Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×

Sendmail Removed From NetBSD 248

Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)
This discussion has been archived. No new comments can be posted.

Sendmail Removed From NetBSD

Comments Filter:
  • by eldavojohn ( 898314 ) * <eldavojohn@gSTRAWmail.com minus berry> on Wednesday May 31, 2006 @07:38AM (#15434431) Journal
    Well, I don't think that a short note covered much at all on why they removed it so I did some investigative work. Disclaimer: I use sendmail although I am by no means an expert at it. I'm ignoring pre-2k security issues [wikipedia.org] as that is older than five years ago.
    • A security alert [cert.org] from March of 2003 in which Sendmail has been determined to contain a buffer overflow vulnerability.
    • Another security alert [cert.org] from later that year.
    • A security alert [cert.org] also from 2003 regarding a remote buffer overflow.
    • A security alert [cert.org] from 2002 regarding a trojan horse horse sendmail distro.
    • Some freebsd specific [cert.org] Sendmail alerts.
    • A security alert [us-cert.gov] from March of 2006 (this year) regarding a race condition that may allow remote code execution by an arbitrary user.
    • A plethera of similar or smaller security concerns [cert.org] can easily be found.
    • The most recent release of Sendmail [sendmail.org] involves things like fixing possible integer overflows & unsafe use of setjmp(3)/longjmp(3) or adding time outs.

    As you can see with above security concerns, Sendmail has had significant historical problems but they have been active in rectifying these problems. If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.

    The largest concern seems to be the possibility of being compromised via a remote connection [deer-run.com]. If you're not using it, simply turn off the Sendmail Daemon. And I think that's why they removed it from NetBSD. Some idiot like myself might install NetBSD and leave that sucker listening on port 25. Now, there are no problems immediately because I'll have the latest version but I'm lazy and I don't patch NetBSD regularly so a few security alerts come out and then ... well, you know the rest.

    Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?
    • Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

      What I have witnessed a lot is people who run sendmail as an open relay because they don't know any better. Not to say you can't also configure qmail or postfix to be an open relay.

      The biggest reason I switched away from sendmail was I did lose data because of mbox file corruption on two occasions. Maildir is much better at protecting against that.

      Qmail/Qmail-Scanner/Qmail-SPP have been doing
      • by arivanov ( 12034 ) on Wednesday May 31, 2006 @08:10AM (#15434589) Homepage
        Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

        I had. Several times back in 1996. Made me switch to qmail and after that to exim.

        As far as sendmail is concerned it is a good MTA provided that:

        • You have the money to pay for every edition of the "Hanging Bat" as it comes out. No point to even try doing anything moderately complex without it. Similarly you have to be a kbd+book person. Not all admins are.
        • You work for a large corp or edu which has fairly complex mail handling requirements. Less complex cases can happily get around using Exim or Postfix.
        • You intend to buy commercial software for some functions. The choice for commercial interfacing of archiving, compliance, AV, AntiSPAM on Unix is between milter and milter. Very few products interface into something else like exim filters.
        • by dodobh ( 65811 )
          Complex mail handling requirements such as? Postfix handles most stuff fine (and if you have really complex policies, pushing those policies into an external policy daemon is recommended).

          As for milters, the latest Postfix snapshots are adding milter support.
          • by arivanov ( 12034 ) on Wednesday May 31, 2006 @10:25AM (#15435797) Homepage
            Complex mail handling requirements such as

            An example off the top of my head and by the way a real one:

            • Rewrite all outgoing and interdepartamental traffic in a company with 100000+ employees so that their externally visible names comply strictly to the officially announced email addresses (John.Doe@bigcorp.com) and the uids (jd21768) are invisible. Do the same on incoming mail while taking final routing and any other information out of a directory.

            While it is possible to handle this in exim or postfix it will be quite painfull at this scale. In cases like this sendmail still remains ahead of the game for cases like this due to the better LDAP support and the inherently more flexible rewrite support.

            If you look in the Hanging Bat you will see quite a few more examples like this which everyone but a large corp admin will consider to be extremely obscure corner cases. In a large company you are likely to be asked for at least one of them quite often and this is what sendmail has been targeting for a long time. They have surrendered the ISP, SMB and small EDU market very long ago as it does not bring them enough support revenue.

