From owner-freebsd-security  Wed Feb 14 13:45:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4])
	by hub.freebsd.org (Postfix) with ESMTP id C881237B491
	for <freebsd-security@FreeBSD.ORG>; Wed, 14 Feb 2001 13:45:04 -0800 (PST)
Received: from localhost (rsimmons@localhost)
	by mail.wlcg.com (8.11.2/8.11.2) with ESMTP id f1ELhwa36850;
	Wed, 14 Feb 2001 16:43:58 -0500 (EST)
	(envelope-from rsimmons@wlcg.com)
Date: Wed, 14 Feb 2001 16:43:58 -0500 (EST)
From: Rob Simmons <rsimmons@wlcg.com>
To: Mikhail Kruk <meshko@cs.brandeis.edu>
Cc: Ragnar Beer <rbeer@uni-goettingen.de>,
	freebsd-security@FreeBSD.ORG
Subject: Re: security settings documentation
In-Reply-To: <Pine.LNX.4.30.0102141630390.32692-100000@eros.cs.brandeis.edu>
Message-ID: <Pine.BSF.4.21.0102141638540.15577-100000@mail.wlcg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I would disagree with -bd being mandatory.  Sure it is needed if the
server is a mailserver or needs to recieve mail for some reason.  I agree
that it should be "-bd -q30m" in /etc/defaults/rc.conf, but I think the
"High" security profile should have only -q30m.  In fact I think the
Fascist level should have this setting instead of disabling sendmail
altogether.

If you disable sendmail altogether, doesn't that keep the daily/weekly
root mails from being sent?

Robert Simmons
Systems Administrator
http://www.wlcg.com/

On Wed, 14 Feb 2001, Mikhail Kruk wrote:

> I have
> sendmail_flags="-bd -q30m" # -bd is pretty mandatory.
> and it seems that it has been default at least since 2.2.8, may be
> before.
> 
> > Very good idea! It's the default setting in OpenBSD.
> >
> > Ragnar
> >
> > >Also, for the "High" security setting, shouldn't this be in there:
> > >
> > >     variable_set2("sendmail_flags", "-q30m", 1);
> > >
> > >That way sendmail doesn't open port 25.
> > >
> > >Robert Simmons
> > >Systems Administrator
> > >http://www.wlcg.com/
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message