First of all, I know Dennis already wrote a good reply to this email,
and about OpenBSD's usage as a firewall, but this is a different
point of view ...
> Sendmail is configured to run in local queue mode, it can send
> mail but not receive (you must add the "-bd" option in rc.conf
> to enable it).
The section of /etc/rc.conf in question, as per default install:
sendmail_flags="-q30m" # for normal use: "-bd -q30m"
smtpfwdd_flags=NO # for normal use: "", and no "-bd" above.
> As OpenBSD's webpage puts it:
>
> Three years without a remote hole in the default install!
>
That's out of date as of about two weeks ago. Four years now.
> And that's the problem. They could just easily have proclaimed,
>
> Three years without incoming email!
>
> So what's the point?
The point is to protect new users, perhaps a UIBP, who might just
as well go and install RedHat or Mandrake or ...
>From http://www.openbsd.org/security.html
>>
"Secure by Default"
To ensure that novice users of OpenBSD do not need to become security
experts overnight (a viewpoint which other vendors seem to have), we
ship the operating system in a Secure by Default mode. All non-
essential services are disabled. As the user/administrator becomes more
familiar with the system, he will discover that he has to enable daemons
and other parts of the system. During the process of learning how to
enable a new service, the novice is more likely to learn of security
considerations.
This is in stark contrast to the increasing number of systems that ship
with NFS, mountd, web servers, and various other services enabled by
default, creating instantaneous security problems for their users within
minutes after their first install.
<<
Big deal, a newbie's box gets hacked, what's new? DDOS anyone?
Anonymous attacks, because the newbie reinstalled because he/she
was getting strange messages, and figured it was a bad install, thus
erasing any logs of the activity. Not to mention that now the
person has no real proof that it wasn't he/she who committed the
attack ...
> Install OpenBSD, get a nearly useless box.
Actually, what you get is a developer's workstation, complete with
excellent documentation and up-to-date tools. Not to mention a
high level of security so no one can look at the ultra secret code
you're working on :)
I use OpenBSD on my workstation. I use Netscape 6, StarOffice 5.1a,
RealPlayer 8, Netscape 4.77 w/Flash 5 & RealPlayer plugins, grip, gqmpeg
mysql 3.23.37, Apache 1.3.19, php 4.0.4pl1 perl 5.6.0, gcc 2.95.3,
python 2.0, acroread 4.05, emacs 20.7 ...
Not exactly what I call useless.
> Or
> enable any service, feature, or program, and get a box that is no
> longer audited for security.
>
OK, now you must read the whole thing:
http://www.openbsd.org/security.html
<[EMAIL PROTECTED]>
