Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Oct 2000 11:39:57 -0700 (PDT)
From:      Gregory Neil Shapiro <gshapiro@gshapiro.net>
To:        Maxime Henrion <mux@qualys.com>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: questions and suggestions about default sendmail configuration
Message-ID:  <14811.31101.675079.926@horsey.gshapiro.net>
In-Reply-To: <20001004012215.A806@nebula.cybercable.fr>
References:  <20001004012215.A806@nebula.cybercable.fr>
index | next in thread | previous in thread | raw e-mail 

mux> First, I realized that sendmail is running by default on port 25
mux> (nothing weird here ...) but on port 587 too because of this line in
mux> the sendmail.cf :

mux> O DaemonPortOptions=Port=587, Name=MSA, M=E

mux> It is probably known and wanted because I remember a thread about it a
mux> while ago. However, if someone could explain me the use of this,
mux> that'd be kind ! :-)

From the RELEASE_NOTES:

	sendmail implements RFC 2476 (Message Submission), e.g., it can
		now listen on several different ports.  Use:
		O DaemonPortOptions=Name=MSA, Port=587, M=E
		to run a Message Submission Agent (MSA); this is turned
		on by default in m4-generated .cf files; it can be turned
		off with FEATURE(`no_default_msa').

mux> Then, the genericstable feature is not enabled by default.

mux> To enable genericstable, these lines must be added to the freebsd.mc
mux> file :

mux> FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl
mux> GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl

I more inclined to push for users configuring features they need rather
than pushing them in the default configuration.  Additionally, in practice,
I actually don't see a lot of sites using genericstable.

mux> Finally, the PrivacyOptions set by default allow both the usage of the
mux> EXPN and VRFY command, wich aren't a real security threat but can
mux> anyway allow someone to get some informations since it's an easy way
mux> to know wether a login exists on a system or not. Thus, it would
mux> perhaps be a good idea to add noexpn and novrfy to the PrivacyOptions
mux> (or even goaway, but it might be a bit hard by default ;).

I do agree with this one however.  I'll add it to my list of things to do.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14811.31101.675079.926>