Re: how do I see security logs without turning on sendmail?

Mon, 15 Jan 2007 12:38:29 -0800 

On 12/15/06, Tuareg <[EMAIL PROTECTED]> wrote:


On 12/14/06, Jerry McAllister <[EMAIL PROTECTED]> wrote:
>
> On Thu, Dec 14, 2006 at 12:08:23AM -0800, James Long wrote:
>
> > > Date: Wed, 13 Dec 2006 17:33:32 -0600
> > > From: Lane <[EMAIL PROTECTED]>
> > > Subject: Re: how do I see security logs without turning on sendmail?
>
> > > To: freebsd-questions@freebsd.org
> > > Message-ID: <[EMAIL PROTECTED] >
> > > Content-Type: text/plain;  charset="iso-8859-1"
> > >
> > > Tuareg,
> > >
> > > clearly sendmail is running.  That is indicated by "sendmail[41626]"
> in
> > > your /var/log/sendmail log.
> > >
> > > The question, of course, is how does it get started.
> >
> > This is quite the WAG here, but can sendmail be started on-demand
> > from inetd.conf ?
>
> It probably could, but I don't think that is the way it is done
> normally.
> Take a look in /etc/defaults/rc.conf  at the stuff for sendmail
> and then note what overrides you have put in /etc/rc.conf
> Also, check out /etc/rc.sendmail
>
> ////jerry


I sent this  before, but here we go again:

In /etc/defaults/rc.conf these are the lines wich contain "sendmail":

mta_start_script="/etc/rc.sendmail"

# Settings for /etc/rc.sendmail:
sendmail_enable="YES"   # Run the sendmail inbound daemon (YES/NO/NONE).
                        # If NONE, don't start any sendmail processes.
sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
sendmail_submit_enable="YES"    # Start a localhost-only MTA for mail
submission
sendmail_submit_flags="-L sm-mta -bd -q30m
-ODaemonPortOptions=Addr=localhost"
sendmail_outbound_enable="YES"  # Dequeue stuck mail (YES/NO).
sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound
only)
sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail
(YES/NO).
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
                                # Flags for sendmail_msp_queue daemon.

/etc/rc.sendmail doesn't exists.

And /etc/rc.conf:

### Network daemon (miscellaneous) & NFS options: ###
sendmail_enable="NONE"  # Run the sendmail daemon (or NO).
cron_enable="YES"       # Run the periodic job daemon.
portmap_enable="NO"     # Run the portmapper service (or NO).
usbd_enable="NO"
sshd_enable="YES"
tcp_drop_synfin="YES"
tcp_restrict_rst="YES"
syslogd_enable="YES"            # Run syslog daemon (or NO).
syslogd_flags="-s -s"           # Flags to syslogd (if enabled).

This is for FreeBSD 4.6-RELEASE



Sending again... it seems that the list dont want me to send mails from
gmail... :(

Well, after many suggestions from you on this topic last months/year...

We have tried something that let us sent messages from this servers, but we
would like the hear from you, how does this affect the server, we know that
this is not the better solution, but it's what it worked for us.

Found this link: http://security.uoregon.edu/sendmail/

After reading this part:

Turning off 127.0.0.1:25 Altogether

The creation of an MSP process allows for some flexibility in client-class
mail configuration. Because the MSP has a queue of its own, messages can
either be queued or delivered immediately. So in some special cases, a
machine can run without a sendmail listener. This however, is an unusual and
not-recommended practice. It is merely listed here to elaborate on the
differences between MTA's and MSP's.

The "submit.mc" and "submit.cf" in this case would be:

FEATURE(`msp',`centralmailserver')
D{MTAHost}centralmailserver


Obviously, it says that it's unusual and not-recommend, but didn't say
exactly the reason.. (maybe you can tell me why, because I have knowledge in
the configuration of sendmail, can configure it to avoid be used as relay,
use of rbl lists, etc, but I'm not exactly an expert).

Well, after reading this... went to one of the new servers.. and read
/etc/mail/README

1. Designate an alternative host for the submission agent to contact
  by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
  in /etc/make.conf to an alternate .mc file) and using
  'make install-submit-cf' in /etc/mail/.  Change the FEATURE(msp) line
  to FEATURE(msp, hostname) where hostname is the fully qualified hostname
  of the alternative host.


So, I modified the respective lines...

%cat /etc/mail/freebsd.submit.mc
.
.
.

#
#  This is the FreeBSD configuration for a set-group-ID sm-msp sendmail
#  that acts as a initial mail submission program.
#
#

divert(0)dnl
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.submit.mc,v
1.1.16.12006/04/13 04:00:23 gshapiro Exp $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
FEATURE(`msp', `[ my.main.server]')dnl

%make install-submit-cf

And now, I'm able to receive the e-mail of our monitoring scripts in our
main e-mailserver.

I compared the file of the old servers, but this method wasn't used, so..
can't tell you yet.. how the old server were modified to be able to send
mails without using sendmail as daemon.

Here is the result of the tests:


%mail -v [EMAIL PROTECTED]
Subject: TEST
test
.
EOT
[EMAIL PROTECTED] Connecting to smtp.my.main.server. via relay...
220-my.main.server ESMTP Mail Server.
220-Ready on Mon, 15 Jan 2007 11:32:53 -0600 (CST).

EHLO new.monitored.server.

250-my.main.server Hello new.monitored.server [xxx.xxx.xxx.xxx], pleased to
meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE 15000000
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP

MAIL From:<[EMAIL PROTECTED] > SIZE=50

250 2.1.0 <[EMAIL PROTECTED]>... Sender ok

RCPT To:<[EMAIL PROTECTED]>

250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok

DATA

354 Enter mail, end with "." on a line by itself

.

250 2.0.0 l0FHWrV68053 Message accepted for delivery
[EMAIL PROTECTED] Sent (l0FHWrV123456 Message accepted for delivery)
Closing connection to smtp.my.main.server.

QUIT

221 2.0.0 my.main.server closing connection


tail -f /var/log/maillog

Jan 15 11:32:53 monitored sendmail[70665]: l0FHWqLe707332: to=
[EMAIL PROTECTED], ctladdr=user (10001/120), delay=00:00:01,
xdelay=00:00:01, mailer=relay, pri=30050, relay= smtp.my.main.server. [
xxx.xxx.xxx.xxx], dsn=2.0.0, stat=Sent (l0FHWrV123456 Message accepted for
delivery)


This was done with FreeBSD 6.1 STABLE.


Suggestions on this?

P.S. Yes.. I know we can use smmtp, but please remember, what we wanted it's
to avoid installing software and open the port 25, just wanted to sent the
result of scripts via e-mail.

Thanks for your comments/suggestions/and any other stuff... on this
"solution" (at least for us)
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"






















					Reply via email to