            Recently exim is starting to step on sendmail's toes with the built in perl interpreter, built in SQL and filters it is still not there. Dunno about postfix, but I doubt it. Anything else aside some of the uses of sendmail rewrite rules out there are outright mad. Nobody in their sane mind should do things like this.

        • You have the money to pay for every edition of the "Hanging Bat" as it comes out. No point to even try doing anything moderately complex without it. Similarly you have to be a kbd+book person. Not all admins are.

          Ridiculous. If you can run ps2pdf you can produce a PDF document of the extensive manual included in every sendmail release. It has everything the Bat book has, and is up-to-date with each release. All I needed to know to get a spam Milter working I read in op.me.

          You work for a large corp or edu
          • If you can run ps2pdf you can produce a PDF document of the extensive manual...

            The manual is good, but some of the insanities in it will be hard to understand without reading the Hanging Bat at least once.

            I have used the manual for many years before finally surrendering and buying the most recent Bat last year. Reading it definitely made a difference. After that quite a few of the seemingly absurd featurettes started making sense, because you can see why are they there in first place.

            Overall, thanks

      • The biggest reason I switched away from sendmail was I did lose data because of mbox file corruption on two occasions. Maildir is much better at protecting against that.

        Sendmail really doesn't care what format the mail is ultimately stored in; that's not sendmail's job anyway. That's the job of the delivery agent, which for most people is procmail. Procmail can deliver to either mbox or Maildir. I've been happily using sendmail and delivering to Maildir boxes for several years now. Works great.

        There i

        • qmail works almost perfectly for me, except in how it handles bounces by default, but that's another issue.

          With qmail-filter qmail supports in-line filtering of your messages through various software like virus scanners, etc. during the delivery process, but I'd like it earlier as well.

          Just out of curiousity, what features do you like (specifically) best about how milter works?
    • by Anonymous Coward on Wednesday May 31, 2006 @08:05AM (#15434562)
      Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?

      Some time ago there was a 'hacker' movie made here in Poland. And there was a rather funny scene, where two main characters were trying to break into some server. Best part below:

      (from memory)
      H1: Wow, this thing is a real fortress...
      H2: Did you try to get through sendmail using emacs?
      • It's obviously the same people who wrote Swordfish, with the "Triple DES connection" linking into every bank. Normally my suspension of disbelief is quite good, but I actually burst out laughing at that one.
    • I'm not sure about NetBSD, but in FreeBSD you can remove Sendmail entirely. Add "NO_SENDMAIL=true" to make.conf. During your next buildworld sendmail (and related stuff) will not be built. After installworld, do a search for old files - particularly /usr/libexec/sendmail I think is the location. Then install another MTA from ports if you need one.
    • by sgent ( 874402 ) on Wednesday May 31, 2006 @08:21AM (#15434644)
      You've never heard of a security issue with sendmail??!!!?? Time for a history lesson. Although obviously fixed now, Sendmail was the main culprit in the first internet worm ever found in the wild.

      The Internet Worm of 1988 -- Introduction by Francis Litterio

      The below document tells the story of the Internet Worm of 1988 and how it effectively shut down the Internet. I didn't write it, but it's hard to find it on the net these days, so I offer it here on the theory that those who fail to learn from history are doomed to repeat it.

      I remember when it happened. It was a big deal to computer people like me, but in 1988 the Internet was unknown even to the most sophisticated media reporters, and the World Wide Web had not been invented yet. I remember the NBC Evening News devoting less than 30 seconds to the topic. If an equally severe disruption of the Internet were to happen today, the President of the United States would probably hold a press conference to calm the nation.

      Google Cache to the Article by Don Seeley, Univ. of Utah [64.233.187.104]

      • I'm ignoring pre-2k security issues as that is older than five years ago.
        You've never heard of a security issue with sendmail??!!!?? [...] The Internet Worm of 1988

        Umm, last time I checked, 1988 was more than 5 years ago.
        • He said I'm ignoring pre-2k security issues as that is older than five years ago. [...] The Internet Worm of 1988

          You said Umm, last time I checked, 1988 was more than 5 years ago.

