Date: Wed, 14 Feb 2001 13:56:07 -0800 (PST) From: David Wolfskill <dhw@whistle.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: security settings documentation Message-ID: <200102142156.f1ELu7P63294@pau-amma.whistle.com> In-Reply-To: <Pine.BSF.4.21.0102141638540.15577-100000@mail.wlcg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Wed, 14 Feb 2001 16:43:58 -0500 (EST) >From: Rob Simmons <rsimmons@wlcg.com> >I would disagree with -bd being mandatory. Sure it is needed if the >server is a mailserver or needs to recieve mail for some reason. I agree >that it should be "-bd -q30m" in /etc/defaults/rc.conf, but I think the >"High" security profile should have only -q30m. In fact I think the >Fascist level should have this setting instead of disabling sendmail >altogether. >If you disable sendmail altogether, doesn't that keep the daily/weekly >root mails from being sent? -bd says to start sendmail as a daemon, listening on TCP/25 (SMTP). -q30m says to automatically "run the queue" (check the queue for undelivered mail and try to deliver it) every 30 minutes. It is not necessary to run a sendmail daemon at all in order to merely send locally-generated mail, and it is only necessary to run the queue if mail gets stuck there. (An alternative to having the daemon run the queue periodically is to fire up "sendmail -q" via cron.) (My news server does not have anything listening on TCP/25, nor is sendmail configured to run the queue; it sends the daily, weekly, & monthly reports to me just fine.) Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator Desk: 650/577-7158 TIE: 8/499-7158 Cell: 650/759-0823 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102142156.f1ELu7P63294>