Disabling DNS lookup by sendmail in Solaris and suggestion for hardening tools

Disabling DNS lookup by sendmail in Solaris and suggestion for hardening tools

Post by Henr » Fri, 27 Jun 2003 23:34:26



Is there anybody knows how I can disable dns lookup on sending email by
sendmail?
I know that Solaris does not use /etc/mail/service.switch and I tried to add
the following option
O ResolverOptions=-DNSRCH
in /etc/sendmail.cf
However the sendmail deamon still tries to lookup dns, any solution?

By the way, is there any good hardening tools for Solaris? I tried to use
jass from Sun Microsystems. But I would like to try more hardening tools,
any suggestion? Thank you very much!

Brgds,
Henry

 
 
 

Disabling DNS lookup by sendmail in Solaris and suggestion for hardening tools

Post by Chuck Geigne » Thu, 03 Jul 2003 07:28:13



> Is there anybody knows how I can disable dns lookup on sending email by
> sendmail?
> I know that Solaris does not use /etc/mail/service.switch and I tried to add
> the following option
> O ResolverOptions=-DNSRCH
> in /etc/sendmail.cf
> However the sendmail deamon still tries to lookup dns, any solution?

Hi Henry
You have 2 options here:
[OPTION 1]
According to the bat book 3rd ed. you can invoke a ServiceSwitchFile
option to point host lookups to a file by doing one of the following:

O ServiceSwitchFile=<path>                 <--- .cf file
-OServiceSwitchFile=<path>                 <--- invoked from cmd line
define(`confSERVICE_SWITCH_FILE', <path>   <--- in .mc config file

where <path> is the path to the service switch file containing
directives in the form of "<service> <how> <how>"
<service> can be "hosts" "aliases" or "passwd" - in this case you'd want
to enter "hosts". <how> can be "files" "nis" "netinfo" "nisplus" or "dns"

so to only look at a file for name lookups you'd specify in your service
switch file: "dns files"
where "files" refers to your nsswitch.conf file (already configured, I
hope).

[OPTION 2]
(I don't think you're original question indicates that the following is
what you're looking for, but I'll include the info anyway jic)
You don't even want DNS_BIND enabled in the binary? This'll fix it's wagon:
in your devtools/Site/site.config.m4 file (or whereever you put your
local build definitions), enter:
APPENDDEF(`confENVDEF', `-DNAMED_BIND=0')
and then recompile sendmail. I wouldn't recommend this unless you are
either not connected to the Internet at all or are running a UUCP box
(sheesh, do those even exist anymore?)

Anyway, hope this helps you out!
Regards,
Chuck
--
Chuck Geigner --------------------------------------------------------
Unix Systems Specialist,
Milner Library, Illinois State University
"Been borrowing Occam's Razor since 1992 - Haven't cut myself yet."
http://www.chux0r.org ______________________________________ WYGIWISYG

 
 
 

1. Disabling DNS lookup by sendmail in Solaris and suggestion for hardening tools

Is there anybody knows how I can disable dns lookup on sending email by
sendmail?
I know that Solaris does not use /etc/mail/service.switch and I tried to add
the following option
O ResolverOptions=-DNSRCH
in /etc/sendmail.cf
However the sendmail deamon still tries to lookup dns, any solution?

By the way, is there any good hardening tools for Solaris? I tried to use
jass from Sun Microsystems. But I would like to try more hardening tools,
any suggestion? Thank you very much!

Brgds,
Henry

2. The Nice Police

3. mail question

4. How to disable reverse DNS lookup with apache ?

5. Can't read from modem unless Root

6. how to disable reverse DNS lookups

7. console vidmode, besides 640X400?

8. disable reverse DNS look-up - how do I do it

9. how do i disable DNS reverse lookups?

10. How to disable ipv6 DNS lookups in Redhat 7.2 ?

11. How do I disable DNS lookups in FTPD ?

12. How disabling DNS lookups??