Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sendmail Removed From NetBSD

CmdrTaco posted more than 8 years ago | from the end-of-an-era dept.

248

Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

Sorry! There are no comments related to the filter you selected.

The Security Concerns (5, Informative)

eldavojohn (898314) | more than 8 years ago | (#15434431)

Well, I don't think that a short note covered much at all on why they removed it so I did some investigative work. Disclaimer: I use sendmail although I am by no means an expert at it. I'm ignoring pre-2k security issues [wikipedia.org] as that is older than five years ago.
  • A security alert [cert.org] from March of 2003 in which Sendmail has been determined to contain a buffer overflow vulnerability.
  • Another security alert [cert.org] from later that year.
  • A security alert [cert.org] also from 2003 regarding a remote buffer overflow.
  • A security alert [cert.org] from 2002 regarding a trojan horse horse sendmail distro.
  • Some freebsd specific [cert.org] Sendmail alerts.
  • A security alert [us-cert.gov] from March of 2006 (this year) regarding a race condition that may allow remote code execution by an arbitrary user.
  • A plethera of similar or smaller security concerns [cert.org] can easily be found.
  • The most recent release of Sendmail [sendmail.org] involves things like fixing possible integer overflows & unsafe use of setjmp(3)/longjmp(3) or adding time outs.

As you can see with above security concerns, Sendmail has had significant historical problems but they have been active in rectifying these problems. If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.

The largest concern seems to be the possibility of being compromised via a remote connection [deer-run.com] . If you're not using it, simply turn off the Sendmail Daemon. And I think that's why they removed it from NetBSD. Some idiot like myself might install NetBSD and leave that sucker listening on port 25. Now, there are no problems immediately because I'll have the latest version but I'm lazy and I don't patch NetBSD regularly so a few security alerts come out and then ... well, you know the rest.

Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?

Re:The Security Concerns (2, Interesting)

jtshaw (398319) | more than 8 years ago | (#15434480)

Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

What I have witnessed a lot is people who run sendmail as an open relay because they don't know any better. Not to say you can't also configure qmail or postfix to be an open relay.

The biggest reason I switched away from sendmail was I did lose data because of mbox file corruption on two occasions. Maildir is much better at protecting against that.

Qmail/Qmail-Scanner/Qmail-SPP have been doing a great job for me for the last few years.

Re:The Security Concerns (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15434583)

Honestly, I've never heard of anyone being hacked through sendmail either

Generally because people don't brag about being hacked, and folks aren't always sure about the attack vector. I run Postfix these days primarily because of speed, there is no comparison between Sendmail and Postfix on this front. I looked at QMail, but since its creator of focused on forcing me to adopt his own INIT scheme (yes, patches are available but I'd prefer ro run unpatched).

Re:The Security Concerns (4, Insightful)

arivanov (12034) | more than 8 years ago | (#15434589)

Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

I had. Several times back in 1996. Made me switch to qmail and after that to exim.

As far as sendmail is concerned it is a good MTA provided that:

  • You have the money to pay for every edition of the "Hanging Bat" as it comes out. No point to even try doing anything moderately complex without it. Similarly you have to be a kbd+book person. Not all admins are.
  • You work for a large corp or edu which has fairly complex mail handling requirements. Less complex cases can happily get around using Exim or Postfix.
  • You intend to buy commercial software for some functions. The choice for commercial interfacing of archiving, compliance, AV, AntiSPAM on Unix is between milter and milter. Very few products interface into something else like exim filters.

Re:The Security Concerns (2, Informative)

dodobh (65811) | more than 8 years ago | (#15435395)

Complex mail handling requirements such as? Postfix handles most stuff fine (and if you have really complex policies, pushing those policies into an external policy daemon is recommended).

As for milters, the latest Postfix snapshots are adding milter support.

Re:The Security Concerns (0)

Anonymous Coward | more than 8 years ago | (#15434497)

If you're not using it, simply turn off the Sendmail Daemon. And I think that's why they removed it from NetBSD. Some idiot like myself might install NetBSD and leave that sucker listening on port 25. Now, there are no problems immediately because I'll have the latest version but I'm lazy and I don't patch NetBSD regularly so a few security alerts come out and then ... well, you know the rest.

No. Sendmail listens on localhost.25 on the default installation of NetBSD.

Re:The Security Concerns (5, Funny)

Anonymous Coward | more than 8 years ago | (#15434562)

Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?

Some time ago there was a 'hacker' movie made here in Poland. And there was a rather funny scene, where two main characters were trying to break into some server. Best part below:

(from memory)
H1: Wow, this thing is a real fortress...
H2: Did you try to get through sendmail using emacs?