          Great, but he was referring to Y2K, not 1988. His reference to 1988 was after the five years comment you quoted.

          Way to go!
    • The original worm spread through Sendmail - the Morris worm of the late 1980s spread through a security flaw in Sendmail.
    • If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.

      What an idiotic thing to say.

      Even for Slashdot.

    • Didn't they have to remove sendmail to conform with the Jesux directive?
    • WIZ backdoor (Score:3, Interesting)

      by babanada ( 977344 )

      Well, how many widely used MTAs are written by somebody that put in a backdoor? Sendmail wizard (WIZ) backdoor allows anonymous remote root access [iss.net]

      I go for Postfix these days, but Sendmail is infinitely configurable, even (Turing complete [wikipedia.org]. Finally, Eric is All Man.

      As for the "getting hacked via sendmail issue", I've never known anybody that has, personally, or even a friend of a friend. I know more people that got hacked via SSH (some issue around 2000 or so, I forget, but it was bad).

      If I had c

    • The this is, why bother with it if it's got so many problems when there are clearly better alternatives out there that are more secure, easier to configure, and from the user's point of view, perform the exact same function.

      I'm personally a Postfix fan, but I don't see why anyone would use Sendmail these days when alternatives like Postfix, Qmail, and Exim are available.
  • It is about time that this archaic MTA gets the boot. I did so on my servers a few years ago. Configuration and security are a nightmare and it didn't have to be that way.
    • Re:Good riddance (Score:4, Insightful)

      by Kadin2048 ( 468275 ) <slashdot@kadin.xoxy@net> on Wednesday May 31, 2006 @07:54AM (#15434508) Homepage Journal
      Yeah, I'm with you there. Aside from inertia and sysadmin familiarity, I can't quite figure out why someone would consciously choose Sendmail over the alternatives today. There are other MTAs that are faster, more secure, and miles easier to work with, that offer an equivalent or better featureset, and are just as Free.

      I think it's high time we put Sendmail out to pasture.
      • > There are other MTAs that are faster, more secure, and miles easier to work with, that offer an equivalent or better featureset, and are just as Free.

        Please provide examples, and if possible, tell us how easy or difficult it is to set them up. That way, your comment will be more useful to a n00b like me. Thanx.

        • Re:Provide examples (Score:3, Informative)

          by liliafan ( 454080 ) *
          Postfix is based on sendmails codebase, with much stronger security features and a lot of the more complex configuration hidden away. It is very fast and featureful.

          Qmail is a fairly secure pretty fast MTA it is very modular and very suited to sites with multiple domains to handle.

          There is others such as exim, james, etc but Sendmail, Postfix and Qmail are the 3 biggest I think next would be exim (it used to be the default in debian I don't know if it still is).

          Personally I would recommend postfix if you a
          • Re:Provide examples (Score:5, Interesting)

            by dskoll ( 99328 ) on Wednesday May 31, 2006 @08:30AM (#15434731) Homepage

            liliafan wrote: Postfix is based on sendmails codebase

            Completely wrong. Postfix was written from scratch; it shares no code with Sendmail.

            I still use Sendmail because Milter is a killer feature. It is the sweetest API for mail filtering/mangling/processing. I should note that Wietse Venema has started implementing Milter compatibility in Postfix, and I'm following that development eagerly.

            • I apologise you are 100% correct, I was only half concentrating when I typed that, I mean't to say.

              Postfix is based on sendmails feature set.....

              once again sorry for misleading you, that is what happens when you are discussing porting code with a co-worker whilst typing a response on slashdot :op
        • Re:Provide examples (Score:5, Informative)

          by Kadin2048 ( 468275 ) <slashdot@kadin.xoxy@net> on Wednesday May 31, 2006 @08:34AM (#15434758) Homepage Journal
          Personally, I use Postfix. It's Free, it's intelligently designed (by this guy [porcupine.org], if you were wondering), it's much easier to set up to be secure, and it has a certain level of Sendmail compatibility, so that older programs that assume you're running Sendmail don't barf when you switch.

          The biggest architectural difference between Sendmail and Postfix is that Postfix has many small executables (arguably, many not-so-small executables) while Sendmail is monolithic. From a user's perspective this is basically transparent: the biggest benefit to a sysadmin of running Postfix is the config files, which are as close to being self-explanatory as a MTA config file can be, in my opinion.

