From owner-freebsd-stable Sun Nov 25 16:44:17 2001 Delivered-To: freebsd-stable@freebsd.org Received: from zardoc.esmtp.org (adsl-63-195-85-27.dsl.snfc21.pacbell.net [63.195.85.27]) by hub.freebsd.org (Postfix) with ESMTP id D31FE37B417 for ; Sun, 25 Nov 2001 16:44:12 -0800 (PST) Received: from zardoc.esmtp.org (localhost [127.0.0.1]) by zardoc.esmtp.org (8.12.2.Beta1/8.12.1) with ESMTP id fAQ0hgxg032739 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sun, 25 Nov 2001 16:43:42 -0800 (PST) Received: (from ca@localhost) by zardoc.esmtp.org (8.12.2.Beta1/8.12.1/Submit) id fAQ0hg3X003142; Sun, 25 Nov 2001 16:43:42 -0800 (PST) Date: Sun, 25 Nov 2001 16:43:41 -0800 From: Claus Assmann To: freebsd-stable@FreeBSD.ORG Cc: Jochem Kossen Subject: Re: patch for /usr/src/etc/sendmail/freebsd.mc to disable submission (close port 587) Message-ID: <20011125164341.A22232@zardoc.esmtp.org> Mail-Followup-To: freebsd-stable@FreeBSD.ORG References: <20011126000211.A27034@jochem.dyndns.org> <20011125160446.B3967@zardoc.esmtp.org> <20011126012116.A49715@jochem.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <20011126012116.A49715@jochem.dyndns.org>; from j.kossen@home.nl on Mon, Nov 26, 2001 at 01:21:16AM +0100 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Nov 26, 2001, Jochem Kossen wrote: I'm on the mailing list, so you don't need to do this: Mail-Followup-To: Claus Assmann , Jochem Kossen , freebsd-stable@FreeBSD.ORG I've set it (again) to: Mail-Followup-To: freebsd-stable@FreeBSD.ORG > On Sun, Nov 25, 2001 at 04:04:46PM -0800, Claus Assmann wrote: > > On Mon, Nov 26, 2001, Jochem Kossen wrote: > > > I wonder why by default, the submission function of sendmail (which is > > > to my knowledge rarely used) is enabled, so i created a small a patch > > > for disabling it, maybe it could be used? > > > If not, could someone explain to me whoever uses the thing? :) > > > > We (i.e., the authors of sendmail) have enabled it by default to > > encourage its use. If you turn it off, how do you expect that other > > programs will actually use it? > > By documenting it? People will enable it if they need it. In my opinion, > every extra open port on a computer is a security risk. Many people don't read documentation. Just check the amount of questions "Why is port 587 open?" in comp.mail.sendmail. It's right there in the release notes... By turning on features by default we support their usage. sendmail is often the first to support new features and then others follow. That's also the reason why sendmail uses STARTTLS if it's compiled in and the other side offers it. That uncovered some broken MTAs which have been fixed even though it took a lot of pressure. > As seen from your side, it has been enabled for quite some time now, did > it work? Are there programs which actually use it? Are those programs > widely used? If yes to all questions, then my patch shouldn't be used in > the default freebsd sources. Otherwise, i think it should. I don't know, I don't have any statistics. Maybe we switch our MSP in the next release to use port 587 by default. The more people switch to the MSA the easier will be the next transition: a cleaner separation of MTA and MSA. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message