From owner-freebsd-security  Mon Mar 19  1:56: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from axis.tdd.lt (axis.tdd.lt [193.219.211.5])
	by hub.freebsd.org (Postfix) with ESMTP
	id D065737B740; Mon, 19 Mar 2001 01:55:58 -0800 (PST)
	(envelope-from domas.mituzas@delfi.lt)
Received: from localhost (midom@localhost)
	by axis.tdd.lt (8.11.1/8.11.1) with ESMTP id f2J9tsm07076;
	Mon, 19 Mar 2001 11:55:55 +0200 (EET)
Date: Mon, 19 Mar 2001 11:55:54 +0200 (EET)
From: Domas Mituzas <domas.mituzas@delfi.lt>
X-Sender: midom@axis.tdd.lt
To: Poul-Henning Kamp <phk@FreeBSD.ORG>
Cc: security@FreeBSD.ORG
Subject: Re: sendmail listening on port 587 ??!!
In-Reply-To: <49989.984993633@critter>
Message-ID: <Pine.BSF.4.21.0103191150170.3989-100000@axis.tdd.lt>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> I just found out that sendmail listens to port 587 in addition to
> port 25 now.


from 8.10.0 changelog:

        sendmail implements RFC 2476 (Message Submission), e.g., it can
                now listen on several different ports.  Use:
                O DaemonPortOptions=Name=MSA, Port=587, M=E
                to run a Message Submission Agent (MSA); this is turned
                on by default in m4-generated .cf files; it can be turned
                off with FEATURE(`no_default_msa').

As far as I understand, if you don't firewall 25 you don't have any need
to firewall this, as it speaks smtp. In fact, message submission was
desingned to be a gateway between all message transfer system and mail
user agent, thus by eliminating some checks in whole transfer layer.

As it is proposed standard, firewall configurations need to be ajusted to
that.

Cheers,
Domas Mituzas

DELFI Internet, UAB


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message