Date: Wed, 19 Jun 2002 11:55:56 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: "David O'Brien" <obrien@FreeBSD.org> Cc: Gregory Neil Shapiro <gshapiro@FreeBSD.org>, Doug Barton <DougB@FreeBSD.org>, "Jin Guojun[DSD]" <j_guojun@lbl.gov>, FreeBSD-arch@FreeBSD.org Subject: Re: conf/39444: rc.sendmail syntax error: cannot disable sendmail Message-ID: <20020619115556.D21469@blossom.cjclark.org> In-Reply-To: <20020619104912.B41546@dragon.nuxi.com>; from obrien@FreeBSD.org on Wed, Jun 19, 2002 at 10:49:12AM -0700 References: <3D0FB406.83DE356D@lbl.gov> <20020618155900.O2483-100000@master.gorean.org> <15632.6996.519381.823439@horsey.gshapiro.net> <3D102055.F08DD2AE@FreeBSD.org> <15632.9131.365021.260177@horsey.gshapiro.net> <20020619104912.B41546@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 19, 2002 at 10:49:12AM -0700, David O'Brien wrote:
> On Tue, Jun 18, 2002 at 11:24:43PM -0700, Gregory Neil Shapiro wrote:
> > DougB> The problem is, the users are getting confused. Neither of the methods
> > DougB> you describe is "standard," which is a big part of the confusion.
> >
> > I guess the standard way would be:
> >
> > sendmail_enable=NO
> > sendmail_submit_enable=NO
> > sendmail_outbound_enable=NO
> > sendmail_msp_queue_enable=NO
>
> Yes. Since you fully support this, I don't understand what the issue is.
> People have old configurations that want "sendmail_enable=NO" to equal
> the above? Too bad, there are many configuration changes to learn when
> going from -stable to -current. So they will just have to learn there is
> more granularity now.
I don't think there would be much of an issue if it were only changed
in -CURRENT (see my last remark), but this change was made to -STABLE
and just hit its first -RELEASE cycle.
To rehash the logic one last time, sendmail(8) in the -STABLE was
upgraded to 8.12.2. In order to send outbound mail properly,
the new version sendmail(8) needs a listening, submission daemon (this
is a security feature, not a bug). Since sendmail_enable="YES" has
been the default in FreeBSD forever, turning this on as well by
default was the obvious thing to do.
Those who use alternate MTAs or just have something against
sendmail(8) got upset because now when they switched 'sendmail_enable'
to "NO," they _still_ had a sendmail(8) daemon listening. They
complained that setting all of those switches to "NO" was too much of
a hassle (not really a good argument) and what if more changes were
made in the future, they want a way to turn off sendmail(8) now and
forever (actually a pretty good argument). The heart of the problem
is that to those who use sendmail(8), 'sendmail_enable="NO"' meant
turn on the listener to receive incoming mail from remote sites (but
not necessarily outgoing mail), whereas to the non-sendmail(8) users,
it meant turn off sendmail(8) completely. With the new design, it
could no longer serve those two different function for both groups.
So, instead of making a whole new knob or defaulting to the
non-sendmail(8) user's desired behavior (the monthly flamefests on
-current and -stable about removing sendmail(8) from the base system
are not due for another week or two, so don't start that again right
now), a new setting for the existing 'sendmail_enable' switch was
provided that will disable all sendmail(8) daemons at startup now and
forever, "NONE".
For people who use sendmail(8) as an MTA, either in both incoming and
outgoing or just in outgoing modes, (which are believed to be the vast
majority of users) they need not modify their old rc.conf(5)'s and
they should get the same behavior as they did before the upgrade to
>8.12.2. This was the most important consideration. Someone who
upgrades -STABLE or to the next -RELEASE should get the same
_functionality_ with the same rc.conf to the greatest extent possible
(if it means running a sendmail(8) daemon that was not running before,
so be it).
To add to the excitement, 'sendmaill_enable' (and 'inetd_enable' as
well) were actually turned off by default for a few days in -STABLE,
but after massive postings to -stable the defaults were switched back.
(I'm just glad we finally managed to get ftp(1) and telnet(1) turned
off by default. It only took a remote root hole in telnetd(8) to
finally get that done.)
> > This is (and was) always available. sendmail_enable=NONE is just a
> > shortcut that has the same effect as setting all four to NO.
>
> This is non-standard. In fact I would really like us to use the NetBSD
> way of testing the knobs such that any "negative" setting means no.
> "NONE" would break with this.
>
> Thus my voiced support is "do nothing" (other than maybe remove the NONE
> support).
What to do in -CURRENT is a whole 'nother ball game. At present,
'sendmail_enable' is "NO" in -CURRENT (yay!) and
'sendmail_{submit,outbound}_enable' both default to "YES." Since rc_ng
development is finally getting some life, we can look at completely
reworking these issues, what knobs exist and what their default
settings are, for 5.0-RELEASE. Also since we are importing the NetBSD
startup, having things work more like theirs makes a lot more sense.
As for -STABLE, I think "NONE" is a reasonable band-aid cure for the
remaining life of the RELENG_4 branch.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619115556.D21469>