Date: Sun, 25 Nov 2001 16:43:41 -0800 From: Claus Assmann <freebsd+stable@esmtp.org> To: freebsd-stable@FreeBSD.ORG Cc: Jochem Kossen <j.kossen@home.nl> Subject: Re: patch for /usr/src/etc/sendmail/freebsd.mc to disable submission (close port 587) Message-ID: <20011125164341.A22232@zardoc.esmtp.org> In-Reply-To: <20011126012116.A49715@jochem.dyndns.org>; from j.kossen@home.nl on Mon, Nov 26, 2001 at 01:21:16AM %2B0100 References: <20011126000211.A27034@jochem.dyndns.org> <20011125160446.B3967@zardoc.esmtp.org> <20011126012116.A49715@jochem.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 26, 2001, Jochem Kossen wrote: I'm on the mailing list, so you don't need to do this: Mail-Followup-To: Claus Assmann <freebsd+stable@esmtp.org>, Jochem Kossen <j.kossen@home.nl>, freebsd-stable@FreeBSD.ORG I've set it (again) to: Mail-Followup-To: freebsd-stable@FreeBSD.ORG > On Sun, Nov 25, 2001 at 04:04:46PM -0800, Claus Assmann wrote: > > On Mon, Nov 26, 2001, Jochem Kossen wrote: > > > I wonder why by default, the submission function of sendmail (which is > > > to my knowledge rarely used) is enabled, so i created a small a patch > > > for disabling it, maybe it could be used? > > > If not, could someone explain to me whoever uses the thing? :) > > > > We (i.e., the authors of sendmail) have enabled it by default to > > encourage its use. If you turn it off, how do you expect that other > > programs will actually use it? > > By documenting it? People will enable it if they need it. In my opinion, > every extra open port on a computer is a security risk. Many people don't read documentation. Just check the amount of questions "Why is port 587 open?" in comp.mail.sendmail. It's right there in the release notes... By turning on features by default we support their usage. sendmail is often the first to support new features and then others follow. That's also the reason why sendmail uses STARTTLS if it's compiled in and the other side offers it. That uncovered some broken MTAs which have been fixed even though it took a lot of pressure. > As seen from your side, it has been enabled for quite some time now, did > it work? Are there programs which actually use it? Are those programs > widely used? If yes to all questions, then my patch shouldn't be used in > the default freebsd sources. Otherwise, i think it should. I don't know, I don't have any statistics. Maybe we switch our MSP in the next release to use port 587 by default. The more people switch to the MSA the easier will be the next transition: a cleaner separation of MTA and MSA. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011125164341.A22232>