Slashdot Mirror
Sendmail Removed From NetBSD
Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)
As you can see with above security concerns, Sendmail has had significant historical problems but they have been active in rectifying these problems. If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.
The largest concern seems to be the possibility of being compromised via a remote connection. If you're not using it, simply turn off the Sendmail Daemon. And I think that's why they removed it from NetBSD. Some idiot like myself might install NetBSD and leave that sucker listening on port 25. Now, there are no problems immediately because I'll have the latest version but I'm lazy and I don't patch NetBSD regularly so a few security alerts come out and then
Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?
My work here is dung.
It is about time that this archaic MTA gets the boot. I did so on my servers a few years ago. Configuration and security are a nightmare and it didn't have to be that way.
My
I just don't believe it...
Happiness is like peeing yourself. Everybody can see it but only you can feel its warmth.
I hate Sendmail. With that said, when properly configured, Sendmail is excellent. Getting it that way takes a metric tonne of work! This is one Open Source instance I would PAY to get the commercial version (which has a web admin interface). The sendmail.cf file has to be THE most convulted config file on ANY UNIX. Period. It's WAYYYY to easy to set this up unsecure also(open relay anyone??).
Gorkman
And I don't just mean removing exploits , I mean completely .cf file for people who don't want .cf file or the alternative of writing .m4 files and then .cf (yuck , what a kludge).
redesigning its config files so its a lot easier to set up
and be made secure by non-gurus. There could always be a
compat mode with the old
to change. I don't understand why the guys behind sendmail
have never done this since I've never found anyone who liked
the
converting them into
Now we will descend into a flamewar of qmail vs. courier vs. whateverMTAyouuse. Gentlement, choose one or more of your arguments:
Qmail is more secure.
Yes, the qmail author is a (code wizard|douchebag|weird academic) so I (will|will not) use qmail.
Courier is cooler because it includes an IMAP server in its distribution.
Sendmail is fine these days, its just the n00bs that admin it that make it broken.
Yeah but so is Windows.
So's your mother.
I run on so I'm not affected.
I outsourced my email to gmail and (couldn't be happier|hate it|Google rules|Google is teh evil).
BSD is dying.
BSD is alive.
I want to delete my account but Slashdot doesn't allow it.
I'm glad the poster found this change humorous. I know I will when I'm formatting NetBSD from the FreeBSD installer on all my servers.
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
On his development box, he used to keep the source code to unpublished exploits in his home directory that effected the current version of sendmail. You would think he puts these problems in the source tree himself for his own benefit.
In that the mediocre admins will bodge some hacks into sendmail.cf to make sendmail appear to perform the job they need it to, whilst the best admins will take the presence of sendmail.cf as an indication that they need to remove sendmail and replace it with something that's actually fit for purpose? :-P
And named it postfix.
So what are they planning on replacing it with; if anything?
Sendmail was created by the devil!!!
I am tech savvy, and the sendmail config file is the biggest pile of poo I have ever seen. I would like to know what drugs the creators were taking when they thought it all up. They should have written stories like other people on drugs did. Eg, Alice in wonderland, Fear and loathing, the waterbabies.
Drugs and stories go well, drugs and program configs do not!!!
Did a little googling for sendmail.cf - the sendmail configuration file - and found this gem. The unintentional humour on the last line is hilarious:
The Online Slang Dictionary
The entity that was Sendmail, last manifestation of Chaos which would remain with this new distribution as it grew, looked down on the corpse the system administrator and smiled.
'Farewell, friend. I was a thousand times more evil than thou!'
And then it leapt from NetBSD and went spearing upwards, its wild voice laughing mockery at System Security; filling the universe with its unholy joy.
"Total destruction the only solution" - Bob Marley
I run Windows, so thankfully I don't have to worry about this kind of security issue.