          Sendmail always struck me as a bit of a challenge to set up securely/properly (i.e. "not an open relay"); Postfix is pretty simple to get going securely, and has well-chosen default parameters (at least as I've seen it installed, on Debian) that let you set up a server that won't be immediately spewing Russian penis-enlargement emails quickly. I've never tried to set up Sendmail with SSL support, but I'm going to go out on a limb and guess that it's easier to do this with Postfix as well.

          I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems). Plus I use flat mbox files and the situation may be totally different with the more modern database-type mailstores. (Yeah, yeah, I know -- 1986 called and they want their file format back and all that. But it works for me.)

          There are other choices out there for MTAs, and I'm sensitive to arguments in favor of them and I'm not trying to say that Postfix is necessarily the best possible thing out there for everyone, but at least in my experience it beats the hell out of Sendmail. If somebody wants to jump in here and discuss qmail or exim, and why they think they're great, please do.
          • it's intelligently designed (by this guy [porcupine.org], if you were wondering)

            Why did I find myself hoping that link went to God?

          • Re:Provide examples (Score:5, Interesting)

            by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Wednesday May 31, 2006 @01:53PM (#15437876) Homepage Journal
            I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems).

            I do, or at least one of my clients does. He runs a reasonably high-volume ecommerce site, and has many (about 50,000) opted in subscribers to his newsletter. We tried our best to get Sendmail to play nicely with that volume, but the system would inevitably slow to a crawl for long periods of time whenever he sent a batch of mail (taking the webserver on the same machine with it). By our best, I mean that we tore through the bat book, tried delayed sending, created parallel queues with their own runners - everything we could find documented or rumored on Google and Usenet.

            After experimenting with Postfix on my personal servers, I convinced him to give it a shot. I installed it, ported over his Sendmail configuration, stopped one and started the other, and crossed my fingers.

            It worked.

            We confirmed that everything was working as expected, then he clicked the dreaded "Send now!" link. We watched as the outbound queue grew to 50,000 messages, then tailed maillog to watch them start spewing out at a record pace. Even though outbound traffic was heavy, the system never broke a sweat and the webserver kept chugging along happily.

            I like Sendmail and am quite comfortable digging around in its .mc files (.cf? Therefore but by the grace of God...), but Postfix showed me what a modern MTA is capable of. I've since switched every Sendmail installation in my responsibility over to Postfix and I've never regretted it for a minute.

        • Re: (Score:2, Interesting)

          by XPACT ( 711220 )
          I am not the original poster, but I can give you some examples too. I had worked with Sendmail, Qmail, Postfix, Exim, Xmailserver and Zmail. I needed SMTP-AUTH and virtual users, virtual domains, same user names different domains etc. The last time I touched sendmail was version 8.12.something I guess, I was able to configure Sendmail the way I wanted after spending lot of time reading, it worked for me but I decided to try some other MTAs as well. I was abler to do the simular configuration with Qmail,
  • Sendmail? Insecure? (Score:2, Informative)

    by Pirogoeth ( 662083 ) *
    • Quite interesting from a historical perspective, but the most recent bits of that information are just under a decade old. The difficult to exploit race condition earlier this year is the first serious security issue in a long time.
  • by Chanc_Gorkon ( 94133 ) <gorkon AT gmail DOT com> on Wednesday May 31, 2006 @07:40AM (#15434446)
    I hate Sendmail. With that said, when properly configured, Sendmail is excellent. Getting it that way takes a metric tonne of work! This is one Open Source instance I would PAY to get the commercial version (which has a web admin interface). The sendmail.cf file has to be THE most convulted config file on ANY UNIX. Period. It's WAYYYY to easy to set this up unsecure also(open relay anyone??).
    • by nullset ( 39850 ) on Wednesday May 31, 2006 @08:05AM (#15434567)
      Do you complain about how complex C is because editing object files (.o) is hard?

      sendmail.cf is a compiled file. If you configure sendmail with m4, the way it's supposed to be done, it's not that hard.

      ttyl,

      --buddy
      • That's the new configuration process.
        • by Megane ( 129182 ) on Wednesday May 31, 2006 @08:27AM (#15434694)
          That's the new configuration process.

