Re: replacing sendmail with qmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well my point is that every one (that is interrested in security) knows that Sendmail and bind and so on have their exploits.. And I like that they are the one that is comming with some more or less insecure services, this is due to that it really gives ppl the freedom choose the services that they want to use. But the generic ones works for home networks with no external access too. Freedom of religion. Well with freedom comes responsibility. Best regards Søren ** | Soeren Straarup Mobile: +45 20 27 62 44 | | FreeBSD wannabe since 2.2.6-Rhttp://xforce.dk | | Also running OpenBSD and NetBSD aka OZ2DAK aka Xride | ** On Thu, 26 Jun 2003, Jeremy Messenger wrote: On Wed, 25 Jun 2003 09:47:28 +0300, Alin-Adrian Anton [EMAIL PROTECTED] wrote: Hi guys, As sendmail showed to be so vulnerable in the past, and even in the recent past, I was wondering to propose removing it from the default install on freebsd. Currently, sendmail comes with the system sources, and runs as root. I think this is bad, and it could be replaced with qmail, for example. Or, something else, if you think something else is more secure. Please let me know if this is possible, or why if not, and to whom shall I address this idea (I wonder why it didn't happen yet). It is possible to delete the sendmail and replace to the different MTA on your own. To not have or change the different MTA by default in FreeBSD isn't going to happen anytime soon, anyway. I would love to see to get rid of sendmail too, thought. I don't have Sendmail in my server, which it has been replaced to qmail and sometime I want to try to replace from BIND to djb's libdjbdns. If anyone want to get rid of BIND, Sendmail and etc by default, the only way that I can see at the moment is *cough* fork FreeBSD *cough*.. or wait until libh project finishes or in future version of FreeBSD like 6.0, 7.0, 8.0 or so (maybe never).. Cheers, Mezz Best Regards, Alin. -- bsdforums.org 's moderator, mezz. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE++/S6XTGeGCdlN14RApoOAJwI0P/l+GHY4pXP4E6X/FMkBF9+xQCgvdTZ 46eth1FjC+RcyoDyTEErve4= =RERF -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing sendmail with qmail
On Fri, Jun 27, 2003 at 09:39:36AM +0200, Soeren Straarup wrote: Well my point is that every one (that is interrested in security) knows that Sendmail and bind and so on have their exploits.. And I like that they are the one that is comming with some more or less insecure services, this is due to that it really gives ppl the freedom choose the services that they want to use. But the generic ones works for home networks with no external access too. Freedom of religion. Well with freedom comes responsibility. And this responsibility is handled excellently by the FreeBSD Security Officer team and the FreeBSD sendmail maintainer, George Shapiro. I don't think that there would be a better way to handle the existing and published Sendmail vulnerabilities than the current practice of timely patches and updates to both -current, -stable, *and* the various security branches, so that everyone tracking the security advisories is aware of the need to update, and update *now*, as soon as there is actually something to update to. Great job, folks! With that said, you could always do what I do and cut your own releases with appropriate NO_* knobs in make.conf ;) This is *not* to say that I don't trust the security officer team and the maintainers of the various pieces of contributed software that I exclude from my own builds; it's just a matter of personal preference. Here's hoping this is the last post in this thread :) (The last word? Me? Naah, that's just lack of morning coffee getting to you :P ) G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence was in the past tense. pgp0.pgp Description: PGP signature
Re: replacing sendmail with qmail
In message: [EMAIL PROTECTED] Mark Murray [EMAIL PROTECTED] writes: : Alin-Adrian Anton writes: : Hi guys, : : As sendmail showed to be so vulnerable in the past, and even in the : recent past, I was wondering to propose removing it from the default : install on freebsd. Currently, sendmail comes with the system sources, : and runs as root. I think this is bad, and it could be replaced with : qmail, for example. Or, something else, if you think something else is : more secure. Please let me know if this is possible, or why if not, and : to whom shall I address this idea (I wonder why it didn't happen yet). : : Please look for this topic in the archives. It has been discussed : VERY many times. Also, we can't use qmail because its license is not compatible with the project's needs. There are lots of other issues using an alternative mailer, and Mark is right. It has been done to death. Warner ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing sendmail with qmail
