Date: Fri, 22 Sep 2000 14:10:57 -0600 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: Neil Blakey-Milner <nbm@mithrandr.moria.org> Cc: security@FreeBSD.ORG, Peter Wemm <peter@netplex.com.au> Subject: Re: sendmail default run state Message-ID: <200009222010.e8MKAv117254@orthanc.ab.ca> In-Reply-To: Your message of "Fri, 22 Sep 2000 21:56:16 %2B0200." <20000922215616.A33103@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Neil" == Neil Blakey-Milner <nbm@mithrandr.moria.org> writes:
Neil> Reason being the most common situations I see are
Neil> multi-system networks, where you read mail on just one, and
Neil> not necessarily running sendmail on the machine that does
Neil> receives mail. In the single-user case, also, people don't
Neil> tend to want to allow connections. It's more a special case
Neil> to receive mail, and it's quite simple to flick the switch,
Neil> since you have to set up sendmail to receive mail for your
Neil> domain anyway.
It sounds like you're describing a desktop client type environment
where you're running a local MUA that talks IMAP or POP to a central
server. Many of those MUAs want to inject mail through the local (to
the machine they are running on) SMTP server. By outright disabling
local SMTP service you run into POLA issues -- making this change
can break MUA functionality.
Wouldn't it be better instead to keep local SMTP enabled, but switch
in a sendmail.cf thats based on FEATURE(nullclient)? This allows
the local MUAs to continue to work unmodified while preserving
the "no local mail" environment. And the nullclient config can
drop root priv's right after the daemon sockets are bound since it
doesn't have to invoke the local mailer.
--lyndon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009222010.e8MKAv117254>