Re: removing sendmail
Hi! On Mon, Dec 03, 2007 at 11:28:32AM +0530, Amarendra Godbole wrote: [...] As a second note, postfix as a standalone entity may be secure, but I am not sure how secure it will be if it starts interacting with some other piece of software. Also, from the top of my head I can say that postfix's 'mailq' gets me the status even as a normal user, while that of sendmail does not (maybe I am wrong, and defaults have changed now). YMMV. You can configure that, see http://www.postfix.org/postconf.5.html the authorized_mailq_users option. That allows even more fine-grained configuration than sendmail (either restricted to the group owner of the queue directory or permit all users to query the mail queue). -Amarendra Kind regards, Hannah.
Re: removing sendmail
On 3 December 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: On Nov 30, 2007 4:32 PM, Liviu Daia [EMAIL PROTECTED] wrote: On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. [...] I guess my statement was mis-interpreted - I did not question the security of postfix, but asserted that sendmail, being in base, was code audited by OBSD developers. I surely trust stuff from the base more than something that gets installed through a port. Actually, what you did was imply Postfix doesn't undergo a code audit as rigorous as the version of Sendmail in base, without having any idea about the internals of either Postfix or Sendmail, their development processes, and their security histories. That is, you dismissed Postfix based on your fuzzy feelings. As a second note, postfix as a standalone entity may be secure, but I am not sure how secure it will be if it starts interacting with some other piece of software. Sorry, I can't parse this. Software doesn't live in Plato's Paideia, every program interacts one way or another with some other software. Also, from the top of my head I can say that postfix's 'mailq' gets me the status even as a normal user, while that of sendmail does not (maybe I am wrong, and defaults have changed now). YMMV. (1) Sendmail did the same for at least 25 years; (2) As somebody else pointed out, it's configurable; (3) This has nothing to do with either security, or code audit. Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: removing sendmail
I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. I have seen equally catastrophic failures of Qmail. Trying to do mail right for everyone in base is an exercise in futility.
Re: removing sendmail
On Sun, Dec 02, 2007 at 12:56:11PM -0700, Anthony Roberts wrote: I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. I have seen equally catastrophic failures of Qmail. Trying to do mail right for everyone in base is an exercise in futility. Does base require an MTA? If so, is there a tiny-drive-footprint local-only no-config MTA that could be in base? Everything else as a pre-compiled package or in alternate install sets?
Re: removing sendmail
On Dec 2, 2007 2:21 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Sun, Dec 02, 2007 at 12:56:11PM -0700, Anthony Roberts wrote: I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. I have seen equally catastrophic failures of Qmail. Trying to do mail right for everyone in base is an exercise in futility. Does base require an MTA? If so, is there a tiny-drive-footprint local-only no-config MTA that could be in base? Everything else as a pre-compiled package or in alternate install sets? Why is everyone trying to come up with a solution to a problem that doesn't exist? DS
Re: removing sendmail
On Sun, Dec 02, 2007 at 03:48:14PM -0700, Darren Spruell wrote: On Dec 2, 2007 2:21 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Sun, Dec 02, 2007 at 12:56:11PM -0700, Anthony Roberts wrote: I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. I have seen equally catastrophic failures of Qmail. Trying to do mail right for everyone in base is an exercise in futility. Does base require an MTA? If so, is there a tiny-drive-footprint local-only no-config MTA that could be in base? Everything else as a pre-compiled package or in alternate install sets? Why is everyone trying to come up with a solution to a problem that doesn't exist? The 'problem' is a piece of software installed on the box that some of us don't use. It takes up space (how much?). Each MTA has its champions and its detractors. The Solomonesque solution would be to remove the MTA from base altogether unless things in base need an MTA for local delivery, in which case installing something smaller than sendmail that can't be used for anything other than local delivery would be one solution to the 'problem'. That's all I'm suggesting. Doug.
