sendmail on 127.0.0.1 only
hello all!
i want to configure sendmail on slackware 10.0 to only listen on the loopback address. right now, netstat -lpn returns (among other things): tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1352/sendmail: acce tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1352/sendmail: acce i need senmail to listen on port 25 locally, but it shouldn't receive mail from outside. normally i install qmail, but this is my friend's box and he doesn't want it. i have never understood sendmail. i've managed mail servers for 6 years, but have never used it. sendmail just makes no sense... i've done some searching on the web, but nothing i've found seems to work, such as putting DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') in sendmail-slackware.mc and recompiling. thanks! -eric |
almost everything i found on google related to your question pretty much sounds like this:
(from http://www.deer-run.com/~hal/sysadmin/sendmail2.html ) Quote:
maybe it's not a sendmail issue??? i'm not sure... anyways, i just wanted to contribute my two cents... good luck... |
@whysyn
Since I have no experience of mail servers and you clearly have waaaay more than me :), do you think you can explain this to me? If you disable external listening of port 25, doesn't that mean people can't e-mail you? If I mailed your address, wouldn't I look up your domain, then connect to your port 25, which would then e-mail it to you? Or have I got something wrong :)? Like I said, I am completely new to this sort of thing and have done very little research, I always thought you had to allow external clients to connect to port 25 but only allow them to e-mail your domain? If you can explain that to me, that'd be great :) Steve |
Your best solution would be to block outside traffic to your port 25 using iptables.
Even if you need customized access (in the future), iptables should be the "gatekeeper". |
I did this. It was a while back so I hope I get it right.
I suspect that you are already firewalled, but want to clean up at the source, not just rely on the 'gatekeeper'? The critical file in all this is /etc/mail/sendmail.cf but you cannot modify this file directly, you have to use m4, so make sure m4 is installed, it is currently m4-1.4.1-i486-1. sendmail-slackware.mc will be the template which is copied to config.mc which in turn is compiled to generate a new /etc/mail/sendmail.cf! back up /usr/share/sendmail/cf/cf/sendmail-slackware.mc then edit it: dnl# This is the default sendmail .mc file for Slackware. To generate dnl# the sendmail.cf file from this (perhaps after making some changes), dnl# use the m4 files in /usr/share/sendmail/cf like this: dnl# dnl# cp sendmail-slackware.mc /usr/share/sendmail/cf/config.mc dnl# cd /usr/share/sendmail/cf dnl# sh Build config.cf dnl# dnl# You may then install the resulting .cf file: dnl# cp config.cf /etc/mail/sendmail.cf dnl# include(`../m4/cf.m4') VERSIONID(`default setup for Slackware Linux')dnl OSTYPE(`linux')dnl dnl# These settings help protect against people verifying email addresses dnl# at your site in order to send you email that you probably don't want: define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl dnl# Uncomment the line below to send outgoing mail through an external server: dnl define(`SMART_HOST',`mailserver.example.com') dnl# No timeout for ident: define(`confTO_IDENT', `0')dnl dnl# Enable the line below to use smrsh to restrict what sendmail can run: dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl dnl# See the README in /usr/share/sendmail/cf for a ton of information on dnl# how these options work: FEATURE(`use_cw_file')dnl FEATURE(`use_ct_file')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl FEATURE(`blacklist_recipients')dnl FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`always_add_domain')dnl FEATURE(`redirect')dnl dnl# Toby starts here dnl Don't create a default MSA configuration FEATURE(`no_default_msa')dnl dnl Limit the MSA to the loopback address DAEMON_OPTIONS(`Name=MSA, Port=587, Addr=127.0.0.1, M=E')dnl dnl Limit the MTA to the 127.0.0.1 interface DAEMON_OPTIONS(`Name=MTA, Addr=127.0.0.1')dnl dnl#Toby ends here dnl# Turn this feature on if you don't always have DNS, or enjoy junk mail: dnl FEATURE(`accept_unresolvable_domains')dnl EXPOSED_USER(`root')dnl dnl# Also accept mail for localhost.localdomain: LOCAL_DOMAIN(`localhost.localdomain')dnl MAILER(local)dnl MAILER(smtp)dnl MAILER(procmail)dnl see the new lines between dnl# Toby starts here - dnl#Toby ends here ?? now if you want you can keep an eye out for errors, open up a console and type tail -f /var/log/maillog then cd /usr/share/sendmail/cf/cf cp sendmail-slackware.mc config.mc m4 /usr/share/sendmail/cf/m4/cf.m4 config.mc > /etc/mail/sendmail.cf restart Sendmail with the command: /etc/rc.d/rc.sendmail restart if that went ok, you can do some checks: root@darkstar:~# netstat -an | grep :25 | grep tcp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN or root@darkstar:~# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME dhcpcd 835 root 4u IPv4 2374 UDP *:bootpc cupsd 2399 root 0u IPv4 4391 TCP localhost:631 (LISTEN) sendmail 2416 root 3u IPv4 4406 TCP localhost:submission (LISTEN) sendmail 2416 root 5u IPv4 4407 TCP localhost:smtp (LISTEN) privoxy 2489 privoxy 3u IPv4 4619 TCP localhost:8118 (LISTEN) privoxy 2677 privoxy 3u IPv4 4619 TCP localhost:8118 (LISTEN) root@darkstar:~# as you can see I did a similar mod to cups :-) tobyl |
All times are GMT -5. The time now is 11:06 AM. |