LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   sendmail on 127.0.0.1 only (http://www.linuxquestions.org/questions/slackware-14/sendmail-on-127-0-0-1-only-203386/)

whysyn 07-10-2004 10:16 AM

sendmail on 127.0.0.1 only
 
hello all!

i want to configure sendmail on slackware 10.0 to only listen on the loopback address. right now, netstat -lpn returns (among other things):

tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1352/sendmail: acce
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1352/sendmail: acce

i need senmail to listen on port 25 locally, but it shouldn't receive mail from outside. normally i install qmail, but this is my friend's box and he doesn't want it.

i have never understood sendmail. i've managed mail servers for 6 years, but have never used it. sendmail just makes no sense... i've done some searching on the web, but nothing i've found seems to work, such as putting DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') in sendmail-slackware.mc and recompiling.

thanks!

-eric

win32sux 07-11-2004 01:39 AM

almost everything i found on google related to your question pretty much sounds like this:

(from http://www.deer-run.com/~hal/sysadmin/sendmail2.html )

Quote:

The way to configure Sendmail to listen on a specific address and port number is with the DaemonPortOptions in the sendmail.cf file:

# SMTP daemon options
o DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA

The configuration line you see here forces Sendmail to listen on the smtp port (usually 25/tcp as defined in /etc/services) on the loopback interface (address 127.0.0.1).

If you prefer, you may also set this option in your m4 macro configuration file. If you are using Sendmail v8.11 or later, then use the following configuration directive:

DAEMON_OPTIONS(`Addr=127.0.0.1,Port=smtp,Name=MTA')

For versions prior to v8.11, you use:

define(`confDAEMON_OPTIONS',`Addr=127.0.0.1,Port=smtp,Name=MTA')

In either case, the sendmail.cf file you generate should have DaemonPortOptions set appropriately.
this sounds like it's exactly what you did... you're using sendmail 8.12.11, right (slack 10)???

maybe it's not a sendmail issue???

i'm not sure... anyways, i just wanted to contribute my two cents...

good luck...

SBing 07-11-2004 04:13 AM

@whysyn

Since I have no experience of mail servers and you clearly have waaaay more than me :), do you think you can explain this to me?

If you disable external listening of port 25, doesn't that mean people can't e-mail you?

If I mailed your address, wouldn't I look up your domain, then connect to your port 25, which would then e-mail it to you? Or have I got something wrong :)?

Like I said, I am completely new to this sort of thing and have done very little research, I always thought you had to allow external clients to connect to port 25 but only allow them to e-mail your domain?

If you can explain that to me, that'd be great :)

Steve

Azmeen 07-11-2004 04:42 AM

Your best solution would be to block outside traffic to your port 25 using iptables.

Even if you need customized access (in the future), iptables should be the "gatekeeper".

tobyl 07-11-2004 07:00 AM

I did this. It was a while back so I hope I get it right.

I suspect that you are already firewalled, but want to clean up at the source, not just rely on the 'gatekeeper'?

The critical file in all this is /etc/mail/sendmail.cf but you cannot modify this file directly, you have to use m4, so make sure m4 is installed, it is currently m4-1.4.1-i486-1.

sendmail-slackware.mc will be the template which is copied to config.mc which in turn is compiled to generate a new /etc/mail/sendmail.cf!

back up /usr/share/sendmail/cf/cf/sendmail-slackware.mc

then edit it:

dnl# This is the default sendmail .mc file for Slackware. To generate
dnl# the sendmail.cf file from this (perhaps after making some changes),
dnl# use the m4 files in /usr/share/sendmail/cf like this:
dnl#
dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc
dnl# cd /usr/share/sendmail/cf
dnl# sh Build config.cf
dnl#
dnl# You may then install the resulting .cf file:
dnl# cp config.cf /etc/mail/sendmail.cf
dnl#
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
dnl# Uncomment the line below to send outgoing mail through an external server:
dnl define(`SMART_HOST',`mailserver.example.com')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
dnl# Toby starts here
dnl Don't create a default MSA configuration
FEATURE(`no_default_msa')dnl
dnl Limit the MSA to the loopback address
DAEMON_OPTIONS(`Name=MSA, Port=587, Addr=127.0.0.1, M=E')dnl
dnl Limit the MTA to the 127.0.0.1 interface
DAEMON_OPTIONS(`Name=MTA, Addr=127.0.0.1')dnl
dnl#Toby ends here
dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail:
dnl FEATURE(`accept_unresolvable_domains')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl



see the new lines between dnl# Toby starts here - dnl#Toby ends here ??

now if you want you can keep an eye out for errors, open up a console and type

tail -f /var/log/maillog

then

cd /usr/share/sendmail/cf/cf
cp sendmail-slackware.mc config.mc
m4 /usr/share/sendmail/cf/m4/cf.m4 config.mc > /etc/mail/sendmail.cf


restart Sendmail with the command:

/etc/rc.d/rc.sendmail restart


if that went ok, you can do some checks:



root@darkstar:~# netstat -an | grep :25 | grep tcp
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN



or



root@darkstar:~# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhcpcd 835 root 4u IPv4 2374 UDP *:bootpc
cupsd 2399 root 0u IPv4 4391 TCP localhost:631 (LISTEN)
sendmail 2416 root 3u IPv4 4406 TCP localhost:submission (LISTEN)
sendmail 2416 root 5u IPv4 4407 TCP localhost:smtp (LISTEN)
privoxy 2489 privoxy 3u IPv4 4619 TCP localhost:8118 (LISTEN)
privoxy 2677 privoxy 3u IPv4 4619 TCP localhost:8118 (LISTEN)
root@darkstar:~#

as you can see I did a similar mod to cups :-)



tobyl


All times are GMT -5. The time now is 08:16 PM.