I have always believe most Linux distros are too heavy as it is. I like OpenBSD and others that are light where I download and build the applications I want. The idea of sendmail, apache, and openldap prebuilt or in RPM packages sucks, at least in my opinion. I usually spent 2 or 3 hours pulling packages off the SLES 9 "minimum" install before I can make it usable for whatever we need the server to do so it will pass the nmap, nessus, and security network scan.
I use FreeBSD, and all the output of my cron scripts (including the default periodic daily/weekly/monthly) are mailed to root locally, through sendmail. This is the only reason I keep sendmail up, despite the security problems.
On a default NetBSD installation where does the cron output go?
// MD_Update(&m,buf,j);
http://openbsd.org/faq/faq1.html#HowAbout
*rimshot*
"Sure there's porn and piracy on the Web but there's probably a downside too."
Please provide examples, and if possible, tell us how easy or difficult it is to set them up. That way, your comment will be more useful to a n00b like me. Thanx.
The purpose of sendmail is to transfer mail from host A to host B, not to be a filter against mediocre SysAdmin.
I think that sendmail.cf is the worst written configuration file and a good SysAdmin has edited the SECOND part of it almost once, but never twice because the second time he removed sendmail and installed something better.
removed it and installed something like postfix; secured.
I prefer the "u" in honour as it seems to be missing these days.
The Internet Worm of 1988 -- Introduction by Francis Litterio
The below document tells the story of the Internet Worm of 1988 and how it effectively shut down the Internet. I didn't write it, but it's hard to find it on the net these days, so I offer it here on the theory that those who fail to learn from history are doomed to repeat it.
I remember when it happened. It was a big deal to computer people like me, but in 1988 the Internet was unknown even to the most sophisticated media reporters, and the World Wide Web had not been invented yet. I remember the NBC Evening News devoting less than 30 seconds to the topic. If an equally severe disruption of the Internet were to happen today, the President of the United States would probably hold a press conference to calm the nation.
Google Cache to the Article by Don Seeley, Univ. of Utah
The way to tell is to measure how long it takes for the sysadmin to a) notice that it runs sendmail and b) changes it for something else. Personally I use exim, but just about anything is better than sendmail.
Having said that: I would not touch qmail with a bargepole either.
Yes, the qmail author is a weird academic code wizard douchebag so I will definitely use qmail!
Will Postfix be now default MTA on NetBSD as it is included in base distribution?
We still have autoconf for this test !
I love sendmail, my sendmail.cf and sendmail hacking skills are legendary.
It was sendmail that seperated the men from the boys.
I will fly my flag at half mast today.
I am scratchy_butt_hands.
You laugh, but I once saw someone install IndigoMail (basically Sendmail-for-Windows) on Windows ME.
Struck me as being the computational equivalent of a big table saw with the safety shields removed. It's the sort of thing you just wince to look at because you know, some day, it's going to cause somebody a lot of pain.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
WTS http://www.amazon.com/gp/product/1565928393, cheap.
Sendmail was more useful as a litmus test than as an MTA ;)
Actually, that was UUCP. Back when you couldn't just search the web for documentation, if you wanted to get UUCP running you had to figure it out yourself. If you could do a full mesh of three machines into a UUCP network then you were a guru indeed.
Tired of FB/Google censorship? Visit UNCENSORED!
I don't much like sendmail, and there are better alternatives for the overwhelming majority of cases (particularly as far as standard installs go).
Here's hoping that this move by NetBSD is a sign that even more Unix-like operating systems and distributions will take this approach. The time has come for sendmail to be an option, not the default.
I cut my teeth on Sendmail about 5 years back, but only stuck with it for 2. When I'd have it working I wouldn't want to change anything, since I'd break it for days. After that I moved on to Postfix with a saner config setup, and logfiles that (for me) were much easier to read. It's still not as easy to configure as something like Dovecot's IMAP service, but that's not an MTA. Still, I would love to see Postfix use a .conf file that is as straight forward as dovecot.conf.
fak3r.com
It's much easier for me YMMV though.
