Date: Mon, 26 Nov 2001 02:17:43 +0100 From: Jochem Kossen <j.kossen@home.nl> To: freebsd-stable@FreeBSD.org Subject: Re: patch for /usr/src/etc/sendmail/freebsd.mc to disable submission (close port 587) Message-ID: <20011126021743.A49942@jochem.dyndns.org> In-Reply-To: <20011125164341.A22232@zardoc.esmtp.org>; from freebsd%2Bstable@esmtp.org on Sun, Nov 25, 2001 at 04:43:41PM -0800 References: <20011126000211.A27034@jochem.dyndns.org> <20011125160446.B3967@zardoc.esmtp.org> <20011126012116.A49715@jochem.dyndns.org> <20011125164341.A22232@zardoc.esmtp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Nov 25, 2001 at 04:43:41PM -0800, Claus Assmann wrote: > On Mon, Nov 26, 2001, Jochem Kossen wrote: > > I'm on the mailing list, so you don't need to do this: > Mail-Followup-To: Claus Assmann <freebsd+stable@esmtp.org>, > Jochem Kossen <j.kossen@home.nl>, freebsd-stable@FreeBSD.ORG Yes...it's the reply-group function of mutt :) > I've set it (again) to: > Mail-Followup-To: freebsd-stable@FreeBSD.ORG > > > On Sun, Nov 25, 2001 at 04:04:46PM -0800, Claus Assmann wrote: > > > On Mon, Nov 26, 2001, Jochem Kossen wrote: > > > > I wonder why by default, the submission function of sendmail (which is > > > > to my knowledge rarely used) is enabled, so i created a small a patch > > > > for disabling it, maybe it could be used? > > > > If not, could someone explain to me whoever uses the thing? :) > > > > > > We (i.e., the authors of sendmail) have enabled it by default to > > > encourage its use. If you turn it off, how do you expect that other > > > programs will actually use it? > > > > By documenting it? People will enable it if they need it. In my opinion, > > every extra open port on a computer is a security risk. > > Many people don't read documentation. Just check the amount of > questions "Why is port 587 open?" in comp.mail.sendmail. Then you should document it more clearly. Put a link on the website between <h1></h1> tags that says "Click here to find the anser on how to use the MSA feature" or something like that. > It's right there in the release notes... sendmail implements RFC 2476 (Message Submission), e.g., it can now listen on several different ports. Use: O DaemonPortOptions=Name=MSA, Port=587, M=E to run a Message Submission Agent (MSA); this is turned on by default in m4-generated .cf files; it can be turned off with FEATURE(`no_default_msa'). ^^ that's from the release notes. It doesn't say _why_ it is enabled by default.. > By turning on features by default we support their usage. sendmail > is often the first to support new features and then others follow.2 OK, but it should be FreeBSD's choice wether or not to enable it. Aside from that, i think it's fine to support the MSA, but i don't think it should be enabled by default. > That's also the reason why sendmail uses STARTTLS if it's compiled > in and the other side offers it. That uncovered some broken MTAs > which have been fixed even though it took a lot of pressure. Right, the pressure worked. But for the MSA thing, i don't see a lot of pressure coming from sendmail's direction... > > As seen from your side, it has been enabled for quite some time now, did > > it work? Are there programs which actually use it? Are those programs > > widely used? If yes to all questions, then my patch shouldn't be used in > > the default freebsd sources. Otherwise, i think it should. > > I don't know, I don't have any statistics. Maybe we switch our MSP > in the next release to use port 587 by default. The more people > switch to the MSA the easier will be the next transition: a cleaner > separation of MTA and MSA. I still haven't heard one hard argument on why it should be enabled by default with FreeBSD. It may be my stupidity(believe me ;)). I do think the MSA is a good thing, i just don't like it being enabled by default. I think it's only useful for people who know what it is, and how it works. Therefore, i still think it should be disabled by default on FreeBSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011126021743.A49942>