Re:The Security Concerns (1)

JReykdal (637757) | more than 8 years ago | (#15434633)

There was an incident regarding Emacs and "movemail" in the '80's.

Re:The Security Concerns (1)

jacksonj04 (800021) | more than 8 years ago | (#15435193)

It's obviously the same people who wrote Swordfish, with the "Triple DES connection" linking into every bank. Normally my suspension of disbelief is quite good, but I actually burst out laughing at that one.

Re:The Security Concerns (1)

DenDude (922896) | more than 8 years ago | (#15435250)

Puh-leeze, the most annoying "pull-you-out-of-the-movie" moment for me was Jeff Goldblum writing the ID4 virus to take out the shields on the mothership, and then connecting with "AlienOS Airport". *blech*

Re:The Security Concerns (0)

Anonymous Coward | more than 8 years ago | (#15435302)

cmon. You're watching an aliens movie and complaint about fiction in the computer part?

Re:The Security Concerns (0)

Anonymous Coward | more than 8 years ago | (#15434586)

I have seen those references to "extensive discussions" but I haven't found them. Has anyone?

Re:The Security Concerns (2, Informative)

archen (447353) | more than 8 years ago | (#15434595)

I'm not sure about NetBSD, but in FreeBSD you can remove Sendmail entirely. Add "NO_SENDMAIL=true" to make.conf. During your next buildworld sendmail (and related stuff) will not be built. After installworld, do a search for old files - particularly /usr/libexec/sendmail I think is the location. Then install another MTA from ports if you need one.

8 years after "The Worm" Snedmail is closed (4, Informative)

sgent (874402) | more than 8 years ago | (#15434644)

You've never heard of a security issue with sendmail??!!!?? Time for a history lesson. Although obviously fixed now, Sendmail was the main culprit in the first internet worm ever found in the wild.

The Internet Worm of 1988 -- Introduction by Francis Litterio

The below document tells the story of the Internet Worm of 1988 and how it effectively shut down the Internet. I didn't write it, but it's hard to find it on the net these days, so I offer it here on the theory that those who fail to learn from history are doomed to repeat it.

I remember when it happened. It was a big deal to computer people like me, but in 1988 the Internet was unknown even to the most sophisticated media reporters, and the World Wide Web had not been invented yet. I remember the NBC Evening News devoting less than 30 seconds to the topic. If an equally severe disruption of the Internet were to happen today, the President of the United States would probably hold a press conference to calm the nation.

Google Cache to the Article by Don Seeley, Univ. of Utah [64.233.187.104]

Re:8 years after "The Worm" Snedmail is closed (-1, Offtopic)

rbanffy (584143) | more than 8 years ago | (#15434722)

And probably invade a country or two and run for a third (gulp) term.

Maybe I should stop giving them ideas.

Re:The Security Concerns (1)

Alioth (221270) | more than 8 years ago | (#15435144)

The original worm spread through Sendmail - the Morris worm of the late 1980s spread through a security flaw in Sendmail.

Re:The Security Concerns (1)

maw (25860) | more than 8 years ago | (#15435152)

If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.

What an idiotic thing to say.

Even for Slashdot.

Re:The Security Concerns (1)

willCode4Beer.com (783783) | more than 8 years ago | (#15435380)

Didn't they have to remove sendmail to conform with the Jesux directive?

Good riddance (2)

bblazer (757395) | more than 8 years ago | (#15434437)

It is about time that this archaic MTA gets the boot. I did so on my servers a few years ago. Configuration and security are a nightmare and it didn't have to be that way.

Re:Good riddance (3, Insightful)

Kadin2048 (468275) | more than 8 years ago | (#15434508)

Yeah, I'm with you there. Aside from inertia and sysadmin familiarity, I can't quite figure out why someone would consciously choose Sendmail over the alternatives today. There are other MTAs that are faster, more secure, and miles easier to work with, that offer an equivalent or better featureset, and are just as Free.

I think it's high time we put Sendmail out to pasture.

Provide examples (1)

bogaboga (793279) | more than 8 years ago | (#15434570)

> There are other MTAs that are faster, more secure, and miles easier to work with, that offer an equivalent or better featureset, and are just as Free.

Please provide examples, and if possible, tell us how easy or difficult it is to set them up. That way, your comment will be more useful to a n00b like me. Thanx.

Re:Provide examples (0)

Anonymous Coward | more than 8 years ago | (#15434614)

Plenty of those, QMAIL and Postfix come to mind immediately.

Re:Provide examples (2, Informative)

liliafan (454080) | more than 8 years ago | (#15434654)

Postfix is based on sendmails codebase, with much stronger security features and a lot of the more complex configuration hidden away. It is very fast and featureful.

