Sendmail Removed From NetBSD

Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

sendmail.cf test

[cowbutt]

But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

In that the mediocre admins will bodge some hacks into sendmail.cf to make sendmail appear to perform the job they need it to, whilst the best admins will take the presence of sendmail.cf as an indication that they need to remove sendmail and replace it with something that's actually fit [qmail.org] for [exim.org] purpose [postfix.org]? :-P

Re:Good riddance

[Kadin2048]

Yeah, I'm with you there. Aside from inertia and sysadmin familiarity, I can't quite figure out why someone would consciously choose Sendmail over the alternatives today. There are other MTAs that are faster, more secure, and miles easier to work with, that offer an equivalent or better featureset, and are just as Free.

I think it's high time we put Sendmail out to pasture.

Re:Sendmail is a pain in the ass

[nullset]

Do you complain about how complex C is because editing object files (.o) is hard?

sendmail.cf is a compiled file. If you configure sendmail with m4, the way it's supposed to be done, it's not that hard.

ttyl,

--buddy

Be serious

[lrosa]

The purpose of sendmail is to transfer mail from host A to host B, not to be a filter against mediocre SysAdmin.

I think that sendmail.cf is the worst written configuration file and a good SysAdmin has edited the SECOND part of it almost once, but never twice because the second time he removed sendmail and installed something better.

Re:The Security Concerns

[Anonymous Coward]

Honestly, I've never heard of anyone being hacked through sendmail either

Generally because people don't brag about being hacked, and folks aren't always sure about the attack vector. I run Postfix these days primarily because of speed, there is no comparison between Sendmail and Postfix on this front. I looked at QMail, but since its creator of focused on forcing me to adopt his own INIT scheme (yes, patches are available but I'd prefer ro run unpatched).

Re:The Security Concerns

[arivanov]

Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

I had. Several times back in 1996. Made me switch to qmail and after that to exim.

As far as sendmail is concerned it is a good MTA provided that:

• You have the money to pay for every edition of the "Hanging Bat" as it comes out. No point to even try doing anything moderately complex without it. Similarly you have to be a kbd+book person. Not all admins are.
• You work for a large corp or edu which has fairly complex mail handling requirements. Less complex cases can happily get around using Exim or Postfix.
• You intend to buy commercial software for some functions. The choice for commercial interfacing of archiving, compliance, AV, AntiSPAM on Unix is between milter and milter. Very few products interface into something else like exim filters.

Re:Why not overhaul sendmail?

[BenjiTheGreat98]

They are currently doing a complete recode of sendmail. It is called Sendmail X and it is supposed to have security in mind from the ground up. It's currently in beta. sendmail.org has more info about it than I do. I believe I heard it will have an easier config file as well, the .ini style that a lot of other programs use.

Litmus test

[IGnatius T Foobar]

Sendmail was more useful as a litmus test than as an MTA ;)

Actually, that was UUCP. Back when you couldn't just search the web for documentation, if you wanted to get UUCP running you had to figure it out yourself. If you could do a full mesh of three machines into a UUCP network then you were a guru indeed.

A Good Sign

[Zetta Matrix]

I don't much like sendmail, and there are better alternatives for the overwhelming majority of cases (particularly as far as standard installs go).

Here's hoping that this move by NetBSD is a sign that even more Unix-like operating systems and distributions will take this approach. The time has come for sendmail to be an option, not the default.

Re:sendmail.cf test

[tqbf]

Exim is not a secure replacement for Sendmail. qmail and Postfix were both designed explicitly for security, and include:

1. Privilege seperation
2. Rewritten IO and string libraries
3. Minimal-privilege SMTP listeners
4. The backing of a security luminary (Bernstein or Venema)

Exim was designed as a modernized SMail. It's got the same monolithic architecture as Sendmail has, meaning security vulnerabilities in Exim are less survivable than they are in qmail or Postfix, where a buffer overflow (none of which have ever been found, unlike in Exim) only gets you a one-off UID.

I don't know how Exim has managed to brand itself as one of the "secure MTAs", but it's just a marketing trick.

define("Improved" sendmail configuration)dnl

[metamatic]

sendmail.cf is a compiled file. If you configure sendmail with m4, the way it's supposed to be done, it's not that hard.

It's still garbage [maynidea.com]. Sample "improved" sendmail config:

define(`confAUTO_REBUILD')
define(`confTO_CONNECT', `1m')
define(`confTRY_NULL_MX_LIST',true)
define(`confDONT_PROBE_INTERFACES',true)
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail') dnl
define(`LOCAL_RELAY', localhost)dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl

Sample postfix config:

smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no

I know which I'd rather edit. I mean, without looking at the manual, I've no idea what that dnl crap is about.

Re:Eric Allman

[Aladrin]

Actually, Mr Grammar Nazi, what he said was correct, it probably just wasn't what he meant.

Exploits that are found and patched DO bring about a new version of the software. It's usually mixed in with a bunch of other patches, but it's there.

Maybe you should calm down and simply laugh at people that have no idea what they are saying, instead of pointlessly screaming at them. They don't CARE or they'd have made sure they had it right the first time.

Re:The Security Concerns

[arivanov]

Complex mail handling requirements such as

An example off the top of my head and by the way a real one:

• Rewrite all outgoing and interdepartamental traffic in a company with 100000+ employees so that their externally visible names comply strictly to the officially announced email addresses (John.Doe@bigcorp.com) and the uids (jd21768) are invisible. Do the same on incoming mail while taking final routing and any other information out of a directory.

While it is possible to handle this in exim or postfix it will be quite painfull at this scale. In cases like this sendmail still remains ahead of the game for cases like this due to the better LDAP support and the inherently more flexible rewrite support.

If you look in the Hanging Bat you will see quite a few more examples like this which everyone but a large corp admin will consider to be extremely obscure corner cases. In a large company you are likely to be asked for at least one of them quite often and this is what sendmail has been targeting for a long time. They have surrendered the ISP, SMB and small EDU market very long ago as it does not bring them enough support revenue.

Recently exim is starting to step on sendmail's toes with the built in perl interpreter, built in SQL and filters it is still not there. Dunno about postfix, but I doubt it. Anything else aside some of the uses of sendmail rewrite rules out there are outright mad. Nobody in their sane mind should do things like this.

Re:The Security Concerns

[arivanov]

If you can run ps2pdf you can produce a PDF document of the extensive manual...

The manual is good, but some of the insanities in it will be hard to understand without reading the Hanging Bat at least once.

I have used the manual for many years before finally surrendering and buying the most recent Bat last year. Reading it definitely made a difference. After that quite a few of the seemingly absurd featurettes started making sense, because you can see why are they there in first place.

Overall, thanks for the correction. I still stand by my words. Sendmail is for the kbd+book sysadmin subspecies. You should always have the latest Bat and the manual for the release you use on the edge of your desk.

Re:Good

[LizardKing]

I too love NetBSD, but shipping with both vi and ed is stupid. Personally, I don't think an editor should be included at all, since pkgsrc makes adding one trivial.

Re:Sendmail? Insecure?

[SillyNickName4me]

Quite interesting from a historical perspective, but the most recent bits of that information are just under a decade old. The difficult to exploit race condition earlier this year is the first serious security issue in a long time.