Date: Fri, 24 Mar 2000 19:57:12 -0500 From: Bob Johnson <bobj@atlantic.net> To: Brad Knowles <blk@skynet.be>, Garance A Drosihn <drosih@rpi.edu>, Robert Watson <robert+freebsd@cyrus.watson.org>, Bob Johnson <bobj@atlantic.net> Cc: Warner Losh <imp@village.org>, audit@FreeBSD.ORG Subject: Re: Portmapper enabled, IPv6 circumvents FW Message-ID: <3.0.6.32.20000324195712.009ab100@rio.atlantic.net> In-Reply-To: <v04220806b501a2a30f3a@[195.238.1.121]> References: <v0421010fb5014bb01bc1@[128.113.24.47]> <Pine.NEB.3.96L.1000324083722.38246A-100000@fledge.watson.org> <v0421010fb5014bb01bc1@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
At 11:55 PM 03/24/2000 +0100, Brad Knowles wrote: >At 12:07 PM -0500 2000/3/24, Garance A Drosihn wrote: > >> I don't know what knobs freebsd has for sendmail, but perhaps >> we could have a similar option there. Setup sendmail so people >> can 'mail' other people (running sendmail via crontab to empty >> out any pending messages), but not accept mail? I am not sure >> that is a really good idea though... > > rc.conf has default flags to pass to the sendmail daemon, if >you're going to start it up. I suggest leaving off "-bd" by default, >so that it will fire off queue runners when necessary, but won't >listen to port 25 unless this option is specifically added. > I don't run sendmail as a daemon on my personal workstation. What I tell anyone who will listen (not many) is that they should make a clear distinction between setting up a workstation or setting up a server. Servers get no user shell accounts except those required to manage them. A workstation gets no network services except the very few that have some specific reason to exist on that system. Most new users of Linux (many of which we hope will end up with FreeBSD) seem to be setting up what are primarily single-user workstations that sometimes serve as the www/ftp server for a workgroup. Such a system does not need sendmail running, because all of its mail needs are handled by an organizational pop/imap/ smtp server. It also is not part of any collection of trusted hosts, so it has no need for another handful of daemons that are mysteriously enabled by default on many Linux distributions. So, what _I_ would like to see (if something more elaborate is not feasible) is an install process that includes two basic choices: (1) set up a workstation, or (2) set up a server. The details of what that means are a matter of personal taste, but beginners need some guidance in developing that taste 8). I'd limit a workstation configuration to offering no network services other than ssh, maybe telnet with S/KEY already enabled and initialized (if that can be arranged), and (as an option) Samba plus something that makes it easy to participate in a Windows workgroup or domain as a client (I haven't used Samba recently, but it didn't make a convenient client last time I did). I know some of this doesn't fit the current install process very cleanly, but I think the general concept is worth persuing. I'd move this discussion to another list, but I'm not sure where it belongs. I'm pretty sure it no longer fits audit. -- Bob +-------------------------------------------------------- | Bob Johnson | bobj@atlantic.net +-------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.6.32.20000324195712.009ab100>