??
now if you want you can keep an eye out for errors, open up a console and type
tail -f /var/log/maillog
cp sendmail-slackware.mc config.mc
m4 /usr/share/sendmail/cf/m4/cf.m4 config.mc > /etc/mail/sendmail.cf
restart Sendmail with the command:
if that went ok, you can do some checks:
root@darkstar:~# netstat -an | grep :25 | grep tcp
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
root@darkstar:~# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhcpcd 835 root 4u IPv4 2374 UDP *:bootpc
cupsd 2399 root 0u IPv4 4391 TCP localhost:631 (LISTEN)
sendmail 2416 root 3u IPv4 4406 TCP localhost:submission (LISTEN)
sendmail 2416 root 5u IPv4 4407 TCP localhost:smtp (LISTEN)
privoxy 2489 privoxy 3u IPv4 4619 TCP localhost:8118 (LISTEN)
privoxy 2677 privoxy 3u IPv4 4619 TCP localhost:8118 (LISTEN)
as you can see I did a similar mod to cups :-)
|All times are GMT -5. The time now is 09:35 PM.|