Date: Wed, 14 Feb 2001 16:43:58 -0500 (EST) From: Rob Simmons <rsimmons@wlcg.com> To: Mikhail Kruk <meshko@cs.brandeis.edu> Cc: Ragnar Beer <rbeer@uni-goettingen.de>, freebsd-security@FreeBSD.ORG Subject: Re: security settings documentation Message-ID: <Pine.BSF.4.21.0102141638540.15577-100000@mail.wlcg.com> In-Reply-To: <Pine.LNX.4.30.0102141630390.32692-100000@eros.cs.brandeis.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I would disagree with -bd being mandatory. Sure it is needed if the server is a mailserver or needs to recieve mail for some reason. I agree that it should be "-bd -q30m" in /etc/defaults/rc.conf, but I think the "High" security profile should have only -q30m. In fact I think the Fascist level should have this setting instead of disabling sendmail altogether. If you disable sendmail altogether, doesn't that keep the daily/weekly root mails from being sent? Robert Simmons Systems Administrator http://www.wlcg.com/ On Wed, 14 Feb 2001, Mikhail Kruk wrote: > I have > sendmail_flags="-bd -q30m" # -bd is pretty mandatory. > and it seems that it has been default at least since 2.2.8, may be > before. > > > Very good idea! It's the default setting in OpenBSD. > > > > Ragnar > > > > >Also, for the "High" security setting, shouldn't this be in there: > > > > > > variable_set2("sendmail_flags", "-q30m", 1); > > > > > >That way sendmail doesn't open port 25. > > > > > >Robert Simmons > > >Systems Administrator > > >http://www.wlcg.com/ > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102141638540.15577-100000>