          Then it's at least nine years new. The second edition of the bat-book dates to January 1997. (I don't think I've ever seen a copy of the first edition, so I don't know if the m4 config is as old as late 1993.) I've been using the m4 config since early 2000 when I first got fixed IP DSL.

          Anyhow, in my experience, Sendmail also won't work right if your DNS is broken. Both the IP and MX records have to be right.

      • by metamatic ( 202216 ) on Wednesday May 31, 2006 @09:46AM (#15435433) Homepage Journal
        sendmail.cf is a compiled file. If you configure sendmail with m4, the way it's supposed to be done, it's not that hard.

        It's still garbage [maynidea.com]. Sample "improved" sendmail config:

        define(`confAUTO_REBUILD')
        define(`confTO_CONNECT', `1m')
        define(`confTRY_NULL_MX_LIST',true)
        define(`confDONT_PROBE_INTERFACES',true)
        define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail') dnl
        define(`LOCAL_RELAY', localhost)dnl
        define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
        define(`confAUTH_OPTIONS', `A')dnl

        Sample postfix config:

        smtpd_helo_required = no
        smtpd_helo_restrictions =
        strict_rfc821_envelopes = no
        smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
        smtp_sasl_auth_enable = no
        smtpd_sasl_auth_enable = no
        smtpd_use_tls = no
        smtp_use_tls = no

        I know which I'd rather edit. I mean, without looking at the manual, I've no idea what that dnl crap is about.

    • Sendmail “configuration” [okmij.org] is a Turing-complete [wikipedia.org] language. In that sense, it is unlike what most people think of in terms of configuration, which typically amounts to key-value pairs. And as another poster pointed out, you should not be editing it directly unless you have very specific needs.

    • The sendmail.cf file has to be THE most convulted config file on ANY UNIX. Period.
      sendmail.cf is NOT a configuration file, it's the ACTUAL Sendmail OBJECT CODE!!!
  • by Viol8 ( 599362 ) on Wednesday May 31, 2006 @07:43AM (#15434456) Homepage
    And I don't just mean removing exploits , I mean completely
    redesigning its config files so its a lot easier to set up
    and be made secure by non-gurus. There could always be a
    compat mode with the old .cf file for people who don't want
    to change. I don't understand why the guys behind sendmail
    have never done this since I've never found anyone who liked
    the .cf file or the alternative of writing .m4 files and then
    converting them into .cf (yuck , what a kludge).
  • by Gothmolly ( 148874 ) on Wednesday May 31, 2006 @07:44AM (#15434457)
    Now we will descend into a flamewar of qmail vs. courier vs. whateverMTAyouuse. Gentlement, choose one or more of your arguments:

    Qmail is more secure.
    Yes, the qmail author is a (code wizard|douchebag|weird academic) so I (will|will not) use qmail.
    Courier is cooler because it includes an IMAP server in its distribution.
    Sendmail is fine these days, its just the n00bs that admin it that make it broken.
    Yeah but so is Windows.
    So's your mother.
    I run on so I'm not affected.
    I outsourced my email to gmail and (couldn't be happier|hate it|Google rules|Google is teh evil).
    BSD is dying.
    BSD is alive.


      • Bleh.... That's supposed to be easier to configure?

        • Exim is easier to configure than Sendmail {not that that's really saying much}. At least, it always used to be -- till they broke up the configuration into lots of little files. You always knew where you were with exim.conf.

          However, Exim is licenced under the GPL {which insists for you to respect other people's code}, so probably not a good choice for a BSD system. And you probably also won't want to use it if you went to Oxford .....
          • FYI, the split-files config is a Debian, specific mdofication. It can be disabled if you 'dpkg-reconfigure exim4-config' and choose the 'one big config file' option.

            You can also completley override the Debian configuration mechanism by creating an /etc/exim4/exim.conf file, which exim will use instead of the Debian configuration mechanism.
        • It's much easier for me YMMV though.
    • Now we will descend into a flamewar of qmail vs. courier vs. whateverMTAyouuse.

      Well, if you really want to...