Re: removing sendmail
On Sun, 2 Dec 2007 20:48:42 -0500, Douglas A. Tutty wrote: On Sun, Dec 02, 2007 at 03:48:14PM -0700, Darren Spruell wrote: On Dec 2, 2007 2:21 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Sun, Dec 02, 2007 at 12:56:11PM -0700, Anthony Roberts wrote: I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. I have seen equally catastrophic failures of Qmail. Trying to do mail right for everyone in base is an exercise in futility. Does base require an MTA? If so, is there a tiny-drive-footprint local-only no-config MTA that could be in base? Everything else as a pre-compiled package or in alternate install sets? Why is everyone trying to come up with a solution to a problem that doesn't exist? The 'problem' is a piece of software installed on the box that some of us don't use. It takes up space (how much?). Each MTA has its champions and its detractors. The Solomonesque solution would be to remove the MTA from base altogether unless things in base need an MTA for local delivery, in which case installing something smaller than sendmail that can't be used for anything other than local delivery would be one solution to the 'problem'. That's all I'm suggesting. Forget it. No, I'm not ordering you to. It's a tip. Given that the developers are ignoring this thread, my guess is that nothing is going to happen. It's all been said before. Yes things in base do use mail, and it is not enough to have something that can only do local delivery. I have a bunch of machines (firewalls mostly) that report daily, weekly and monthly with an insecurity report as well, anytime something critical changes. They are anywhere in the world. Local delivery is not an option. As to saving space: RTFA, it has been done to death. You can customise your own install if you need ^W want a smaller install. Just remember what nick@ says (You break it, you get to keep all the pieces) and you'll get no help sorting out your self-inflicted pain. Just as a hint as to how much we need a trimmed install: I install firewalls using CF instead of HDDs. The only sets I decline at install time are x*,g* and comp. The latter is NOT for security but because we do upgrades/updates by supplying a new fast swapped card instead of bugging a low powered CPU with insufficient RAM or HDD to hold and compile the source tree. I don't have even one of them where I have bothered to remove anything, even stuff that doesn't break things if it's not there. httpd isn't running, port 80 isn't open, big deal to save a few bits of CF that we have no shortage of space in. Why bother? It all fitted in 256MB but I can buy faster 1GB cards for a couple of dollars more than I paid for the old 256, so less reason to twiddle. But as I said, you can do it if you want. So why campaign for somebody else to do it for you? BTW I run or admin several mailservers. I don't use sendmail but I avoid campaigning for a change in base: The package I use installs in a minute and Just Works (TM) so no, I don't demand the replacement of sendmail by my favourite MTA. Sorry to have posted at all in this going nowhere thread but once it got off religious choices and descended back to space saving, I couldn't resist. It's time the thread died. It should have died on day 1. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
Re: removing sendmail
On Sun, 2 Dec 2007, Douglas A. Tutty wrote: Why is everyone trying to come up with a solution to a problem that doesn't exist? The 'problem' is a piece of software installed on the box that some of us don't use. It takes up space (how much?). Each MTA has its champions and its detractors. The Solomonesque solution would be to remove the MTA from base altogether unless things in base need an MTA for local delivery, in which case installing something smaller than sendmail that can't be used for anything other than local delivery would be one solution to the 'problem'. That's all I'm suggesting. Thanks for the suggestion, but it isn't going to be implemented - see the numerous discussions on misc@ over many years for the reasoning. I think the only way that sendmail will be removed from base is if there is some compelling replacement for it. This could be something new, it might possibly be a qmail that is made (much) more sane wrt configuration and filesystem hierarchy, it could be postfix if it were ever released under a palatable license, it might be Sendmail X/MeTA1 when it is finished. None of these possible futures will eventuate because of suggestions - someone has to actually do the work. Are you going to do some, or do you plan on continuing to suggest that we do it all for you? -d
Re: removing sendmail
On 13:31:27 Dec 03, RW wrote: Forget it. No, I'm not ordering you to. It's a tip. Given that the developers are ignoring this thread, my guess is that nothing is going to happen. It's all been said before. Not true. They just don't have the time. BTW I run or admin several mailservers. I don't use sendmail but I avoid campaigning for a change in base: The package I use installs in a minute and Just Works (TM) so no, I don't demand the replacement of sendmail by my favourite MTA. Everyone knows this is not going to happen unless there is a worthy replacement. Sorry to have posted at all in this going nowhere thread but once it got off religious choices and descended back to space saving, I couldn't resist. I couldn't either. ;) -Girish It's time the thread died. It should have died on day 1. Maybe something useful comes out it? Who knows? :)
Re: removing sendmail