Qmail is a fairly secure pretty fast MTA it is very modular and very suited to sites with multiple domains to handle.

There is others such as exim, james, etc but Sendmail, Postfix and Qmail are the 3 biggest I think next would be exim (it used to be the default in debian I don't know if it still is).

Personally I would recommend postfix if you are handling just your own email, I use postfix, courier-imapd, spamassassin, amavisd, clamav, maildrop, and procmail and I haven't had a single security incident on my system (knock on wood), additionally I have about a 99% success rate catching spam with almost no false positives.

Re:Provide examples (4, Interesting)

dskoll (99328) | more than 8 years ago | (#15434731)

liliafan wrote: Postfix is based on sendmails codebase

Completely wrong. Postfix was written from scratch; it shares no code with Sendmail.

I still use Sendmail because Milter is a killer feature. It is the sweetest API for mail filtering/mangling/processing. I should note that Wietse Venema has started implementing Milter compatibility in Postfix, and I'm following that development eagerly.

Re:Provide examples (1)

liliafan (454080) | more than 8 years ago | (#15434816)

I apologise you are 100% correct, I was only half concentrating when I typed that, I mean't to say.

Postfix is based on sendmails feature set.....

once again sorry for misleading you, that is what happens when you are discussing porting code with a co-worker whilst typing a response on slashdot :op

Re:Provide examples (4, Informative)

Kadin2048 (468275) | more than 8 years ago | (#15434758)

Personally, I use Postfix. It's Free, it's intelligently designed (by this guy [porcupine.org] , if you were wondering), it's much easier to set up to be secure, and it has a certain level of Sendmail compatibility, so that older programs that assume you're running Sendmail don't barf when you switch.

The biggest architectural difference between Sendmail and Postfix is that Postfix has many small executables (arguably, many not-so-small executables) while Sendmail is monolithic. From a user's perspective this is basically transparent: the biggest benefit to a sysadmin of running Postfix is the config files, which are as close to being self-explanatory as a MTA config file can be, in my opinion.

Sendmail always struck me as a bit of a challenge to set up securely/properly (i.e. "not an open relay"); Postfix is pretty simple to get going securely, and has well-chosen default parameters (at least as I've seen it installed, on Debian) that let you set up a server that won't be immediately spewing Russian penis-enlargement emails quickly. I've never tried to set up Sendmail with SSL support, but I'm going to go out on a limb and guess that it's easier to do this with Postfix as well.

I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems). Plus I use flat mbox files and the situation may be totally different with the more modern database-type mailstores. (Yeah, yeah, I know -- 1986 called and they want their file format back and all that. But it works for me.)

There are other choices out there for MTAs, and I'm sensitive to arguments in favor of them and I'm not trying to say that Postfix is necessarily the best possible thing out there for everyone, but at least in my experience it beats the hell out of Sendmail. If somebody wants to jump in here and discuss qmail or exim, and why they think they're great, please do.

Re: (2, Interesting)

XPACT (711220) | more than 8 years ago | (#15435010)

I am not the original poster, but I can give you some examples too. I had worked with Sendmail, Qmail, Postfix, Exim, Xmailserver and Zmail. I needed SMTP-AUTH and virtual users, virtual domains, same user names different domains etc. The last time I touched sendmail was version 8.12.something I guess, I was able to configure Sendmail the way I wanted after spending lot of time reading, it worked for me but I decided to try some other MTAs as well. I was abler to do the simular configuration with Qmail, I was not able to do it with Exim and Postfix, but to be quite honest I didn' spend much time with them. Didn't spend much time with Zmailer either. Then I have discovered Xmail. This thing is awesome!!!! It is all in one package and it is very easy to configure, it has a lot of add-ons. I have been using it for more than 2 years, never had a single problem. I did install from tarball archive not from RPM. I dont' recommend using RPM archives. http://www.xmailserver.org/ [xmailserver.org]

Netcraft confirms it... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15434541)

BSD is dead...

Sendmail? Insecure? (2, Informative)

Pirogoeth (662083) | more than 8 years ago | (#15434444)

Sendmail is a pain in the ass (2, Interesting)

Chanc_Gorkon (94133) | more than 8 years ago | (#15434446)

I hate Sendmail. With that said, when properly configured, Sendmail is excellent. Getting it that way takes a metric tonne of work! This is one Open Source instance I would PAY to get the commercial version (which has a web admin interface). The sendmail.cf file has to be THE most convulted config file on ANY UNIX. Period. It's WAYYYY to easy to set this up unsecure also(open relay anyone??).