On Thu, Jun 26, 2003 at 03:18:04PM -0400, Lanny Baron wrote: It ends up as a religious war. There is no perfection in this world. Perhaps the next world. We use Qmail. But we use it because of vpopmail and our free email service at cybertouch.org. We used to use Sendmaail. It was great but at the time we could not find a solution to not having system accounts. Check out the Virtual Exim package at http://silverwraith.com/vexim It does the same at vpopmail but for Exim - sorry, not sendmail yet, but if you can make Sendmail lookup data in a MySQL database, this will work for you. I know it's very close to, if not exceeding the functionality / usability of vpopmail, because I used to use Qmail+vpopmail. Then I migrated the Exim and started the vexim project. It's still small with only one other developer, but very stable. Testers and more developers always welcome! I use it for all my production mail right now. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing sendmail with qmail
On Fri, Jun 27, 2003, Peter Pentchev wrote: And this responsibility is handled excellently by the FreeBSD Security Officer team and the FreeBSD sendmail maintainer, George Shapiro. His name is George? Here's hoping this is the last post in this thread :) (The last word? Me? Naah, that's just lack of morning coffee getting to you :P ) Sorry, you lose. Have some coffee, then finger [EMAIL PROTECTED] ;-) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
replacing sendmail with qmail
Hi guys, As sendmail showed to be so vulnerable in the past, and even in the recent past, I was wondering to propose removing it from the default install on freebsd. Currently, sendmail comes with the system sources, and runs as root. I think this is bad, and it could be replaced with qmail, for example. Or, something else, if you think something else is more secure. Please let me know if this is possible, or why if not, and to whom shall I address this idea (I wonder why it didn't happen yet). Best Regards, Alin. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing sendmail with qmail
At 09:47 25/06/2003 +0300, Alin-Adrian Anton wrote: As sendmail showed to be so vulnerable in the past, and even in the recent past, I was wondering to propose removing it from the default install on freebsd. Currently, sendmail comes with the system sources, and runs as root. I think this is bad, and it could be replaced with qmail, for example. Or, something else, if you think something else is more secure. Please let me know if this is possible, or why if not, and to whom shall I address this idea (I wonder why it didn't happen yet). This topic has arisen many times in the past. Basically, it comes down to this: Every MTA has its supporters and detractors; FreeBSD needs to have an MTA; FreeBSD currently has Sendmail. It's simply not worth changing at the moment. If you want to use qmail, go ahead and install it from the ports tree. At some time in the distant future, when FreeBSD is fully packagized, it's quite likely that Sendmail will be just one of many installable options; but that time hasn't come yet. Colin Percival ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing sendmail with qmail
Alin-Adrian Anton writes: Hi guys, As sendmail showed to be so vulnerable in the past, and even in the recent past, I was wondering to propose removing it from the default install on freebsd. Currently, sendmail comes with the system sources, and runs as root. I think this is bad, and it could be replaced with qmail, for example. Or, something else, if you think something else is more secure. Please let me know if this is possible, or why if not, and to whom shall I address this idea (I wonder why it didn't happen yet). Please look for this topic in the archives. It has been discussed VERY many times. M -- Mark Murray iumop ap!sdn w,I idlaH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: replacing sendmail with qmail
It ends up as a religious war. There is no perfection in this world. Perhaps the next world. We use Qmail. But we use it because of vpopmail and our free email service at cybertouch.org. We used to use Sendmaail. It was great but at the time we could not find a solution to not having system accounts. Lanny Colin Percival said: At 09:47 25/06/2003 +0300, Alin-Adrian Anton wrote: As sendmail showed to be so vulnerable in the past, and even in the recent past, I was wondering to propose removing it from the default install on freebsd. Currently, sendmail comes with the system sources, and runs as root. I think this is bad, and it could be replaced with qmail, for example. Or, something else, if you think something else is more secure. Please let me know if this is possible, or why if not, and to whom shall I address this idea (I wonder why it didn't happen yet). This topic has arisen many times in the past. Basically, it comes down to this: Every MTA has its supporters and detractors; FreeBSD needs to have an MTA; FreeBSD currently has Sendmail. It's simply not worth changing at the moment. If you want to use qmail, go ahead and install it from the ports tree. At some time in the distant future, when FreeBSD is fully packagized, it's quite likely that Sendmail will be just one of many installable options; but that time hasn't come yet. Colin Percival ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED] +~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~ Lanny Baron Proud to be 100% FreeBSD FreeBSD Systems, Inc / Freedom Technologies Corp. http://www.FreeBSDsystems.COM 1.877.963.1900 +~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]