      I run my two web servers on netbsd. I have an install script which sets it up the way I like. This script removes sendmail when it installs netqmail.

      Its no real problem for me, just two lines of ksh. But mail software doesn't really belong in the base system. The software you want is just a pkg_add away (not qmail unfortunately).

      I think this is a good move. NetBSD will be better for it. And I do

      • The software you want is just a pkg_add away (not qmail unfortunately).

        you're probably referring to the ACCEPTABLE_LICENSES+=djb-nonlicense your mk.conf when building from source. however, Q106 packages (even further back to Q105) include qmail binaries.

    • Bah. Without confirmation from Netcraft I'm not buying any of it.
  • On his development box, he used to keep the source code to unpublished exploits in his home directory that effected the current version of sendmail. You would think he puts these problems in the source tree himself for his own benefit.
    • by Maffy ( 806058 )

      <grammar-nazi>

      On his development box, he used to keep the source code to unpublished exploits in his home directory that effected the current version of sendmail.

      So the unpublished exploits actually brought about the current version of sendmail? That explains quite a lot actually.

      Here [purdue.edu] is a description of the difference between "effect" and "affect."

      </grammar-nazi>

      • Re:Eric Allman (Score:3, Insightful)

        by Aladrin ( 926209 )
        Actually, Mr Grammar Nazi, what he said was correct, it probably just wasn't what he meant.

        Exploits that are found and patched DO bring about a new version of the software. It's usually mixed in with a bunch of other patches, but it's there.

        Maybe you should calm down and simply laugh at people that have no idea what they are saying, instead of pointlessly screaming at them. They don't CARE or they'd have made sure they had it right the first time.
  • sendmail.cf test (Score:5, Insightful)

    by cowbutt ( 21077 ) on Wednesday May 31, 2006 @07:46AM (#15434470) Journal
    But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

    In that the mediocre admins will bodge some hacks into sendmail.cf to make sendmail appear to perform the job they need it to, whilst the best admins will take the presence of sendmail.cf as an indication that they need to remove sendmail and replace it with something that's actually fit [qmail.org] for [exim.org] purpose [postfix.org]? :-P

    • by tqbf ( 59350 ) on Wednesday May 31, 2006 @09:08AM (#15435040) Homepage

      Exim is not a secure replacement for Sendmail. qmail and Postfix were both designed explicitly for security, and include:

      1. Privilege seperation
      2. Rewritten IO and string libraries
      3. Minimal-privilege SMTP listeners
      4. The backing of a security luminary (Bernstein or Venema)

      Exim was designed as a modernized SMail. It's got the same monolithic architecture as Sendmail has, meaning security vulnerabilities in Exim are less survivable than they are in qmail or Postfix, where a buffer overflow (none of which have ever been found, unlike in Exim) only gets you a one-off UID.

      I don't know how Exim has managed to brand itself as one of the "secure MTAs", but it's just a marketing trick.

    • I have to agree with this one. Last time I had to move mail service from one box to another, Sendmail had two vulnerabilities discovered during the time we were planning the move (and no, it wasn't a long planning period). Sendmail did not make the cut. Postfix worked great until the powers that were decided we'd be much better off paying a central group a lot more to provide the service than it cost us to do it.
  • by WalterGR ( 106787 ) on Wednesday May 31, 2006 @07:52AM (#15434499) Homepage

    Did a little googling for sendmail.cf - the sendmail configuration file - and found this gem [bga.org]. The unintentional humour on the last line is hilarious:

    The sendmail.cf has long been renowned for sending system administrators away fleeing in panic...

    Just take a look at it on any system; it has traditionally been described as looking like an explosion in a punctuation factory.

    The good news is that things are much worse than they look.