I am not the original poster, but I can give you some examples too. I had worked with Sendmail, Qmail, Postfix, Exim, Xmailserver and Zmail. I needed SMTP-AUTH and virtual users, virtual domains, same user names different domains etc. The last time I touched sendmail was version 8.12.something I guess, I was able to configure Sendmail the way I wanted after spending lot of time reading, it worked for me but I decided to try some other MTAs as well. I was abler to do the simular configuration with Qmail, I was not able to do it with Exim and Postfix, but to be quite honest I didn' spend much time with them. Didn't spend much time with Zmailer either. Then I have discovered Xmail. This thing is awesome!!!! It is all in one package and it is very easy to configure, it has a lot of add-ons. I have been using it for more than 2 years, never had a single problem. I did install from tarball archive not from RPM. I dont' recommend using RPM archives. http://www.xmailserver.org/
Will configure Sendmail for food!
If sendmail is so egregiously evil, how come most alternatives to sendmail are basically less functional sendmail clones?
Wietse Venema's Postfix and Eric Allman's Sendmail X are API-compatible total rewrites of sendmail. Postfix is currently stronger, but sendmail X implements pretty much the same shite as postfix, so the advantage is code maturity - right now postfix is arguably better than sendmail 8 (which is what NetBSD ditched, incidentally) and when sendmail X gets its legs it will probably be even better. Each one incorporates lessons learned from its predecessor.
Run postfix if you are starting from scratch; it's easier to learn. If you already know sendmail, or you need antique transports, run sendmail 8; it is more flexible. When sendmail X is mature, run that (run it now on your test machines). When the next evolution of MTAs arrives, with telepathic agents and antigravity packaging, run that.
Remember that the criticisms being leveled against sendmail 8 are equally valid when applied to old-school unices like NetBSD. Ancient codebase, long history of security problems, tough learning curve, etc. But *nix still has its uses (particularly the newer rewrites like linux).
The sendmail.cf has long been renowned for sending system administrators away fleeing in panic
Sendmail isn't so bad. Nowadays, you can install a package, and fire off it's daemon, and it will work. In the old days, you had to edit sendmail.cf with a hex editor, and prod the bits into place using a 15-foot pole in either hand. Jeez, these kids have it easy with their M4 configs now!
Zhrodague.net - I do projects and stuff too.
BSD will not stall when the ip/hostname is not correct? You mean it still boots if you havent configured for the internet? SWEEET!
It's still garbage. Sample "improved" sendmail config:
Sample postfix config:
I know which I'd rather edit. I mean, without looking at the manual, I've no idea what that dnl crap is about.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Sendmail X may address many of Sendmail's orginal design problems (certainly seems more modular). Or have they blotted their copy book one too many times in most people's eyes. See http://sendmail.org/sm-X/release-smX-0.1.Beta2.0.h tml
Well, how many widely used MTAs are written by somebody that put in a backdoor? Sendmail wizard (WIZ) backdoor allows anonymous remote root access
I go for Postfix these days, but Sendmail is infinitely configurable, even (Turing complete. Finally, Eric is All Man.
As for the "getting hacked via sendmail issue", I've never known anybody that has, personally, or even a friend of a friend. I know more people that got hacked via SSH (some issue around 2000 or so, I forget, but it was bad).
If I had complicated needs for an MTA, I would assume that Sendmail would be more likely to support those needs than any other MTA. Simplicity is better, though, if possible.
I never clip my fingernails for fear of dangling symbolic links.
Sendmail is pre-Internet. It was built to route mail between BITNET, UUCP, ARPAnet, JAnet, and so on, all of which had different e-mail syntax. That's why it has a big slow crufty macro engine that every message goes through, and that's why it rewrites the headers of e-mail passing through it. None of that is necessary or desirable these days. Most of sendmail's other problems, from lack of speed to poor security, flow from that initial design decision, so you really need to start again from scratch with a simple e-mail parser and build up from there.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
In the old days (up to and including the early 90s), the job of an MTA was a complicated one. You had to accept and deliver mail via several different protocols, using various types of gateways, etc.
