Date: Wed, 13 Dec 2017 07:21:02 -0600 From: Mike Karels <karels@FreeBSD.org> To: "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: RFC: Sendmail deprecation ? Message-ID: <201712131321.vBDDL29q039904@mail.karels.net>
next in thread | raw e-mail | index | archive | help
It is clear that there isn't a consensus on a single choice of MTA,
and that is fine. Here is a summary of my take on current options
after reading the discussion to this point:
First, we seem to agree that the target for a default setup is not
that of an Internet-facing MTA, which requires some thought and
configuration. Instead, the target is an originate-only system
that does either on-box mail delivery or outbound delivery. At the
very least, it can deliver the sysadmin emails configured by default.
The options that have been presented:
o Use dma. That would apparently suffice for some systems, and is already
in base. However, in my opinion, it is missing some capabilities that
some sites (including mine) may require:
- .forward processing
- Its masqerade configuration seems to be too simplistic, e.g.
masquerade all or nothing, rather then exempting root and other
specified system users.
- Some mail clients, e.g. perl packages that we use at $JOB, connect
to localhost:25 (or SMTP on some other host) rather than invoking
"sendmail" directly. dma will not support these.
In addition, it is not as well integrated into the system. It wasn't
immediately obvious to me how to enable it, until I followed the
"See Also" to mailwrapper; I guess I knew that at one time. It also
requires manual configuration of TLS and a certificate if you want to
use TLS.
o Use the sendmail in base, configured for submission only. This is
completely integrated and works out of the box. It has none of the
limitations listed for dma. IIRC, a certificate is generated automatically
so that TLS could work with no additional configuration. Presumably this
could be done for dma as well, but it has not been done.
o Use the sendmail in ports. This is apparently more full-featured, but not
as nicely integrated with FreeBSD. No one has volunteered to resolve this
so far. Or maybe it isn't that hard. But it wouldn't work "out of the
box;" the system woudln't have this MTA available until manually installed.
o Use some other MTA, e.g. OpenSMTPD. Of course there are Postfix, Exim
and probably others, mostly aimed at full-service MTAs. I know little
about these, but they are not pre-configured. (OK, I once configured
an Exim system and got it to do what was required for a test, but I've
blocked it from my mind.)
Another issue that has been brought up:
o It's a bother to remove sendmail to replace it with something else if it
is not a package. I don't understand; isn't it just a matter of putting
sendmail_submit_enable="NO" into /etc/rc.conf to be ready to configure
something else? Or are people so short of disk space that they need to
remove the binary, config files, etc?
It seems to me that the option that is best-integrated, and which serves
the needs of the greatest number of systems, is the sendmail in base. I still
favor a configuration step that selects one of a small number of MTA choices
and configures it, but we don't seem to have a framework for doing that now
if we want something to be working out-of-the box. Thus, I think that
removing sendmail from base now would make the system less flexible and
usable.
Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712131321.vBDDL29q039904>