Re: jails, cron and sendmail

---

• From: Mike Meyer <mwm-keyword-freebsdhackers2.e313df@xxxxxxxxx>
• Date: Mon, 28 Aug 2006 09:38:44 -0400

---

In <20060828150039.21e8bd4a@localhost>, Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> typed:

Mike Meyer <mwm-keyword-freebsdhackers2.e313df@xxxxxxxxx> wrote:

In <44F1B7B7.9090701@xxxxxxxxxxxx>, Dirk Engling <erdgeist@xxxxxxxxxxxx> typed:

The default configuration doesn't expose sendmail to the publicly
visible IP addres. The daemon it runs only listens for connections to
the localhost address.

Which is rewritten to the jails (externally visible) address on a connect()

Yup. I wasn't aware of that strange behavior of jails. That should be
fixed.

Fixed how? Disallow jailed applications to connect to 127.0.0.1,
and thus break most of them, or have them reach 127.0.0.1 on the
host system and weaken the security?

I think the better fix would be to make jails not expose their
localhost IP address to the outside world.

Exactly.

Ok, I'm confused. Exactly how is fixing jails to not expose their
localhost IP address to the outside world not fixing this strange
behavior of jails?

<mike
--
Mike Meyer <mwm@xxxxxxxxx> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: jails, cron and sendmail
    • From: Fabian Keil

• References:
  • jails, cron and sendmail
    • From: Dirk Engling
  • Re: jails, cron and sendmail
    • From: Mike Meyer
  • Re: jails, cron and sendmail
    • From: Dirk Engling
  • Re: jails, cron and sendmail
    • From: Mike Meyer
  • Re: jails, cron and sendmail
    • From: Dirk Engling
  • Re: jails, cron and sendmail
    • From: Mike Meyer
  • Re: jails, cron and sendmail
    • From: Fabian Keil

• Prev by Date: Re: jails, cron and sendmail
• Next by Date: Re: jails, cron and sendmail
• Previous by thread: Re: jails, cron and sendmail
• Next by thread: Re: jails, cron and sendmail
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: jails, cron and sendmail ... The daemon it runs only listens for connections to ... I wasn't aware of that strange behavior of jails. ... localhost IP address to the outside world. ... They have one IP address that is always visible from the host system, ... (freebsd-hackers) Re: jails, cron and sendmail ... I wasn't aware of that strange behavior of jails. ... Because of the security aspect it's a good ... through packet filter and port forwarding anyway. ... localhost IP address to the outside world. ... (freebsd-hackers) jails and sendmail ... I've got a machine with three or four jails on it. ... sendmail in all of them. ... One jail will do Mailman, ... Is there a problem with the localhost sendmail config being shared ... (FreeBSD-Security) Re: jails and sendmail ... on host and in all jails. ... then it won't interfere with the jails. ... Sendmail 2nd ed. book. ... since localhost really belongs to the host itself ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > hackers  > 2006-08