From owner-freebsd-security Wed Feb 14 13:45:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4]) by hub.freebsd.org (Postfix) with ESMTP id C881237B491 for ; Wed, 14 Feb 2001 13:45:04 -0800 (PST) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.2/8.11.2) with ESMTP id f1ELhwa36850; Wed, 14 Feb 2001 16:43:58 -0500 (EST) (envelope-from rsimmons@wlcg.com) Date: Wed, 14 Feb 2001 16:43:58 -0500 (EST) From: Rob Simmons To: Mikhail Kruk Cc: Ragnar Beer , freebsd-security@FreeBSD.ORG Subject: Re: security settings documentation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would disagree with -bd being mandatory. Sure it is needed if the server is a mailserver or needs to recieve mail for some reason. I agree that it should be "-bd -q30m" in /etc/defaults/rc.conf, but I think the "High" security profile should have only -q30m. In fact I think the Fascist level should have this setting instead of disabling sendmail altogether. If you disable sendmail altogether, doesn't that keep the daily/weekly root mails from being sent? Robert Simmons Systems Administrator http://www.wlcg.com/ On Wed, 14 Feb 2001, Mikhail Kruk wrote: > I have > sendmail_flags="-bd -q30m" # -bd is pretty mandatory. > and it seems that it has been default at least since 2.2.8, may be > before. > > > Very good idea! It's the default setting in OpenBSD. > > > > Ragnar > > > > >Also, for the "High" security setting, shouldn't this be in there: > > > > > > variable_set2("sendmail_flags", "-q30m", 1); > > > > > >That way sendmail doesn't open port 25. > > > > > >Robert Simmons > > >Systems Administrator > > >http://www.wlcg.com/ > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message