From owner-freebsd-security  Sun Jun 16 21:29:59 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id VAA11707
          for security-outgoing; Sun, 16 Jun 1996 21:29:59 -0700 (PDT)
Received: from palmer.demon.co.uk (palmer.demon.co.uk [158.152.50.150])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA11701
          for <freebsd-security@FreeBSD.ORG>; Sun, 16 Jun 1996 21:29:51 -0700 (PDT)
Received: from palmer.demon.co.uk (localhost [127.0.0.1])
	  by palmer.demon.co.uk (sendmail/PALMER-1) with ESMTP id FAA26932;
	  Mon, 17 Jun 1996 05:29:17 +0100 (BST)
To: TWC <twc@ns.calyx.com>
cc: freebsd-security@FreeBSD.ORG
From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Subject: Re: Secure way to do mail 
In-reply-to: Your message of "Sun, 16 Jun 1996 22:47:20 EDT."
             <Pine.NEB.3.94.960616224105.10754C-100000@mojo.calyx.net> 
Date: Mon, 17 Jun 1996 05:29:15 +0100
Message-ID: <26930.834985755@palmer.demon.co.uk>
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

TWC wrote in message ID
<Pine.NEB.3.94.960616224105.10754C-100000@mojo.calyx.net>:
> Doesn't sendmail need to be setuid at least to bind to the priveleged
> port?  I'm under the impression that starting it from inetd is a "bad
> idea" in that inetd craps out when many connections are opened at one (a
> situation that happens commonsly as lists come into our shell machine.)

I was meaning that you use SMAP as the mail collection agent to pass
through to a non-setuid sendmail, and use procmail for local
delivery. There is no way to keep a MTA out of the equation, I'm
afraid.

> I have procmail installed now as the sendmail local delivery agent.  I was
> hoping to somehow take advantage of smap's extreme simplicity.  I like the
> idea of a very simple, reliable, solidly coded program answering on port
> 25.  

See above. But because smap is so simple, it cannot do half the work
that sendmail actually does, and you still need to invoke a lot more
complicated piece of code than either smap or procmail. If you hate
sendmail so much tho, there are alternative MTA's you can use. smail,
MMDF and PP all spring to mind, and a friend recently pointed me at
qmail as a new MTA. (you'll have to archie for these, sorry)

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info