From b9888709dd474e64d467bb83ce3c9853547be2f6 Mon Sep 17 00:00:00 2001
From: Gregory Neil Shapiro <gshapiro@FreeBSD.org>
Date: Wed, 22 May 2002 16:37:32 +0000
Subject: [PATCH] Add a warning regarding localhost-only listening daemons
 inside jails. Apparently binding only to 127.0.0.1 inside of a jail actually
 binds to the jail IP address as well (in effect, bind to all available
 interfaces in the jail).

Submitted by:	Helge Oldach <test-smtp@oldach.net>
MFC after:	1 day
		pending RE approval
---
 etc/mail/README              | 11 ++++++-----
 share/man/man8/rc.sendmail.8 |  3 +++
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/etc/mail/README b/etc/mail/README
index f3608fa11d14..fd7c8f6ed812 100644
--- a/etc/mail/README
+++ b/etc/mail/README
@@ -11,11 +11,12 @@ default) holds the mail if an MTA can not be contacted.
 To accomplish this, under the default setup, an MTA must be listening on
 localhost port 25.  If the rc.conf sendmail_enable option is set to "NO",
 a sendmail daemon will still be started and bound only to the localhost
-interface in order to accept command line submitted mail.  If this is not
-a desirable solution, it can be disabled using the sendmail_submit_enable
-rc.conf option.  However, if both sendmail_enable and sendmail_submit_enable
-are set to "NO", you must do one of two things for command line submitted
-mail:
+interface in order to accept command line submitted mail (note that this
+does not work inside jail(2) systems as jails do not allow binding to
+just the localhost interface).  If this is not a desirable solution, it
+can be disabled using the sendmail_submit_enable rc.conf option.  However,
+if both sendmail_enable and sendmail_submit_enable are set to "NO", you
+must do one of two things for command line submitted mail:
 
 1. Designate an alternative host for the submission agent to contact
    by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
diff --git a/share/man/man8/rc.sendmail.8 b/share/man/man8/rc.sendmail.8
index 86783d496c7a..50e6749e9da4 100644
--- a/share/man/man8/rc.sendmail.8
+++ b/share/man/man8/rc.sendmail.8
@@ -139,6 +139,9 @@ This is intended to allow local mail submission via
 a localhost-only listening SMTP service required for running
 .Xr sendmail 8
 as a non-set-user-ID binary.
+Note that this does not work inside
+.Xr jail 2
+systems as jails do not allow binding to just the localhost interface.
 .It Va sendmail_submit_flags
 .Pq Vt str
 If