From owner-freebsd-stable Mon Oct 7 8: 7: 9 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E885A37B401 for ; Mon, 7 Oct 2002 08:07:06 -0700 (PDT) Received: from precipice.4gh.net (washdc3-ar2-4-64-218-102.washdc3.elnk.dsl.genuity.net [4.64.218.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4FF643E7B for ; Mon, 7 Oct 2002 08:07:05 -0700 (PDT) (envelope-from stuartb@4gh.net) Received: from localhost (stuartb@localhost) by precipice.4gh.net (8.11.6/8.11.6) with ESMTP id g97F74g95687 for ; Mon, 7 Oct 2002 11:07:04 -0400 (EDT) (envelope-from stuartb@4gh.net) Date: Mon, 7 Oct 2002 11:07:04 -0400 (EDT) From: Stuart Barkley To: FreeBSD-Stable Subject: Re: After cvsup, can't send mails In-Reply-To: <20021007084358.T659-100000@topperwein.dyndns.org> Message-ID: <20021007095605.H92197-100000@precipice.4gh.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Just picking an almost random message: > > Put this into your /etc/make.conf: SENDMAIL_SET_USER_ID=YES > > > > Then rebuild the world and you get back exactly the old sendmail > > functionality. It works perfectly for me: > > And completely circumvents the increased security of no longer > running sendmail as root. :-( The new sendmail split userid functionality is currently incomplete (at least as of 4.7RC2). It appears close to complete and I encourage its completion. Most of the systems I run only use outgoing mail and are not systems built from source. These systems have trusted local users so local exploits are not a large concern. Remote exploits are much more of a concern on these systems (thus they don't currently have sendmail listening on any ports). Incoming mail is processed by a single central system and additional system administration is expected (but not wanted). With the current split sendmail: - You wind up with two mail queues, but mailq can only read details about one of the queues (and not the correct one). 'mailq -Ac' will successfully process the outgoing queue, but that queue is mostly empty in the current setup. - You wind up with an unnecessary process listening on port 25 (at least its bound to localhost). - You still have a sendmail process running as root on every machine, so you are still vulnerable to root attacks via crafted messages sent to that process. - The current /etc/rc.conf knobs are a little confusing for a new user. - /etc/make.conf doesn't seem like the right place to control end system functionality. This should be controlled with /etc/rc.conf knobs. - The current /etc/mail/Makefile doesn't allow for a host specific submit.mc file. This is necessary to be able to set and control outgoing queue options (smarthost, timeouts, etc). Fixes to make it more suitable would include: - Eliminate the older root based mail queue for outgoing mail. Just send the outgoing mail directly to the desired hosts like normal sendmail works. Two options would be helpful here one to do standard MX based outgoing routing and the other to route directly to a smarthost. - Improve the rc.conf knobs and split sendmail controls into separate incoming and outgoing controls. This is difficult while also attempting to keep old rc.conf files working. - Fix mailq to better deal with systems with two mail queues. Currently it defaults to the old root queue but doesn't have the access necessary to display useful information. This can be difficult since mailq (sendmail) needs to be set[ug]id in order to read the queue. - Teach /etc/mail/Makefile about creating a 'hostname'.submit.mc file so that host specific configuration changes don't get lost on upgrades. This should not be that hard and alone would address many of these issues. Stuart To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message