Re:Sendmail is a pain in the ass (4, Insightful)

nullset (39850) | more than 8 years ago | (#15434567)

Do you complain about how complex C is because editing object files (.o) is hard?

sendmail.cf is a compiled file. If you configure sendmail with m4, the way it's supposed to be done, it's not that hard.

ttyl,

--buddy

Re:Sendmail is a pain in the ass (1)

Gulthek (12570) | more than 8 years ago | (#15434604)

That's the new configuration process.

Re:Sendmail is a pain in the ass (4, Informative)

Megane (129182) | more than 8 years ago | (#15434694)

That's the new configuration process.

Then it's at least nine years new. The second edition of the bat-book dates to January 1997. (I don't think I've ever seen a copy of the first edition, so I don't know if the m4 config is as old as late 1993.) I've been using the m4 config since early 2000 when I first got fixed IP DSL.

Anyhow, in my experience, Sendmail also won't work right if your DNS is broken. Both the IP and MX records have to be right.

Re:Sendmail is a pain in the ass (1)

kl76 (445787) | more than 8 years ago | (#15435024)

m4 configuration is for weenies. You're not a real sysadmin till you've hand-edited a sendmail.cf :-)

Re:Sendmail is a pain in the ass (1)

Jerk City Troll (661616) | more than 8 years ago | (#15434792)

Sendmail “configuration” [okmij.org] is a Turing-complete [wikipedia.org] language. In that sense, it is unlike what most people think of in terms of configuration, which typically amounts to key-value pairs. And as another poster pointed out, you should not be editing it directly unless you have very specific needs.

Why not overhaul sendmail? (2, Interesting)

Viol8 (599362) | more than 8 years ago | (#15434456)

And I don't just mean removing exploits , I mean completely
redesigning its config files so its a lot easier to set up
and be made secure by non-gurus. There could always be a
compat mode with the old .cf file for people who don't want
to change. I don't understand why the guys behind sendmail
have never done this since I've never found anyone who liked
the .cf file or the alternative of writing .m4 files and then
converting them into .cf (yuck , what a kludge).

They did overhaul sendmail. (5, Informative)

Trigun (685027) | more than 8 years ago | (#15434472)

And named it postfix.

Re:Why not overhaul sendmail? (0)

Anonymous Coward | more than 8 years ago | (#15434577)

Using a compiled config format is actually common place and quite okay. Although I never found M4 any better than .cf most of the time, you had to keep it up to date or you'd be stuck. The main problem with your post however is that the security problems were with the daemon itself not poor configuration, the configuration rarely had anything to do with the security exploits sendmail has had over the past umteen years.

I'm not convinced by it being taken out however, I think the number of exploits over time relates more to it's age than it's quality. Bind has the same problem. The latest sendmails are exploit free for longer just like most apps patched recently.

Re:Why not overhaul sendmail? (3, Insightful)

BenjiTheGreat98 (707903) | more than 8 years ago | (#15434783)

They are currently doing a complete recode of sendmail. It is called Sendmail X and it is supposed to have security in mind from the ground up. It's currently in beta. sendmail.org has more info about it than I do. I believe I heard it will have an easier config file as well, the .ini style that a lot of other programs use.

Let the qmail flamery begin! (5, Funny)

Gothmolly (148874) | more than 8 years ago | (#15434457)

Now we will descend into a flamewar of qmail vs. courier vs. whateverMTAyouuse. Gentlement, choose one or more of your arguments:

Qmail is more secure.
Yes, the qmail author is a (code wizard|douchebag|weird academic) so I (will|will not) use qmail.
Courier is cooler because it includes an IMAP server in its distribution.
Sendmail is fine these days, its just the n00bs that admin it that make it broken.
Yeah but so is Windows.
So's your mother.
I run on so I'm not affected.
I outsourced my email to gmail and (couldn't be happier|hate it|Google rules|Google is teh evil).
BSD is dying.
BSD is alive.

Re:Let the qmail flamery begin! (1)

oPless (63249) | more than 8 years ago | (#15434532)

Exim for teh win

Re:Let the qmail flamery begin! (1)

Temkin (112574) | more than 8 years ago | (#15434612)



Bleh.... That's supposed to be easier to configure?

Re:Let the qmail flamery begin! (1)

ajs318 (655362) | more than 8 years ago | (#15434940)

Exim is easier to configure than Sendmail {not that that's really saying much}. At least, it always used to be -- till they broke up the configuration into lots of little files. You always knew where you were with exim.conf.

However, Exim is licenced under the GPL {which insists for you to respect other people's code}, so probably not a good choice for a BSD system. And you probably also won't want to use it if you went to Oxford .....

