tcpd & 127.0.0.1
I really like the tcpwrapper. Without messing with ipfilter, one can easily set up quite a few access rules. While running seccheck, I noticed that TCP wrappers were not enabled on my system. A quick edit of hosts.allow
and hosts.deny
did the trick - except for sendmail
:
[ID 801593 mail.info] n28820cE016260: from=root, size=247, class=0, nrcpts=1, msgid=<200903080802.n28820cE016260@node1>, relay=root@localhost [ID 801593 mail.notice] n28820u0016261: tcpwrappers (localhost, 127.0.0.1) rejectionSo, why would
sendmail
reject mail from localhost? Well, sendmail
is linked against the TCP wrapper too:
$ ldd /usr/lib/sendmail | grep wrap libwrap.so.1 => /usr/sfw/lib/libwrap.so.1 $ grep -v ^\# /etc/hosts.allow ALL: 127.0.0.1/255.0.0.0 ALL: 10.200.0.0/255.255.255.0Apparently
sendmail
(or, to be correct: tcpd
) does not like the subnet after 127.0.0.1
, despite the manpage where it expects an
"expression of the form `n.n.n.n/m.m.m.m' "
. Well, removing the subnet helped, now sendmail
delivers to localhost again.