On Nov 30, 2007 4:32 PM, Liviu Daia [EMAIL PROTECTED] wrote: On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. [...] I guess my statement was mis-interpreted - I did not question the security of postfix, but asserted that sendmail, being in base, was code audited by OBSD developers. I surely trust stuff from the base more than something that gets installed through a port. As a second note, postfix as a standalone entity may be secure, but I am not sure how secure it will be if it starts interacting with some other piece of software. Also, from the top of my head I can say that postfix's 'mailq' gets me the status even as a normal user, while that of sendmail does not (maybe I am wrong, and defaults have changed now). YMMV. -Amarendra
Re: removing sendmail
On Fri, 30 Nov 2007 10:49:48 -0500, Steve Shockley wrote: It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it. No, in 4.2 it still needs us to not forget this. Not a big deal overall, but still something that could be improved on. Uwe
Re: removing sendmail
On Sat, 1 Dec 2007, Uwe Dippel wrote: On Fri, 30 Nov 2007 10:49:48 -0500, Steve Shockley wrote: It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it. No, in 4.2 it still needs us to not forget this. Not a big deal overall, but still something that could be improved on. Yep. I do remember it *now* but I was pretty mad when that caused the whole mailing system to break and I didn't notice it right away. -- Antti Harri
Re: removing sendmail
Antti Harri wrote: On Sat, 1 Dec 2007, Uwe Dippel wrote: On Fri, 30 Nov 2007 10:49:48 -0500, Steve Shockley wrote: It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it. No, in 4.2 it still needs us to not forget this. Not a big deal overall, but still something that could be improved on. Yep. I do remember it *now* but I was pretty mad when that caused the whole mailing system to break and I didn't notice it right away. Oh, me too. It is always bad in production and even outside. I use a quite special postfix configuration, and while the system in general would work, my users found breakage. So did I. Until I telnet to port 25. Upgrade ought not touch the mailer. I understand that the process doesn't know if you want to de-install or upgrade. It would be great if it could, and spew out much less of useless (? sometimes) messages. Uwe
Re: removing sendmail
Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. Just to bad that this didn't happen in OpenBSD 2.9 when QMail was removed as at the time, it may had a chance to be in the default install with the numerous issues sendmail had back then. QMail is good and I sure used it for years, but now I do prefer Postfix much more and it is more with it's time now then QMail is. Now if Postfix had a BSD license, I don't know if it might not be more seriously consider, but my guess is it might not. Sendmail got much better in the last 7 years. Still bulky and yes I still don't use it, but it is not a bad mailer these days. I just prefer the configuration simplicity of Qmail, Postfix and sendmail in the order with QMail the easiest by far when you know none of them to start with. Plus for an MTA, it is surprisingly small foot print. Now if djbdns was under BSD license, I wonder if that didn't have a bigger chance to make it into the base and replace bind... But what I think is not relevant or important here, there is just a few person that may decide that for sure and at large, we are none of them. Seeing the GNU directory in the base getting smaller and have more and more BSD in OpenBSD is nice to see however. Lets give pcc time to may be make it in first and replace gcc for good over time. Interesting time.
Re: removing sendmail
On 30 November 2007, Geoff Steckel [EMAIL PROTECTED] wrote: Liviu Daia wrote: On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. Given this anecdotal history I would suggest not running Postfix in a large production environment. Well, the point I was trying to make was about Postfix code being audited. But since I'm never the man to turn down a pissing contest, here we go: I have seen several installations of Sendmail go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Sendmail lovers, so I have always assumed that the installation was correct. In the many cases I saw tested replacing Sendmail with Postfix resulted in no further problems. Given this anecdotal history I would suggest not running Sendmail in a large production environment. A story just as valid as yours. :) Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: removing sendmail
Liviu Daia wrote: On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. I have seen several installations of Postfix go catatonic due to spam overload, large messages, mailing list expansions, and other undiagnosed problems. These were run by Postfix lovers, so I have always assumed that the installation was correct. In the one case I saw tested replacing Postfix with Sendmail resulted in no further problems. Given this anecdotal history I would suggest not running Postfix in a large production environment. geoff steckel
Re: removing sendmail
Hi Antti, Except that when doing package upgrade with pkg_add the sendmail configuration (in mailer.conf) will be restored and it won't be re-enabled until manually doing postfix-enable. You have a point there. To me, however, this falls under the 'no magic' clause. I try to use as many standard operations as possible, to reduce the numbers of errors I could make. Hence the 'postfix-enable' command after any postfix install/upgrade is standard ('no magic') to me. At least it used to be like that, correct me if the pkgtools has the needed features nowadays to prevent that. Hmm... What Steve said, I guess. I didn't check, I just run 'postfix-enable'. :-) Be well... Nico
Re: removing sendmail
Antti Harri wrote: Except that when doing package upgrade with pkg_add the sendmail configuration (in mailer.conf) will be restored and it won't be re-enabled until manually doing postfix-enable. At least it used to be like that, correct me if the pkgtools has the needed features nowadays to prevent that. It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it.