Re:Let the qmail flamery begin! (1)

cortana (588495) | more than 8 years ago | (#15435279)

FYI, the split-files config is a Debian, specific mdofication. It can be disabled if you 'dpkg-reconfigure exim4-config' and choose the 'one big config file' option.

You can also completley override the Debian configuration mechanism by creating an /etc/exim4/exim.conf file, which exim will use instead of the Debian configuration mechanism.

Re:Let the qmail^W flamery begin! (1)

oPless (63249) | more than 8 years ago | (#15435005)

It's much easier for me YMMV though.

Re:Let the qmail flamery begin! (1)

MichaelSmith (789609) | more than 8 years ago | (#15434627)

Now we will descend into a flamewar of qmail vs. courier vs. whateverMTAyouuse.

Well, if you really want to...

I run my two web servers on netbsd. I have an install script which sets it up the way I like. This script removes sendmail when it installs netqmail.

Its no real problem for me, just two lines of ksh. But mail software doesn't really belong in the base system. The software you want is just a pkg_add away (not qmail unfortunately).

I think this is a good move. NetBSD will be better for it. And I do think DJB needs to move into at least the 1990's where it comes to software distribution.

Re:Let the qmail flamery begin! (2, Funny)

just_another_sean (919159) | more than 8 years ago | (#15434714)

Bah. Without confirmation from Netcraft I'm not buying any of it.

Yes! (1)

numbsafari (139135) | more than 8 years ago | (#15434740)

Yes, the qmail author is a weird academic code wizard douchebag so I will definitely use qmail!

This really sucks (1)

kernelpanicked (882802) | more than 8 years ago | (#15434463)

I'm glad the poster found this change humorous. I know I will when I'm formatting NetBSD from the FreeBSD installer on all my servers.

Re:This really sucks (1, Informative)

Anonymous Coward | more than 8 years ago | (#15434764)

Not sure what your are saying, English must be your second language.

Anyway, if you mean you are going to install FreeBSD over your existing NetBSD installs on "All your servers" then you are a dumbass. Sendmail is still in pkgsrc. Try this.

cd /usr/pkgsrc/mail/sendmail
make install

Duh.

Eric Allman (1)

NynexNinja (379583) | more than 8 years ago | (#15434468)

On his development box, he used to keep the source code to unpublished exploits in his home directory that effected the current version of sendmail. You would think he puts these problems in the source tree himself for his own benefit.

Re:Eric Allman (2, Funny)

Maffy (806058) | more than 8 years ago | (#15434602)

<grammar-nazi>

On his development box, he used to keep the source code to unpublished exploits in his home directory that effected the current version of sendmail.

So the unpublished exploits actually brought about the current version of sendmail? That explains quite a lot actually.

Here [purdue.edu] is a description of the difference between "effect" and "affect."

</grammar-nazi>

sendmail.cf test (4, Insightful)

cowbutt (21077) | more than 8 years ago | (#15434470)

But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

In that the mediocre admins will bodge some hacks into sendmail.cf to make sendmail appear to perform the job they need it to, whilst the best admins will take the presence of sendmail.cf as an indication that they need to remove sendmail and replace it with something that's actually fit [qmail.org] for [exim.org] purpose [postfix.org] ? :-P

Re:sendmail.cf test (4, Insightful)

tqbf (59350) | more than 8 years ago | (#15435040)

Exim is not a secure replacement for Sendmail. qmail and Postfix were both designed explicitly for security, and include:

  1. Privilege seperation
  2. Rewritten IO and string libraries
  3. Minimal-privilege SMTP listeners
  4. The backing of a security luminary (Bernstein or Venema)

Exim was designed as a modernized SMail. It's got the same monolithic architecture as Sendmail has, meaning security vulnerabilities in Exim are less survivable than they are in qmail or Postfix, where a buffer overflow (none of which have ever been found, unlike in Exim) only gets you a one-off UID.

I don't know how Exim has managed to brand itself as one of the "secure MTAs", but it's just a marketing trick.

Replacement? (2, Interesting)

meh13579 (975202) | more than 8 years ago | (#15434483)

So what are they planning on replacing it with; if anything?

Re:Replacement? (1)

Ritz_Just_Ritz (883997) | more than 8 years ago | (#15434520)

I replaced sendmail on all my machines around 1999-ish with postfix and never felt the need to look back. It just works and takes about 10 minutes to learn how to configure. It's also hands-down faster if you've got to deal with large volumes of mail.

There's also qmail, but I could never get past the "if you want qmail you'd better be willing to install all of djb's other tools too" thing.

Re:Replacement? (1)

liliafan (454080) | more than 8 years ago | (#15434726)

To play devils advocate (because I do use postfix), but sendmail can be a lot faster than postfix when correctly configured by an M4 / cf master, due to the ability to really get into the guts of sendmail when configuring it, you can remove a lot of the cruft if you have a specialised task in this instance sendmail beats the pants off of postfix.

