From owner-freebsd-hackers  Sun Nov 24 16:22:56 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA22377
          for hackers-outgoing; Sun, 24 Nov 1996 16:22:56 -0800 (PST)
Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA22353
          for <hackers@FreeBSD.org>; Sun, 24 Nov 1996 16:22:43 -0800 (PST)
Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id SAA13671; Sun, 24 Nov 1996 18:03:29 -0600
From: Joe Greco <jgreco@brasil.moneng.mei.com>
Message-Id: <199611250003.SAA13671@brasil.moneng.mei.com>
Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2
To: peter@taronga.com (Peter da Silva)
Date: Sun, 24 Nov 1996 18:03:29 -0600 (CST)
Cc: jkh@time.cdrom.com, peter@taronga.com, hackers@FreeBSD.org
In-Reply-To: <199611242323.RAA06615@bonkers.taronga.com> from "Peter da Silva" at Nov 24, 96 05:23:02 pm
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

> > Needless to say, this is a terrible idea.
> 
> Why? sendmail will *never* be secure. You already have sysinstall options
> to load the pcnfs and apache ports, why not have another question. Something
> like:
> 
> 	"Sendmail is a large, complex mail transport mechanism. Qmail
> 	 is small, tight, and designed to be secure. Qmail provides
> 	 most of the functionality of sendmail. Which mail transport
> 	 should be installed by default?"
> 
> For people who know what sendmail is, then they know enough to answer
> the question. For people who don't, well, qmail is a lot easier to
> understand than sendmail starting out fresh...

While I agree with Jordan's assessment that you are sniffing glue, I
WOULD agree that it might be reasonable to change the Sendmail bias
in /etc/sysconfig (etc) to be more generalized, like the way the
gated/routed switch is currently handled.  One can simply install the
qmail port (I assume there is one!) and then toggle a few bits.

> > The user QA alone would murder us.
> 
> You ever tried to explain to someone how to set up a virtual domain
> in sendmail?

Yes, and these days, Sendmail supports it out of the box.

I do not know if FreeBSD's .mc file enables the features by default or
not, I always gen my own .cf files.

... JG