[Mailman-Developers] sendmail
Norbert Bollow
nb@thinkcoach.com
Thu, 30 Aug 2001 16:32:13 +0200
Chuq Von Rospach wrote:
>
> I did this a little differently, since I know that tweaking sendmail.cf
> files gives many people hives, and so people aren't likely to do it. It's
> also unneccesary.
>
> You can do this without modifying your sendmail files at all. Instead, in
> your startup script, add:
>
> /usr/sbin/sendmail -bd -ODeliveryMode=defer \
> -ODaemonPortOptions=Name=MSA,Port=NNNN,M=E,Addr=127.0.0.1
>
> Where NNNN is some port number not otherwise used (you can test if
> something's in use by doing "telnet localhost NNNN" -- if it's refused,
> there's no daemon listening)
>
> This sets up a sendmail process listening to the alternate port, in DEFER
> mode, but set to talk only to the localhost interface, so it's not
> accessible by anyone other than your local machine: no open relay problems.
Actually, you can't rely on this unless you have checked how
your machine's IP implementation works exactly.
It says in section 3.3.4.2 of RFC 1122
There are two key requirement issues related to multihoming:
(A) A host MAY silently discard an incoming datagram whose
destination address does not correspond to the physical
interface through which it is received.
Yes, that is a "MAY", not a "MUST", not even a "SHOULD". There
are TCP/IP stacks out there which allow your 127.0.0.1 interface
to be accessed from outside the local machine.
Greetings, Norbert.
--
A member of FreeDevelopers and the DotGNU Steering Committee: dotgnu.org
Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland)
Tel +41 1 972 20 59 Fax +41 1 972 20 69 http://thinkcoach.com
Your own domain with all your Mailman lists: $15/month http://cisto.com