However that said in most cases the default installs of both, postfix is generally faster, although if it only took you 10 minutes to configure I would suggest spending a couple of hours reading up on how to configure postfix since there is a lot of performance enhancing techniques that can be applied with some more advanced configuration methods.

Re:Replacement? (4, Informative)

perry (7046) | more than 8 years ago | (#15435137)

Postfix was made the default mailer.

Re:Replacement? (1)

kl76 (445787) | more than 8 years ago | (#15435187)

postfix has been shipped with NetBSD since 1.5.

Re:Replacement? (1)

kv9 (697238) | more than 8 years ago | (#15435355)

So what are they planning on replacing it with; if anything?

postfix has been included [netbsd.org] for quite some time now. i s'pose it'll default to that in the next releases.

Golly Gosh! (0)

Anonymous Coward | more than 8 years ago | (#15434485)

Sendmail was created by the devil!!!

I am tech savvy, and the sendmail config file is the biggest pile of poo I have ever seen. I would like to know what drugs the creators were taking when they thought it all up. They should have written stories like other people on drugs did. Eg, Alice in wonderland, Fear and loathing, the waterbabies.

Drugs and stories go well, drugs and program configs do not!!!

Unintentional humour (4, Funny)

WalterGR (106787) | more than 8 years ago | (#15434499)

Did a little googling for sendmail.cf - the sendmail configuration file - and found this gem [bga.org] . The unintentional humour on the last line is hilarious:

The sendmail.cf has long been renowned for sending system administrators away fleeing in panic...

Just take a look at it on any system; it has traditionally been described as looking like an explosion in a punctuation factory.

The good news is that things are much worse than they look.

they look much worse (1)

drewzhrodague (606182) | more than 8 years ago | (#15435259)

The sendmail.cf has long been renowned for sending system administrators away fleeing in panic

Sendmail isn't so bad. Nowadays, you can install a package, and fire off it's daemon, and it will work. In the old days, you had to edit sendmail.cf with a hex editor, and prod the bits into place using a 15-foot pole in either hand. Jeez, these kids have it easy with their M4 configs now!

Sendmail useful? (2, Funny)

stjobe (78285) | more than 8 years ago | (#15434502)

Sendmail was more useful as a litmus test than as an MTA

The entity that was Sendmail, last manifestation of Chaos which would remain with this new distribution as it grew, looked down on the corpse the system administrator and smiled.
'Farewell, friend. I was a thousand times more evil than thou!'
And then it leapt from NetBSD and went spearing upwards, its wild voice laughing mockery at System Security; filling the universe with its unholy joy.

Re:Sendmail useful? (-1)

Anonymous Coward | more than 8 years ago | (#15434553)

Arioch! Arioch! Blood and souls for my lord Arioch!

Re:Sendmail useful? (1)

ATMosby (746034) | more than 8 years ago | (#15434759)

Snort. Now I've coffee all over my keyboard.

Well (5, Funny)

Anonymous Coward | more than 8 years ago | (#15434505)

I run Windows, so thankfully I don't have to worry about this kind of security issue.

Re:Well (1)

TheZorch (925979) | more than 8 years ago | (#15434636)

You don't have to worry about that security issue because Windows has more than enough to go around and you don't really need to add another on top of it. :-)

Dangerous creation (1)

Kadin2048 (468275) | more than 8 years ago | (#15434864)

You laugh, but I once saw someone install IndigoMail (basically Sendmail-for-Windows) on Windows ME.

Struck me as being the computational equivalent of a big table saw with the safety shields removed. It's the sort of thing you just wince to look at because you know, some day, it's going to cause somebody a lot of pain.

Linux is too heavy as it is... (1)

harshmanrob (955287) | more than 8 years ago | (#15434510)

I have always believe most Linux distros are too heavy as it is. I like OpenBSD and others that are light where I download and build the applications I want. The idea of sendmail, apache, and openldap prebuilt or in RPM packages sucks, at least in my opinion. I usually spent 2 or 3 hours pulling packages off the SLES 9 "minimum" install before I can make it usable for whatever we need the server to do so it will pass the nmap, nessus, and security network scan.

