Add a warning regarding localhost-only listening daemons inside jails.

Apparently binding only to 127.0.0.1 inside of a jail actually binds
to the jail IP address as well (in effect, bind to all available
interfaces in the jail).

Submitted by:	Helge Oldach <test-smtp@oldach.net>
MFC after:	1 day
		pending RE approval
This commit is contained in:
Gregory Neil Shapiro 2002-05-22 16:37:32 +00:00
parent dcbd867c36
commit b9888709dd
2 changed files with 9 additions and 5 deletions

View File

@ -11,11 +11,12 @@ default) holds the mail if an MTA can not be contacted.
To accomplish this, under the default setup, an MTA must be listening on
localhost port 25. If the rc.conf sendmail_enable option is set to "NO",
a sendmail daemon will still be started and bound only to the localhost
interface in order to accept command line submitted mail. If this is not
a desirable solution, it can be disabled using the sendmail_submit_enable
rc.conf option. However, if both sendmail_enable and sendmail_submit_enable
are set to "NO", you must do one of two things for command line submitted
mail:
interface in order to accept command line submitted mail (note that this
does not work inside jail(2) systems as jails do not allow binding to
just the localhost interface). If this is not a desirable solution, it
can be disabled using the sendmail_submit_enable rc.conf option. However,
if both sendmail_enable and sendmail_submit_enable are set to "NO", you
must do one of two things for command line submitted mail:
1. Designate an alternative host for the submission agent to contact
by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC

View File

@ -139,6 +139,9 @@ This is intended to allow local mail submission via
a localhost-only listening SMTP service required for running
.Xr sendmail 8
as a non-set-user-ID binary.
Note that this does not work inside
.Xr jail 2
systems as jails do not allow binding to just the localhost interface.
.It Va sendmail_submit_flags
.Pq Vt str
If