From owner-freebsd-stable Sun Nov 25 17:17:46 2001 Delivered-To: freebsd-stable@freebsd.org Received: from jochem.dyndns.org (cc40670-a.groni1.gr.nl.home.com [217.120.131.23]) by hub.freebsd.org (Postfix) with ESMTP id 1FE8737B419 for ; Sun, 25 Nov 2001 17:17:40 -0800 (PST) Received: (from jochem@localhost) by jochem.dyndns.org (8.11.6/8.11.6) id fAQ1Hh750052 for freebsd-stable@FreeBSD.org; Mon, 26 Nov 2001 02:17:43 +0100 (CET) (envelope-from jochem) Date: Mon, 26 Nov 2001 02:17:43 +0100 From: Jochem Kossen To: freebsd-stable@FreeBSD.org Subject: Re: patch for /usr/src/etc/sendmail/freebsd.mc to disable submission (close port 587) Message-ID: <20011126021743.A49942@jochem.dyndns.org> Mail-Followup-To: freebsd-stable@FreeBSD.org References: <20011126000211.A27034@jochem.dyndns.org> <20011125160446.B3967@zardoc.esmtp.org> <20011126012116.A49715@jochem.dyndns.org> <20011125164341.A22232@zardoc.esmtp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011125164341.A22232@zardoc.esmtp.org>; from freebsd+stable@esmtp.org on Sun, Nov 25, 2001 at 04:43:41PM -0800 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Nov 25, 2001 at 04:43:41PM -0800, Claus Assmann wrote: > On Mon, Nov 26, 2001, Jochem Kossen wrote: > > I'm on the mailing list, so you don't need to do this: > Mail-Followup-To: Claus Assmann , > Jochem Kossen , freebsd-stable@FreeBSD.ORG Yes...it's the reply-group function of mutt :) > I've set it (again) to: > Mail-Followup-To: freebsd-stable@FreeBSD.ORG > > > On Sun, Nov 25, 2001 at 04:04:46PM -0800, Claus Assmann wrote: > > > On Mon, Nov 26, 2001, Jochem Kossen wrote: > > > > I wonder why by default, the submission function of sendmail (which is > > > > to my knowledge rarely used) is enabled, so i created a small a patch > > > > for disabling it, maybe it could be used? > > > > If not, could someone explain to me whoever uses the thing? :) > > > > > > We (i.e., the authors of sendmail) have enabled it by default to > > > encourage its use. If you turn it off, how do you expect that other > > > programs will actually use it? > > > > By documenting it? People will enable it if they need it. In my opinion, > > every extra open port on a computer is a security risk. > > Many people don't read documentation. Just check the amount of > questions "Why is port 587 open?" in comp.mail.sendmail. Then you should document it more clearly. Put a link on the website between

tags that says "Click here to find the anser on how to use the MSA feature" or something like that. > It's right there in the release notes... sendmail implements RFC 2476 (Message Submission), e.g., it can now listen on several different ports. Use: O DaemonPortOptions=Name=MSA, Port=587, M=E to run a Message Submission Agent (MSA); this is turned on by default in m4-generated .cf files; it can be turned off with FEATURE(`no_default_msa'). ^^ that's from the release notes. It doesn't say _why_ it is enabled by default.. > By turning on features by default we support their usage. sendmail > is often the first to support new features and then others follow.2 OK, but it should be FreeBSD's choice wether or not to enable it. Aside from that, i think it's fine to support the MSA, but i don't think it should be enabled by default. > That's also the reason why sendmail uses STARTTLS if it's compiled > in and the other side offers it. That uncovered some broken MTAs > which have been fixed even though it took a lot of pressure. Right, the pressure worked. But for the MSA thing, i don't see a lot of pressure coming from sendmail's direction... > > As seen from your side, it has been enabled for quite some time now, did > > it work? Are there programs which actually use it? Are those programs > > widely used? If yes to all questions, then my patch shouldn't be used in > > the default freebsd sources. Otherwise, i think it should. > > I don't know, I don't have any statistics. Maybe we switch our MSP > in the next release to use port 587 by default. The more people > switch to the MSA the easier will be the next transition: a cleaner > separation of MTA and MSA. I still haven't heard one hard argument on why it should be enabled by default with FreeBSD. It may be my stupidity(believe me ;)). I do think the MSA is a good thing, i just don't like it being enabled by default. I think it's only useful for people who know what it is, and how it works. Therefore, i still think it should be disabled by default on FreeBSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message