From owner-cvs-all Thu Jul 23 03:33:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA23197 for cvs-all-outgoing; Thu, 23 Jul 1998 03:33:05 -0700 (PDT) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: from dana.clari.net.au (dana.clari.net.au [203.27.85.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA23192 for ; Thu, 23 Jul 1998 03:32:57 -0700 (PDT) (envelope-from thepish@freebsd.org) Received: from localhost (thepish@localhost) by dana.clari.net.au (8.8.7/8.8.7) with SMTP id UAA21326 for ; Thu, 23 Jul 1998 20:32:27 +1000 (EST) (envelope-from thepish@freebsd.org) X-Authentication-Warning: dana.clari.net.au: thepish owned process doing -bs Date: Thu, 23 Jul 1998 20:32:27 +1000 (EST) From: Peter Hawkins X-Sender: thepish@dana.clari.net.au To: committers@FreeBSD.ORG Subject: Re: sendmail 8.9.x In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk >The anti-spam stuff is much more integrated and easier to operate in >8.9.1, and we can modify our freebsd.mc to not astonish anyone if there is >a strong feeling for retaining the status quo "relay everything" default. I would like to put in a bid for having antispam set by default. For one thing those who are configured as relays do not just hurt themselves, but their existance at all enables spamming to take place, affecting everyone and undermining our own anti-spam filters. Further, it's hard to imagine a reason for constructing wide open relays so that it's not likely that this legacy default is required for backwards compatability. Anyone who actually does have a reason for allowing their server to relay openly should be fully aware of the potential consequences so that a requirement to RTFM to enable relaying is not an onerous requirement and is probably quite a good idea. Finally, as an ISP we are often called upon to chase spammers. Generally this task is near impossible but we can write to the relay's owners and give them advice. It is my experience that spammers prey upon sites with inexperienced or understaffed or unqualified SMTP server operators. The philosophy in other parts of FreeBSD (and most OSs) and packages is in general that the default settings on a package are to be safe ones which provide protection for the inexperienced. We wouldn't accept any other piece of code which needed a configuration change and a level of expertise before it made its host safe! When one enables IPFW in the FreeBSD kernel, one actually disables networking until one investigates further and implements some sort of policy. When a third party package defaults to an unsafe configuration, it is considerred a "vulnerability" and (hopefully) is plugged. The only possible argument for treating sendmail differently is tradition, but that tradition evolved in an environment devoid of spam. Sendmail is now required to operate in a different environment. When the need for relaying is exceptionally rare, and as that need is only likely to be in sites with skill levels that mean switching the feature on is not a problem, perhaps it is a tradition we ought to abandon. Peter Hilink Internet Peter Hawkins 381 Swan St Richmond, Vic, Australia Ph: +61-3-9421 2006 Fax: +61-3-9421 2007 http://www.hilink.com.au Peter@hilink.com.au FreeBSD Project: thepish@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message