By the early 90s, the Internet itself was almost completely settled on SMTP, but internal mail hosts weren't necessarily. I remember spending a few days reworking sendmail.cf for address rewriting to deliver gatewayed SMTP mail to an internal Lotus Notes server.
The beauty of sendmail was that there was almost always a way to do whatever screwed up thing you needed it to do. The downside, of course, was that that level of capability came at the expense of complexity.
M4: Configuring sendmail with M4 was for newbies back then. Yes, it worked most of the time for simple cases, but when you actually needed to do something more difficult than setting up a smarthost gateway, it fell on its face. Sendmail.cf was complex, but we are smart people, are we not? All those lines did something, and they were well documented. It wasn't a lunch-break job to make significant changes...but I agree with the submitter -- it was a valid litmus test of an admin's experience (and self-confidence).
Sendmail always had security problems, again due to its complexity. Sometime in the mid 90s, the reality of the situation became clear: SMTP wins, and any code that isn't for supporting SMTP is extra code that might be the cause of security problems. Sendmail was too big to die (and later, Sendmail, Inc. had other clear reasons for sticking to their path), but other MTAs emerged.
My favorite then (and still now) is qmail. I've been running qmail on hundreds of servers since 1996, and I appreciate almost everything about it. The codebase is small, well-written, fast, and once you figure out how everything works together, simple. Qmail requires a certain level of experience to admin -- there hasn't been a new version released since 1998 or so(?), and changing the config to handle spam filtering, etc, requires a solid understanding of UNIX and sometimes the ability to read a diff and decide if the patch author does things properly.
Qmail gets overlooked often because the website is completely impenetrable to most. There are other decent MTAs that do a much better job of promoting themselves. But qmail is still an excellent choice for UNIX admins who know their stuff...and no MTA is a good choice for a UNIX admin that doesn't know their stuff.
I love NetBSD but shipping with both Postfix and Sendmail was stupid. Personally, I don't think a MTA should be included at all, since Pkgsrc makes adding one trivial.
Yeah, it has some quirks. But has excellent documentation, milters, ldap routing support, advanced queue management and address rewriting features(it's 100% configurable if don't mind getting your hands dirty), it's security record is not that bad[1].
I run it on OpenBSD with spamd and clamav-milter and works like a charm.
(Just for the record, Sendmail X is being rewrited in a Postfix-like fashion.)
[1]look at the latest security bug, that's very hard to exploit!, and is the first in years!
If the ONLY measure of who the "best" SysAdmins are is a test of how well they do configuring Sendmail, then the people doing the measuring need to do some serious self-examination.
.cf file was) Sendmail. However, I've done perfectly well with both qmail and Postfix (I finally settled on Postfix, mainly because I like the way it handles blocklists better than how qmail does).
There's loads more to being a "good" or even the "best" SysAdmin, NetAdmin, or whatever other kind of admin there is than configuring one overly-complex and security-hole-ridden program. No two techies are ever going to have the same strengths and weaknesses.
For my part, I never understood (or really tried to understand, after seeing how horribly complex and obtuse the
Does this make me (or anyone else who chose a similar path) a "poor" admin? Hardly. I'm still, effectively, my own ISP, thanks to being self-hosted. My upstream gives me six statics over a DSL pipe, and I do the rest (including authoritative DNS for my domains).
Don't blame people for preferring what's simpler (and, apparently, more secure) over what's a configuration nightmare, no matter how much of a "litmus test" it's thought to be.
Bruce Lane, KC7GR,
Blue Feather Technologies
This perfectly shows that sometimes the BSD folks can be even bigger zealots than the Linux groups... glad not to be a BSD user!