Re:Linux is too heavy as it is... (2, Informative)

molarmass192 (608071) | more than 8 years ago | (#15434820)

I sort of agree with you. I'd like Novell to put out something like an official SLICK [opensuse.org] which would be optimized for GUI-less implementations and built to run in the smallest footprint possible (ie. less than 50M). If it was included as an option in the stock SuSE, then wow. Now, as for spending 2-3 hours running rpm -ev / yast pulling packages from SLES to make it usable, somehting isn't right there. First off, you should have setup a test server to determine your needs. Once that's done, create an AutoYast install script (think RH KickStart) to do your production installs (eg. yast2 autoyast). Second, even if unneeded pacakges are installed, you can easily disable the cruft services you don't need in Yast->System->Services, I'd guess in under 5 minutes start to finish. [suse.com]

Re:Linux is too heavy as it is... (1)

John Nowak (872479) | more than 8 years ago | (#15434877)

Interesting comments, considering that sendmail comes with OpenBSD by default.

Re:Linux is too heavy as it is... (0)

Anonymous Coward | more than 8 years ago | (#15434894)

Say it with me, BSD is not Linux....

What's the alternative? (1)

kestasjk (933987) | more than 8 years ago | (#15434517)

I use FreeBSD, and all the output of my cron scripts (including the default periodic daily/weekly/monthly) are mailed to root locally, through sendmail. This is the only reason I keep sendmail up, despite the security problems.

On a default NetBSD installation where does the cron output go?

Re:What's the alternative? (4, Informative)

jmcneill (256391) | more than 8 years ago | (#15434597)

On a default NetBSD installation where does the cron output go?

Postfix has been in the tree for a while, and will now be the default MTA.

Re:What's the alternative? (1)

MichaelSmith (789609) | more than 8 years ago | (#15434701)

On a default NetBSD installation where does the cron output go?

Right now it goes to sendmail. I assume that there will be a 3.1 release soon so that will be the next without sendmail.

The mail transport seems to be configured in /etc/mailer.conf

Maybe I should look at that editing that file rather than using the sendmail program which comes with qmail.

Re:What's the alternative? (1)

jmcneill (256391) | more than 8 years ago | (#15434789)

Right now it goes to sendmail. I assume that there will be a 3.1 release soon so that will be the next without sendmail.

The 3.x branch is a stable release branch; sendmail was removed from HEAD. You should see the first version of NetBSD without sendmail in base along with the 4.0 release.

Re:What's the alternative? (1)

Kadin2048 (468275) | more than 8 years ago | (#15435007)

My understanding was that Postfix simulates enough of Sendmail in order to keep stuff like this working. I have a number of Debian systems without Sendmail, and I get their cron output without any problems. Stuff that's piped to mail on the commandline also functions fine (which is nice, because I've used that pretty heavily in some of my backup scripts, emailing me logs and such).

What gets a lot of people, I think, is that in order for Postfix to replace Sendmail for all functions, Postfix has to overwrite some Sendmail files: depending on how you install Postfix, this may not happen. (E.g.: /usr/sbin/sendmail) My solution was just to purge Sendmail completely, then install Postfix -- brutal and inelegant, but it worked. I'm sure there are more graceful ways to transfer it over (I think there's an RPM package for switching...?), so it's probably worth investigating.

But one of Postfix's strengths as I've been told them has always been its ability to take the place of Sendmail in many instances, so you really shouldn't be kept from using it due to your cron jobs.

Best way to measure Bat Book size? (5, Funny)

Anonymous Coward | more than 8 years ago | (#15434523)

  1. number of pages.
  2. thickness.
  3. Schwarzchild radius.

define insecure (0)

Anonymous Coward | more than 8 years ago | (#15434552)

It's Like... (1)

zaguar (881743) | more than 8 years ago | (#15434563)

It's like leaves falling from a dead tree.

*rimshot*

Be serious (2, Insightful)

lrosa (700381) | more than 8 years ago | (#15434573)

The purpose of sendmail is to transfer mail from host A to host B, not to be a filter against mediocre SysAdmin.

I think that sendmail.cf is the worst written configuration file and a good SysAdmin has edited the SECOND part of it almost once, but never twice because the second time he removed sendmail and installed something better.

Re:Be serious (1)

MichaelSmith (789609) | more than 8 years ago | (#15434742)

I think that sendmail.cf is the worst written configuration file and a good SysAdmin has edited the SECOND part of it almost once, but never twice because the second time he removed sendmail and installed something better.

I used to run a stock linux configuration on my co-lo. After a while I realised that I had an open mail relay running. I bought a book called "sendmail for linux" and the (unstated but very clear) conclusion from the book was to run something other than sendmail.

Re:Be serious (2, Informative)

ajs318 (655362) | more than 8 years ago | (#15435383)

The format of sendmail.cf made perfect sense when sendmail was written, however many years ago it was. In those days, people were smart and machines were stupid.

