From owner-freebsd-security  Wed Aug 15 17:29:55 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3])
	by hub.freebsd.org (Postfix) with ESMTP id 46C3A37B401
	for <security@FreeBSD.ORG>; Wed, 15 Aug 2001 17:29:49 -0700 (PDT)
	(envelope-from hetzels@westbend.net)
Received: from admin0 (admin0.westbend.net [216.47.253.17])
	by mail.westbend.net (8.11.5/8.11.5) with ESMTP id f7G0Sn260037
	for <security@FreeBSD.ORG>; Wed, 15 Aug 2001 19:29:14 -0500 (CDT)
	(envelope-from hetzels@westbend.net)
Message-ID: <016b01c125e9$e9c82420$11fd2fd8@westbend.net>
From: "Scot W. Hetzel" <hetzels@westbend.net>
To: <security@FreeBSD.ORG>
References: <200108151940.f7FJepc73604@hak.lan.Awfulhak.org> <p0510100cb7a09144a1c3@[128.113.24.47]> <20010815170217.F14206@pir.net>
Subject: Re: cvs commit: src/etc inetd.conf
Date: Wed, 15 Aug 2001 19:24:30 -0500
Organization: West Bend Interent
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

From: "Peter Radcliffe" <pir@pir.net>
> Garance A Drosihn <drosih@rpi.edu> probably said:
> > "cron'd events", such as if you add your own cron jobs, cron will
> > email you if the process fails, or output from the process when
> > it succeeds (depending on how you have the job setup).  Cron itself
> > expects it can send mail.  So does lpd (if a user does 'lpr -m',
> > for instance).
>
> So why can't we run sendmail by default, just with no '-bd' option
> so it doesn't listen on port 25. Local mail will get delivered,
> it's not a remote security problem ...
>
With the latest changes in 4.4-PRERELEASE, rc, rc.conf have options to setup
the server for outbound only mode:

sendmail_enable="YES"   # Run the sendmail inbound daemon (or NO).
sendmail_flags="-bd -q30m" # Flags to sendmail (as a server)
sendmail_outbound_enable="NO"   # Dequeue stuck mail (or YES).
sendmail_outbound_flags="-q30m" # Flags to sendmail (outbound only)

So setting "sendmail_enable" to "NO" and setting "sendmail_outbound_enable"
to "Yes" will accomplish this task.

All that's needed is to fix sysinstall to choose 3 modes for sendmail:

    1. Normal mode
    2. Queue mode
    3. Disabled

Scot


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message