From owner-freebsd-stable Wed Oct 4 11:40:20 2000 Delivered-To: freebsd-stable@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 6EDD937B66D for ; Wed, 4 Oct 2000 11:40:17 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.11.1/8.11.1) id e94Idvd09880; Wed, 4 Oct 2000 11:39:57 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-ID: <14811.31101.675079.926@horsey.gshapiro.net> Date: Wed, 4 Oct 2000 11:39:57 -0700 (PDT) From: Gregory Neil Shapiro To: Maxime Henrion Cc: freebsd-stable@FreeBSD.ORG Subject: Re: questions and suggestions about default sendmail configuration In-Reply-To: <20001004012215.A806@nebula.cybercable.fr> References: <20001004012215.A806@nebula.cybercable.fr> X-Mailer: VM 6.75 under 21.2 (beta36) "Notus" XEmacs Lucid Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG mux> First, I realized that sendmail is running by default on port 25 mux> (nothing weird here ...) but on port 587 too because of this line in= mux> the sendmail.cf : mux> O DaemonPortOptions=3DPort=3D587, Name=3DMSA, M=3DE mux> It is probably known and wanted because I remember a thread about it= a mux> while ago. However, if someone could explain me the use of this, mux> that'd be kind ! :-) =46rom the RELEASE_NOTES: sendmail implements RFC 2476 (Message Submission), e.g., it can now listen on several different ports. Use: O DaemonPortOptions=3DName=3DMSA, Port=3D587, M=3DE to run a Message Submission Agent (MSA); this is turned on by default in m4-generated .cf files; it can be turned off with FEATURE(`no_default_msa'). mux> Then, the genericstable feature is not enabled by default. mux> To enable genericstable, these lines must be added to the freebsd.mc= mux> file : mux> FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl mux> GENERICS_DOMAIN_FILE(`/etc/mail/generics-domains')dnl I more inclined to push for users configuring features they need rather than pushing them in the default configuration. Additionally, in practic= e, I actually don't see a lot of sites using genericstable. mux> Finally, the PrivacyOptions set by default allow both the usage of t= he mux> EXPN and VRFY command, wich aren't a real security threat but can mux> anyway allow someone to get some informations since it's an easy way= mux> to know wether a login exists on a system or not. Thus, it would mux> perhaps be a good idea to add noexpn and novrfy to the PrivacyOption= s mux> (or even goaway, but it might be a bit hard by default ;). I do agree with this one however. I'll add it to my list of things to do= =2E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message