    • The sendmail.cf has long been renowned for sending system administrators away fleeing in panic

      Sendmail isn't so bad. Nowadays, you can install a package, and fire off it's daemon, and it will work. In the old days, you had to edit sendmail.cf with a hex editor, and prod the bits into place using a 15-foot pole in either hand. Jeez, these kids have it easy with their M4 configs now!
      • Nowadays, you can install a package, and fire off it's daemon, and it will work. In the old days, you had to edit sendmail.cf with a hex editor, and prod the bits into place using a 15-foot pole in either hand.
        And it was uphill both ways, in the snow!!!
  • by stjobe ( 78285 ) on Wednesday May 31, 2006 @07:53AM (#15434502) Homepage
    Sendmail was more useful as a litmus test than as an MTA

    The entity that was Sendmail, last manifestation of Chaos which would remain with this new distribution as it grew, looked down on the corpse the system administrator and smiled.
    'Farewell, friend. I was a thousand times more evil than thou!'
    And then it leapt from NetBSD and went spearing upwards, its wild voice laughing mockery at System Security; filling the universe with its unholy joy.

  • Well (Score:5, Funny)

    by Anonymous Coward on Wednesday May 31, 2006 @07:53AM (#15434505)
    I run Windows, so thankfully I don't have to worry about this kind of security issue.
    • You don't have to worry about that security issue because Windows has more than enough to go around and you don't really need to add another on top of it. :-)
      • You laugh, but I once saw someone install IndigoMail (basically Sendmail-for-Windows) on Windows ME.

        Struck me as being the computational equivalent of a big table saw with the safety shields removed. It's the sort of thing you just wince to look at because you know, some day, it's going to cause somebody a lot of pain.

  • I use FreeBSD, and all the output of my cron scripts (including the default periodic daily/weekly/monthly) are mailed to root locally, through sendmail. This is the only reason I keep sendmail up, despite the security problems.

    On a default NetBSD installation where does the cron output go?
    • by jmcneill ( 256391 ) on Wednesday May 31, 2006 @08:11AM (#15434597) Homepage
      On a default NetBSD installation where does the cron output go?

      Postfix has been in the tree for a while, and will now be the default MTA.
    • On a default NetBSD installation where does the cron output go?

      Right now it goes to sendmail. I assume that there will be a 3.1 release soon so that will be the next without sendmail.

      The mail transport seems to be configured in /etc/mailer.conf

      Maybe I should look at that editing that file rather than using the sendmail program which comes with qmail.

      • Right now it goes to sendmail. I assume that there will be a 3.1 release soon so that will be the next without sendmail.

        The 3.x branch is a stable release branch; sendmail was removed from HEAD. You should see the first version of NetBSD without sendmail in base along with the 4.0 release.
    • My understanding was that Postfix simulates enough of Sendmail in order to keep stuff like this working. I have a number of Debian systems without Sendmail, and I get their cron output without any problems. Stuff that's piped to mail on the commandline also functions fine (which is nice, because I've used that pretty heavily in some of my backup scripts, emailing me logs and such).

      What gets a lot of people, I think, is that in order for Postfix to replace Sendmail for all functions, Postfix has to overwrite
  • by Anonymous Coward on Wednesday May 31, 2006 @07:58AM (#15434523)
    1. number of pages.
    2. thickness.
    3. Schwarzchild radius.
  • It's like leaves falling from a dead tree.

    *rimshot*

  • Be serious (Score:2, Insightful)

    by lrosa ( 700381 )
    The purpose of sendmail is to transfer mail from host A to host B, not to be a filter against mediocre SysAdmin.

    I think that sendmail.cf is the worst written configuration file and a good SysAdmin has edited the SECOND part of it almost once, but never twice because the second time he removed sendmail and installed something better.
    • I think that sendmail.cf is the worst written configuration file and a good SysAdmin has edited the SECOND part of it almost once, but never twice because the second time he removed sendmail and installed something better.

      I used to run a stock linux configuration on my co-lo. After a while I realised that I had an open mail relay running. I bought a book called "sendmail for linux" and the (unstated but very clear) conclusion from the book was to run something other than sendmail.

    • Re:Be serious (Score:3, Informative)

      by ajs318 ( 655362 )
      The format of sendmail.cf made perfect sense when sendmail was written, however many years ago it was. In those days, people were smart and machines were stupid.

      When you look at modern programs with their fancy-pants SQL and XML configurations, they may be easier for a human being to understand; but they're also a hell of a lot of work for the computer to understand, precisely because of all the human-readable cruft. Twenty or thirty years ago, there wasn't the computing power to waste on processing suc
    • The purpose of sendmail is to transfer mail from host A to host B, not to be a filter against mediocre SysAdmin.

      you are exactly right.

