Sendmail Removed From NetBSD 248
Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)
The Security Concerns (Score:5, Informative)
As you can see with above security concerns, Sendmail has had significant historical problems but they have been active in rectifying these problems. If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.
The largest concern seems to be the possibility of being compromised via a remote connection [deer-run.com]. If you're not using it, simply turn off the Sendmail Daemon. And I think that's why they removed it from NetBSD. Some idiot like myself might install NetBSD and leave that sucker listening on port 25. Now, there are no problems immediately because I'll have the latest version but I'm lazy and I don't patch NetBSD regularly so a few security alerts come out and then
Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?
Sendmail? Insecure? (Score:2, Informative)
They did overhaul sendmail. (Score:5, Informative)
Re:The Security Concerns (Score:2, Informative)
Re:What's the alternative? (Score:5, Informative)
Postfix has been in the tree for a while, and will now be the default MTA.
8 years after "The Worm" Snedmail is closed (Score:5, Informative)
The Internet Worm of 1988 -- Introduction by Francis Litterio
The below document tells the story of the Internet Worm of 1988 and how it effectively shut down the Internet. I didn't write it, but it's hard to find it on the net these days, so I offer it here on the theory that those who fail to learn from history are doomed to repeat it.
I remember when it happened. It was a big deal to computer people like me, but in 1988 the Internet was unknown even to the most sophisticated media reporters, and the World Wide Web had not been invented yet. I remember the NBC Evening News devoting less than 30 seconds to the topic. If an equally severe disruption of the Internet were to happen today, the President of the United States would probably hold a press conference to calm the nation.
Google Cache to the Article by Don Seeley, Univ. of Utah [64.233.187.104]
Re:Provide examples (Score:3, Informative)
Qmail is a fairly secure pretty fast MTA it is very modular and very suited to sites with multiple domains to handle.
There is others such as exim, james, etc but Sendmail, Postfix and Qmail are the 3 biggest I think next would be exim (it used to be the default in debian I don't know if it still is).
Personally I would recommend postfix if you are handling just your own email, I use postfix, courier-imapd, spamassassin, amavisd, clamav, maildrop, and procmail and I haven't had a single security incident on my system (knock on wood), additionally I have about a 99% success rate catching spam with almost no false positives.
Re:Sendmail is a pain in the ass (Score:5, Informative)
Then it's at least nine years new. The second edition of the bat-book dates to January 1997. (I don't think I've ever seen a copy of the first edition, so I don't know if the m4 config is as old as late 1993.) I've been using the m4 config since early 2000 when I first got fixed IP DSL.
Anyhow, in my experience, Sendmail also won't work right if your DNS is broken. Both the IP and MX records have to be right.
Re:Provide examples (Score:5, Informative)
The biggest architectural difference between Sendmail and Postfix is that Postfix has many small executables (arguably, many not-so-small executables) while Sendmail is monolithic. From a user's perspective this is basically transparent: the biggest benefit to a sysadmin of running Postfix is the config files, which are as close to being self-explanatory as a MTA config file can be, in my opinion.
Sendmail always struck me as a bit of a challenge to set up securely/properly (i.e. "not an open relay"); Postfix is pretty simple to get going securely, and has well-chosen default parameters (at least as I've seen it installed, on Debian) that let you set up a server that won't be immediately spewing Russian penis-enlargement emails quickly. I've never tried to set up Sendmail with SSL support, but I'm going to go out on a limb and guess that it's easier to do this with Postfix as well.
I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems). Plus I use flat mbox files and the situation may be totally different with the more modern database-type mailstores. (Yeah, yeah, I know -- 1986 called and they want their file format back and all that. But it works for me.)
There are other choices out there for MTAs, and I'm sensitive to arguments in favor of them and I'm not trying to say that Postfix is necessarily the best possible thing out there for everyone, but at least in my experience it beats the hell out of Sendmail. If somebody wants to jump in here and discuss qmail or exim, and why they think they're great, please do.
Re:This really sucks (Score:1, Informative)
Anyway, if you mean you are going to install FreeBSD over your existing NetBSD installs on "All your servers" then you are a dumbass. Sendmail is still in pkgsrc. Try this.
cd
make install
Duh.
Re:Linux is too heavy as it is... (Score:3, Informative)
Re:Replacement? (Score:5, Informative)
Re:Be serious (Score:3, Informative)
When you look at modern programs with their fancy-pants SQL and XML configurations, they may be easier for a human being to understand; but they're also a hell of a lot of work for the computer to understand, precisely because of all the human-readable cruft. Twenty or thirty years ago, there wasn't the computing power to waste on processing such a config file; it was simply less effort, and more productive, to get a human being to bond well enough with the computer to be able to create a sendmail.cf from scratch.
Re:The Security Concerns (Score:3, Informative)
As for milters, the latest Postfix snapshots are adding milter support.
Because it's broken from the ground up (Score:3, Informative)
Re:A Good Sign (Score:1, Informative)
I'm curious, how many systems still ship sendmail as the default MTA?
cron (Score:3, Informative)
Just an FYI, on both NetBSD and OpenBSD (and also FreeBSD, AFAIK), the out-of-the-box configuration has sendmail listening only on 127.0.0.1 and
While pkgsrc does make installation very easy, the stuff in base undergoes more throrough audits, and usually has {Net,Open,Free}BSD-specific patches to it. While pkgsrc includes patches as well, those are usually just what's sufficient to make it run on $platform.
Re:The Security Concerns (Score:5, Informative)
http://www.postfix.org/generic.5.html [postfix.org]
http://www.postfix.org/ADDRESS_REWRITING_README.h
http://www.postfix.org/transport.5.html [postfix.org]
Pretty trivial stuff.
Re:This really sucks (Score:1, Informative)
Since the folks (well, all the ones asked before this was done) using sendmail weren't using the sendmail in base, it seems like litle will be lost by removing it.
Re:define("Improved" sendmail configuration)dnl (Score:2, Informative)
>
> The M4 macro preprocessing tends to insert a lot of extra blank lines into the
> resulting
> characters.
>
> Yes, it is stupid.
Actually, you are, because you're wrong!
I don't know exactly what it stands for, but it's purpose is to "ignore rest of line", in other words, do exactly as '#' does in shell scripts etc.
"delete (to) newline"
or "disregard to newline" ?
Dunno.. Yeah, stupid name, but at least it does something more useful than you thought!