From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 18 23:09:38 2015
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 54D41843
 for <freebsd-stable@hub.freebsd.org>; Thu, 18 Jun 2015 23:09:38 +0000 (UTC)
 (envelope-from jamie@dyslexicfish.net)
Received: from dyslexicfish.net (deadcat.mail.dyslexicfish.net [45.63.12.202])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 01587219
 for <freebsd-stable@freebsd.org>; Thu, 18 Jun 2015 23:09:37 +0000 (UTC)
 (envelope-from jamie@dyslexicfish.net)
Received: from dyslexicfish.net (deadcat.mail.dyslexicfish.net [45.63.12.202])
 by dyslexicfish.net (8.14.5/8.14.5) with ESMTP id t5IN2lvQ090848;
 Fri, 19 Jun 2015 00:02:47 +0100 (BST)
 (envelope-from jamie@dyslexicfish.net)
Received: (from jamie@localhost)
 by dyslexicfish.net (8.14.5/8.14.5/Submit) id t5IN2l82090847;
 Fri, 19 Jun 2015 00:02:47 +0100 (BST) (envelope-from jamie)
From: Jamie Landeg-Jones <jamie@dyslexicfish.net>
Message-Id: <201506182302.t5IN2l82090847@dyslexicfish.net>
Date: Fri, 19 Jun 2015 00:02:47 +0100
To: gshapiro@gshapiro.net
Cc: freebsd-stable@freebsd.org
Subject: Re: Last openssl update brakes localhost email sending
References: <CAAoTqft7wRi9Ov_oiCk64HwbT+rXn-AvkOd-+VeFhq_s8bE7NA@mail.gmail.com>
 <CAAoTqfvchXndzgCRDyJXCz+UOi93w1v-vvKvoLMgPLk6cHh4Dw@mail.gmail.com>
 <5582C749.9060801@sentex.net> <20150618150404.GA42082@minime.local>
 <CAAoTqftnG1WoyN81eSfBO=_G+e9ZQYCssO_=j5ymv=L+Z3jnVQ@mail.gmail.com>
In-Reply-To: <CAAoTqftnG1WoyN81eSfBO=_G+e9ZQYCssO_=j5ymv=L+Z3jnVQ@mail.gmail.com>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7
 (dyslexicfish.net [45.63.12.202]); Fri, 19 Jun 2015 00:02:47 +0100 (BST)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2015 23:09:38 -0000

Hello!

I'm curious... Why is localhost delivery encrypted by default in the first place?

I have this in /etc/mail/access:

# ----------------------------------------------------------------------------
# Disable local encrypted connections:
Srv_Features:localhost     S
# ----------------------------------------------------------------------------

The only reason I can think of is if there is some unencrypted TCP
relayed 'tunnel', that has been set up not using ssh or some other
encrypted transport.

Have I answered my own question? This hardly seems like typical usage,
and if someone did do such a thing, I'd expect them to know to
tweak the sendmail defaults.

Cheers,
Jamie