When you look at modern programs with their fancy-pants SQL and XML configurations, they may be easier for a human being to understand; but they're also a hell of a lot of work for the computer to understand, precisely because of all the human-readable cruft. Twenty or thirty years ago, there wasn't the computing power to waste on processing such a config file; it was simply less effort, and more productive, to get a human being to bond well enough with the computer to be able to create a sendmail.cf from scratch.

Admin test (0)

Anonymous Coward | more than 8 years ago | (#15434590)

But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)
Would someone care to explain, to improve our education?

Good (-1)

hey (83763) | more than 8 years ago | (#15434594)

Sendmail was impossible designed before the Internet.
(Was it designed?) Didn't address security at all.

the best admins (1)

WindBourne (631190) | more than 8 years ago | (#15434609)

removed it and installed something like postfix; secured.

Re:the best admins (0)

Anonymous Coward | more than 8 years ago | (#15434724)

You forgot to add:

"At least 5 years ago".

How to tell... (1)

gb7djk (857694) | more than 8 years ago | (#15434729)

The way to tell is to measure how long it takes for the sysadmin to a) notice that it runs sendmail and b) changes it for something else. Personally I use exim [exim.org] , but just about anything is better than sendmail.

Having said that: I would not touch qmail with a bargepole either.

Postfix? (0)

Anonymous Coward | more than 8 years ago | (#15434779)

Will Postfix be now default MTA on NetBSD as it is included in base distribution?

Re:Postfix? (1)

perry (7046) | more than 8 years ago | (#15435162)

Yes, Postfix is now the default MTA.

Autoconf (0)

Anonymous Coward | more than 8 years ago | (#15434782)

We still have autoconf for this test !

sendmail (0)

Anonymous Coward | more than 8 years ago | (#15434839)

I love sendmail, my sendmail.cf and sendmail hacking skills are legendary.

It was sendmail that seperated the men from the boys.

I will fly my flag at half mast today.

I am scratchy_butt_hands.

Litmus test (2, Insightful)

IGnatius T Foobar (4328) | more than 8 years ago | (#15434965)

Sendmail was more useful as a litmus test than as an MTA ;)

Actually, that was UUCP. Back when you couldn't just search the web for documentation, if you wanted to get UUCP running you had to figure it out yourself. If you could do a full mesh of three machines into a UUCP network then you were a guru indeed.

A Good Sign (2, Insightful)

Zetta Matrix (245803) | more than 8 years ago | (#15434992)

I don't much like sendmail, and there are better alternatives for the overwhelming majority of cases (particularly as far as standard installs go).

Here's hoping that this move by NetBSD is a sign that even more Unix-like operating systems and distributions will take this approach. The time has come for sendmail to be an option, not the default.

After cutting teeth on it, move on (1)

fak3r (917687) | more than 8 years ago | (#15434996)

I cut my teeth on Sendmail about 5 years back, but only stuck with it for 2. When I'd have it working I wouldn't want to change anything, since I'd break it for days. After that I moved on to Postfix with a saner config setup, and logfiles that (for me) were much easier to read. It's still not as easy to configure as something like Dovecot's IMAP service, but that's not an MTA. Still, I would love to see Postfix use a .conf file that is as straight forward as dovecot.conf.

Will configure Sendmail for food! (0)

Anonymous Coward | more than 8 years ago | (#15435070)

Work that bandwagon, people - groupthinkgroupthink (1)

Medievalist (16032) | more than 8 years ago | (#15435237)

If sendmail is so egregiously evil, how come most alternatives to sendmail are basically less functional sendmail clones?

Wietse Venema's Postfix [postfix.org] and Eric Allman's Sendmail X [sendmail.org] are API-compatible total rewrites of sendmail. Postfix is currently stronger, but sendmail X implements pretty much the same shite as postfix, so the advantage is code maturity - right now postfix is arguably better than sendmail 8 (which is what NetBSD ditched, incidentally) and when sendmail X gets its legs it will probably be even better. Each one incorporates lessons learned from its predecessor.

Run postfix if you are starting from scratch; it's easier to learn. If you already know sendmail, or you need antique transports, run sendmail 8; it is more flexible. When sendmail X is mature, run that (run it now on your test machines). When the next evolution of MTAs arrives, with telepathic agents and antigravity packaging, run that.

Remember that the criticisms being leveled against sendmail 8 are equally valid when applied to old-school unices like NetBSD. Ancient codebase, long history of security problems, tough learning curve, etc. But *nix still has its uses (particularly the newer rewrites like linux).

No sendmail? So in otherwords.... (1)

xmorg (718633) | more than 8 years ago | (#15435322)

BSD will not stall when the ip/hostname is not correct? You mean it still boots if you havent configured for the internet? SWEEET!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?