From owner-freebsd-stable Tue Oct 3 16:20:28 2000 Delivered-To: freebsd-stable@freebsd.org Received: from cybercable.fr (r122m108.cybercable.tm.fr [195.132.122.108]) by hub.freebsd.org (Postfix) with ESMTP id 5D7B537B66C for ; Tue, 3 Oct 2000 16:20:22 -0700 (PDT) Received: (from mux@localhost) by cybercable.fr (8.11.0/8.11.0) id e93NMFp00954 for freebsd-stable@freebsd.org; Wed, 4 Oct 2000 01:22:15 +0200 (CEST) (envelope-from mux) From: Maxime Henrion Date: Wed, 4 Oct 2000 01:22:15 +0200 To: freebsd-stable@freebsd.org Subject: questions and suggestions about default sendmail configuration Message-ID: <20001004012215.A806@nebula.cybercable.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, While playing with sendmail on FreeBSD, I noticed several settings that are not optimum, in my opinion. So I post to know your feelings about it. First, I realized that sendmail is running by default on port 25 (nothing weird here ...) but on port 587 too because of this line in the sendmail.cf : O DaemonPortOptions=Port=587, Name=MSA, M=E It is probably known and wanted because I remember a thread about it a while ago. However, if someone could explain me the use of this, that'd be kind ! :-) Then, the genericstable feature is not enabled by default. I think it's a very useful feature (not well known though) and it's particularly useful on machines from which you send e-mails but that can't receive them directly on their own sendmail (like personal computers that dont have a static DNS). This kind of problems is generally solved by properly configuring the MUA, but it's in my opinion more logical and more convenient to do it at the MTA level so that users can send e-mails with any MUA (that uses sendmail to send its mails) without configuring it. To enable genericstable, these lines must be added to the freebsd.mc file : FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl Finally, the PrivacyOptions set by default allow both the usage of the EXPN and VRFY command, wich aren't a real security threat but can anyway allow someone to get some informations since it's an easy way to know wether a login exists on a system or not. Thus, it would perhaps be a good idea to add noexpn and novrfy to the PrivacyOptions (or even goaway, but it might be a bit hard by default ;). I'm waiting for your comments and I'm ready to send any patch if needed. Regards, Maxime Henrion To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message