Re: removing sendmail
On 30 November 2007, Amarendra Godbole [EMAIL PROTECTED] wrote: Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. [...] Will you please cut the crap? Thank you. Unlike Sendmail, Postfix was written from scratch with security in mind. It had only one published security flaw since its first public release in 1998. The author, Wietse Venema, is also the author of SATAN and tcpwrappers. He knew one or two things about writing secure code long before OpenBSD came into existence. The objections people occasionally have against Postfix are related to its license, not the code quality. Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: removing sendmail
On Nov 30, 2007 8:30 AM, Juan Miscaro [EMAIL PROTECTED] wrote: Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? I see that some people remove the binary and turn it off in rc.conf. Am I making any sense? Should I do anything special to sendmail when I install postfix? And what of the postfix-enable command? Is this good enough? [...] Please note that postfix does not undergo the rigorous code scrub that sendmail goes through. Hence, if you are on a production machine, I'd suggest you to use sendmail, and not postfix. Postfix used to be my favorite too, but since the day I know how to configure and use sendmail, I feel it is the best MTA I've ever used. YMMV. -Amarendra
Re: removing sendmail
Hi Juan, Am I making any sense? Not to me. But it depends on your situation. Should I do anything special to sendmail when I install postfix? No. Just follow the instructions after installing postfix. And what of the postfix-enable command? Is this good enough? Almost. Apply the changes to rc.conf.local and root's crontab and you're good to go. Any upgrade can then be like any other regular upgrade; nothing to worry about. No magic. HTH... Nico
Re: removing sendmail
On Fri, 30 Nov 2007, Nico Meijer wrote: And what of the postfix-enable command? Is this good enough? Almost. Apply the changes to rc.conf.local and root's crontab and you're good to go. Any upgrade can then be like any other regular upgrade; nothing to worry about. No magic. Except that when doing package upgrade with pkg_add the sendmail configuration (in mailer.conf) will be restored and it won't be re-enabled until manually doing postfix-enable. At least it used to be like that, correct me if the pkgtools has the needed features nowadays to prevent that. -- Antti Harri
removing sendmail
Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? I see that some people remove the binary and turn it off in rc.conf. Am I making any sense? Should I do anything special to sendmail when I install postfix? And what of the postfix-enable command? Is this good enough? // juan Looking for a X-Mas gift? Everybody needs a Flickr Pro Account. http://www.flickr.com/gift/
Re: removing sendmail
Also, don't forget to disable sendmail completely after enabling postfix. sendmail_flags=NO in /etc/rc.conf.local and removing the sendmail entry from root's crontab should do the job (plus stopping existing sendmail processes). 2007/11/30, Josh [EMAIL PROTECTED]: From memory after you install the postfix package, it tells you what to do to run postfix instead of sendmail. Sendmail binarys will still exist, but only postfix will be used, even for when a sendmail command is issued, due to mailer.conf I think it is. Juan Miscaro wrote: Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? I see that some people remove the binary and turn it off in rc.conf. Am I making any sense? Should I do anything special to sendmail when I install postfix? And what of the postfix-enable command? Is this good enough? // juan Looking for a X-Mas gift? Everybody needs a Flickr Pro Account. http://www.flickr.com/gift/
Re: removing sendmail
Juan Miscaro wrote: Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? Yes, but you don't want to. Recompile using skipdir and do a fresh install using your frankenbuild.
Re: removing sendmail
Juan Miscaro wrote: Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? I see that some people remove the binary and turn it off in rc.conf. Am I making any sense? Should I do anything special to sendmail when I install postfix? And what of the postfix-enable command? Is this good enough? Hello, Juan. Have a look here: http://www.flakshack.com/anti-spam/wiki/index.php at the chapter Removing sendmail and later Installing and configuring Postfix. Best wishes. Yuri A. Spirin
Re: removing sendmail
On Fri, 30 Nov 2007, Stefan Dengscherz wrote: Also, don't forget to disable sendmail completely after enabling postfix. sendmail_flags=NO in /etc/rc.conf.local and removing the sendmail entry from root's crontab should do the job (plus stopping existing sendmail processes). Postfix uses the rc conf entry to start itself up. -- Antti Harri
Re: removing sendmail
From memory after you install the postfix package, it tells you what to do to run postfix instead of sendmail. Sendmail binarys will still exist, but only postfix will be used, even for when a sendmail command is issued, due to mailer.conf I think it is. Juan Miscaro wrote: Hi, I would like to do away with sendmail as much as possible. I prefer postfix. Now I know that the sendmail binary is entwined with the system's internals but is there any way to completely get rid of it? I see that some people remove the binary and turn it off in rc.conf. Am I making any sense? Should I do anything special to sendmail when I install postfix? And what of the postfix-enable command? Is this good enough? // juan Looking for a X-Mas gift? Everybody needs a Flickr Pro Account. http://www.flickr.com/gift/