SUMMARY: sendmail on Solaris 9

From: Christopher L. Barnard (cbar44@tsg.cbot.com)
Date: Fri Aug 29 2003 - 14:59:28 EDT


I asked:

> A sendmail/solaris 9 problem:
>
> On most of our solaris 9 machines, I have configured them to not run in
> daemon mode. An outbound email message is sent straight to the mailhost
> and is processed there. The only difference between this implementation
> and the sendmail implementation that shipped with Solaris 8 is that aliases
> are expanded on the mailhost, not locally. This works perfectly.
>
> This is fine except on one machine where we do not control the mailhost.
> So the aliases must be expanded locally. Running sendmail in daemon mode
> on this server is deemed to be too much of a security risk. Running it in
> daemon mode but only listening to localhost is deemed unacceptable due to
> the difficulty of verifying that this modification has been saved after a
> sendmail patch is applied. This server will actually send out messages
> fairly infrequently, so the much slower option of spawning sendmail out
> of inetd.conf is acceptable here. It will also be possible to use tcp
> wrappers to restrict by IP what servers can connect to this sendmail
> instance.
>
> On solaris 8 boxes, all I needed to do was to put an entry into the
> inetd.conf file
> smtp stream tcp nowait root /usr/sbin/tcpd /usr/lib/sendmail -bs
>
> When I do this on a solaris 9 box, however, it does not work. The email
> loops on localhost until the max hop count is exceeded, and is never sent.
> I have tried this with and without the "sendmail -Ac" process running as
> smmsp.
>
> Has anyone else accomplished, on a Solaris 9 box, running sendmail as needed
> from inetd?
>
> TIA, and of course I will summarize.

The solution:

don't go with the inetd.conf solution. Run the daemon and modify the
DaemonPortOptions so that it will only listen to localhost. But rather
than customizing the sendmail.cf file and risk it not being rebuilt
after a sendmail patch, but the command into the /etc/default/sendmail
file:

MODE="-bd -ODaemonPortOptions=Addr=localhost"

Thanks to the several people who gave me suggestions. Unfortunately I lost
your emails when my mail went postal on me, but you know who you are. ;^)

+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:02 EDT