Date: Sat, 20 Jun 2015 23:12:19 -0700 From: Gregory Shapiro <gshapiro@gshapiro.net> To: Jamie Landeg-Jones <jamie@dyslexicfish.net> Cc: freebsd-stable@freebsd.org Subject: Re: Last openssl update brakes localhost email sending Message-ID: <20150621061219.GD51738@minime.local> In-Reply-To: <201506182302.t5IN2l82090847@dyslexicfish.net> References: <CAAoTqft7wRi9Ov_oiCk64HwbT%2BrXn-AvkOd-%2BVeFhq_s8bE7NA@mail.gmail.com> <CAAoTqfvchXndzgCRDyJXCz%2BUOi93w1v-vvKvoLMgPLk6cHh4Dw@mail.gmail.com> <5582C749.9060801@sentex.net> <20150618150404.GA42082@minime.local> <CAAoTqftnG1WoyN81eSfBO=_G%2Be9ZQYCssO_=j5ymv=L%2BZ3jnVQ@mail.gmail.com> <201506182302.t5IN2l82090847@dyslexicfish.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm curious... Why is localhost delivery encrypted by default in the first place? sendmail, when acting as a client, employs opportunistic encryption by default. Local mail submission done via command line uses the MSP configuration /etc/mail/submit.cf to send the mail. That submit.cf is built to relay the mail to an MTA host, localhost by default, but can be configured to use a central mail server as well if desired (e.g., for a centralized mail hub, centralized queue management, etc.). The standard submit.cf makes no assumptions about the location of the MTA host and therefore doesn't disable encryption. > The only reason I can think of is if there is some unencrypted TCP > relayed 'tunnel', that has been set up not using ssh or some other > encrypted transport. One other use case (likely not a concern) is to prevent other privileged users from easily snooping localhost traffic (`tcpdump -i lo0 -X -s 0 port 25`).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150621061219.GD51738>