      Emacs is to be used for that.
  • removed it and installed something like postfix; secured.
  • Litmus test (Score:3, Insightful)

    by IGnatius T Foobar ( 4328 ) on Wednesday May 31, 2006 @08:59AM (#15434965) Homepage Journal
    Sendmail was more useful as a litmus test than as an MTA ;)

    Actually, that was UUCP. Back when you couldn't just search the web for documentation, if you wanted to get UUCP running you had to figure it out yourself. If you could do a full mesh of three machines into a UUCP network then you were a guru indeed.
  • A Good Sign (Score:2, Insightful)

    I don't much like sendmail, and there are better alternatives for the overwhelming majority of cases (particularly as far as standard installs go).

    Here's hoping that this move by NetBSD is a sign that even more Unix-like operating systems and distributions will take this approach. The time has come for sendmail to be an option, not the default.
  • I cut my teeth on Sendmail about 5 years back, but only stuck with it for 2. When I'd have it working I wouldn't want to change anything, since I'd break it for days. After that I moved on to Postfix with a saner config setup, and logfiles that (for me) were much easier to read. It's still not as easy to configure as something like Dovecot's IMAP service, but that's not an MTA. Still, I would love to see Postfix use a .conf file that is as straight forward as dovecot.conf.
  • If sendmail is so egregiously evil, how come most alternatives to sendmail are basically less functional sendmail clones?

    Wietse Venema's Postfix [postfix.org] and Eric Allman's Sendmail X [sendmail.org] are API-compatible total rewrites of sendmail. Postfix is currently stronger, but sendmail X implements pretty much the same shite as postfix, so the advantage is code maturity - right now postfix is arguably better than sendmail 8 (which is what NetBSD ditched, incidentally) and when sendmail X gets its legs it will probably be even b
  • In the old days (up to and including the early 90s), the job of an MTA was a complicated one. You had to accept and deliver mail via several different protocols, using various types of gateways, etc.

    By the early 90s, the Internet itself was almost completely settled on SMTP, but internal mail hosts weren't necessarily. I remember spending a few days reworking sendmail.cf for address rewriting to deliver gatewayed SMTP mail to an internal Lotus Notes server.

    The beauty of sendmail was that there was almost
  • by Goo.cc ( 687626 )
    I love NetBSD but shipping with both Postfix and Sendmail was stupid. Personally, I don't think a MTA should be included at all, since Pkgsrc makes adding one trivial.
    • Re:Good (Score:3, Insightful)

      by LizardKing ( 5245 )

      I too love NetBSD, but shipping with both vi and ed is stupid. Personally, I don't think an editor should be included at all, since pkgsrc makes adding one trivial.

    • cron (Score:3, Informative)

      by Gandalf_007 ( 116109 )
      The main reason an MTA is included is because of the daily (and weekly, monthly) cron jobs that email their output to root. As one of the daily jobs is /etc/security (which compares the checksum, permissions, and timestamps of a list of system files to known values, among other things), this is a good thing. (It's also a good idea to put audit-packages in security.local, and download-vulnerability-list in daily.)

      Just an FYI, on both NetBSD and OpenBSD (and also FreeBSD, AFAIK), the out-of-the-box configur
  • If the ONLY measure of who the "best" SysAdmins are is a test of how well they do configuring Sendmail, then the people doing the measuring need to do some serious self-examination.

    There's loads more to being a "good" or even the "best" SysAdmin, NetAdmin, or whatever other kind of admin there is than configuring one overly-complex and security-hole-ridden program. No two techies are ever going to have the same strengths and weaknesses.

    For my part, I never understood (or really tried to understand, after se
  • by Halo- ( 175936 ) on Wednesday May 31, 2006 @11:51AM (#15436600)
    Okay, (deep breath)... I'm going to ask a question I really _should_ know the answer to: does the average user need an MTA anyway?

    I don't even send mail directly from my machines, and I've often wondered "what if I just removed sendmail completely?" Would a whole host of system admin packages (cron, logrotate, etc...) break? Or do they write to the spool directly?

After all is said and done, a hell of a lot more is said than done.

Working...