Date: Fri, 22 Sep 2000 21:56:16 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: security@FreeBSD.org Cc: Peter Wemm <peter@netplex.com.au> Subject: sendmail default run state Message-ID: <20000922215616.A33103@mithrandr.moria.org> In-Reply-To: <20000910154357.A78311@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Sun, Sep 10, 2000 at 03:43:57PM %2B0200 References: <200009100358.e8A3wUG76071@netplex.com.au> <200009100415.e8A4F4G76156@netplex.com.au> <20000910154357.A78311@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[ moved to security@ ]
> > I've had a few followup comments already. A modification:
> > sendmail_enable="outbound" # choices: YES, NO, outbound
> > sendmail_flags="-bd -q30m" # flags for full in/out mode
> > sendmail_outbound_flags="-q30m" # for when $sendmail_enable="outbound"
> >
> > and we set sendamil_enable="outbound" by default. That will break the
> > least number of people. If people only had sendmail_enable="YES", then my
> > first proposed change would break them.
>
> I think we should keep the "YES"/"NO" nature of *_enable if at all
> possible, even if it means having to do a bit more work, or to have to
> mention things in release notes or upgrade guides. From a glance, it
> seems this would be the first *_enable to take anything but "YES" or
> "NO".
I've also noticed we'd need to teach sysinstall about it - it has toggle
stuff for sendmail_enable at the moment.
> sendmail_enable="YES" # run the sendmail MTA
> sendmail_outboundonly_enable="YES" # don't listen for messages from the network
> sendmail_queuetime="30" # time in minutes between re-trying queued items
> sendmail_flags="" # additional sendmail flags
>
> Then, when we call sendmail much more complexly:
>
> case ${sendmail_enable} in
> [Yy][Ee][Ss])
> case ${sendmail_outbound_enable} in
> [Nn][Oo] | '')
> ;;
> *)
> case ${sendmail_flags} in
> *-bd*)
> ;;
> *)
> # don't add -bd if we already have it (necessary?)
> sendmail_flags="${sendmail_flags} -bd"
> ;;
> esac
> ;;
> esac
>
> case ${sendmail_flags} in
> * -q*)
> ;;
> *)
> # only add -q if we not set in sendmail_flags
> sendmail_flags="${sendmail_flags} -q${sendmail_queuetime}m"
> ;;
> esac
>
> if [ -r /etc/mail/sendmail.cf ]; then
> echo -n ' sendmail'; /usr/sbin/sendmail ${sendmail_flags}
> fi
> ;;
> esac
What do others think of this? (orignally Peter's idea)
I personally would really like 'sendmail_outbound_only="YES"' to be the
default in /etc/defaults/rc.conf, with an option in sysinstall's Network
Services for turning it on/off.
Reason being the most common situations I see are multi-system networks,
where you read mail on just one, and not necessarily running sendmail on
the machine that does receives mail. In the single-user case, also,
people don't tend to want to allow connections. It's more a special
case to receive mail, and it's quite simple to flick the switch, since
you have to set up sendmail to receive mail for your domain anyway.
Obviously this would require a heads-up to current@ when implemented,
and a heads-up to stable@ when MFC'd, and an entry in the release notes
and in UPDATING, and finally an entry in rc.conf(5).
Comments eagerly sought,
Neil
--
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922215616.A33103>