From owner-freebsd-arch@freebsd.org Sun Dec 10 13:13:59 2017 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E94F9E8C4F7 for ; Sun, 10 Dec 2017 13:13:59 +0000 (UTC) (envelope-from rsk@gsp.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D667A70944 for ; Sun, 10 Dec 2017 13:13:59 +0000 (UTC) (envelope-from rsk@gsp.org) Received: by mailman.ysv.freebsd.org (Postfix) id D5D49E8C4F6; Sun, 10 Dec 2017 13:13:59 +0000 (UTC) Delivered-To: arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D50D5E8C4F5 for ; Sun, 10 Dec 2017 13:13:59 +0000 (UTC) (envelope-from rsk@gsp.org) Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "taos.firemountain.net", Issuer "taos.firemountain.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E69E70943 for ; Sun, 10 Dec 2017 13:13:59 +0000 (UTC) (envelope-from rsk@gsp.org) Received: from gsp.org (localhost [127.0.0.1]) by taos.firemountain.net (8.15.1/8.14.9) with SMTP id vBADDuOX020109 for ; Sun, 10 Dec 2017 08:13:57 -0500 (EST) Date: Sun, 10 Dec 2017 08:13:56 -0500 From: Rich Kulawiec To: arch@FreeBSD.org Subject: Re: RFC: Sendmail deprecation ? Message-ID: <20171210131356.GA1900@gsp.org> References: <20171206223341.iz3vj4zz2igqczy7@ivaldir.net> <20171208074456.GA2035@ns.kevlo.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171208074456.GA2035@ns.kevlo.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Dec 2017 13:14:00 -0000 On Fri, Dec 08, 2017 at 03:44:56PM +0800, Kevin Lo wrote: > I seriously don't think dma(8) is a full featured mta. I would recommend > OpenSMTPD. OpenSMTPD makes smtp easier to implement and manage and more > secure. There is little evidence supporting these claims. OpenSMTPD is an interesting experiment and it shows some promise, but it's far from a professional MTA suitable for deployment in production environments. (And any claims about its security compared to other MTAs are wildly premature.) It's also missing quite a few features that are must-haves for anyone who is serious about running an Internet-facing MTA. Maybe in 3 or 5 or 10 years it will have those features, and maybe it will have undergone the kind of rigorous real-world vetting (perhaps "beating" would be more apropos) that postfix and sendmail and others have, but it's not there yet. At this time, I can only recommend it for small (in terms of volume, users, traffic) environments that have limited defensive requirements and do not require ready integration with other mail-related software. (Note: I'm using it in one that meets that description, as a long-running experiment in its side-by-side performance compared to that of postfix.) So should it be offered as an alternative? Yes. Should people with very limited operational requirements consider it? Yes. Should people who are willing to test it/experiment with it do so? Yes. But until it's far more thoroughly vetted, it's not suitable to be the default. ---rsk