> Have you ever noticed that OpenBSD and FreeBSD install > Sendmail as part of their default installs? I just installed OpenBSD 2.9 today > on a test box (I know there are new versions). I was shocked to find Sendmail > running on this OS which claims to offer a "secure" default install.
As one of the FreeBSD committers I am well aware of this. > Granted, I checked the OpenBSD site regarding their implementation of > Sendmail, and they have made some security changes to it. > However, given its track record, why is Sendmail a part of the default installs on > these *BSD flavors? Why is it part of ANY default install??? The latest sendmail versions have abandoned the concept of running as root and have specialised uids for files and directories. Also, the rc.conf which gets placed in /etc/defaults/ has sendmail_enable="NO" in 5-CURRENT. And has "YES" in 4-STABLE's sendmail_enable due to the Principle of Least Astonishment (POLA), so not to change things in a major release mid-way through. But 4-STABLE is very up-to-date with sendmail versions. Also, since OpenBSD and FreeBSD both have scripts running periodically which need to send email to root you either need a MTA or a nullmailer. I know that within FreeBSD we are working hard on getting the system a bit more modular at installation time so that if somebody wants to install Postfix can do so. The basic reasoning though is that a MTA is still a standard part of the Unix system. The major problem you are going to tread on is the fact that the whole: bash/ksh/zsh/(t)csh, sendmail/postfix/exim/qmail, vim/emacs/ee/ed and related topics are very subjective and close to being religious for people. --Jeroen Ruigrok N.B.: op (de inhoud van) deze e-mail is een DISCLAIMER met belangrijke VOORBEHOUDEN van toepassing: zie http://www.ben.nl/disclaimer This e-mail and its contents are subject to a DISCLAIMER with important RESERVATIONS: see http://www.ben.nl/disclaimer