No way will I ever infest my PC with crap such as qmail (software with an attitude.... the kind of attitude you usually beat into submission with a clue-by-four)
As for the references to the bat book : even v2 is still very useable, it's just lacking a few things which got added after v8.8 (such as advanced anti-spam features)
He said I'm ignoring pre-2k security issues as that is older than five years ago. [...] The Internet Worm of 1988
You said Umm, last time I checked, 1988 was more than 5 years ago.
Great, but he was referring to Y2K, not 1988. His reference to 1988 was after the five years comment you quoted.
Way to go!
Infuriate left and right
I too love NetBSD, but shipping with both vi and ed is stupid. Personally, I don't think an editor should be included at all, since pkgsrc makes adding one trivial.
What We Can Learn From BSD
By Chinese Karma Whore, Version 1.0
Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.
Let's not be overly morbid and give BSD credit for its early successes. In the 1970s, Ken Thompson and Bill Joy both made significant contributions to the computing world on the BSD platform. In the 80s, DARPA saw BSD as the premiere open platform, and, after initial successes with the 4.1BSD product, gave the BSD company a 2 year contract.
These early triumphs would soon be forgotten in a series of internal conflicts that would mar BSD's progress. In 1992, AT&T filed suit against Berkeley Software, claiming that proprietary code agreements had been haphazardly violated. In the same year, BSD filed countersuit, reciprocating bad intentions and fueling internal rivalry. While AT&T and Berkeley Software lawyers battled in court, lead developers of various BSD distributions quarreled on Usenet. In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.
As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse. As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.
Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development. BSD developers never heeded Mr. Raymond's lesson and insisted that centralized models lead to 'cleaner code.' Don't believe their hype - BSD's development model has significantly impaired its progress. Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.
The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.
It was released a little while ago. The design looks suspiciously like postfix and qmail. :)
News for Nerds. Stuff that Matters? Like hell.
I don't even send mail directly from my machines, and I've often wondered "what if I just removed sendmail completely?" Would a whole host of system admin packages (cron, logrotate, etc...) break? Or do they write to the spool directly?
Like hell. You should always have a good editor ready to go. What happens if there's a config error or other random error during install, or you can't access the Internet?
I'd question including ed when vi can do everything it can do, but I'm guessing including means a symbolic link.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
The main reason an MTA is included is because of the daily (and weekly, monthly) cron jobs that email their output to root. As one of the daily jobs is /etc/security (which compares the checksum, permissions, and timestamps of a list of system files to known values, among other things), this is a good thing. (It's also a good idea to put audit-packages in security.local, and download-vulnerability-list in daily.)
::1 -- you have to manually configure it (insert sendmail.cf snark) to listen on physical interfaces.
Just an FYI, on both NetBSD and OpenBSD (and also FreeBSD, AFAIK), the out-of-the-box configuration has sendmail listening only on 127.0.0.1 and
While pkgsrc does make installation very easy, the stuff in base undergoes more throrough audits, and usually has {Net,Open,Free}BSD-specific patches to it. While pkgsrc includes patches as well, those are usually just what's sufficient to make it run on $platform.
"It's better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
Sendmail Removed From NetBSD
In related news, Sendmail is used by 4 fewer users.
NetBSD confirms it!
That has absolutely nothing to do with Sendmail. The MTA is not responsible for writing mail to disk. That's the function of a LDA such as Procmail. If you didn't like the Berkley mbox format then you should have configured Procmail to use MailDir or switched to a different LDA. Setting up Procmail to use MailDir is quite trivial, especially if you spend a few minutes googling for the recipe instead of writing your own or copying it out of the man pages.
So in 1988, the sendmail mechanism to automatically execute e-mail at delivery is exploited by the Morris Worm.
... .
In 199x, Microsoft releases Outlook to do essentially the same thing, and history repeats itself.
One difference though. In 1988 all those running sendmail were able to close the hole immediately. Outlook
If NetBSD was configurable without an editor, I would agree with you.
I was actually around when the Morris worm hit. The vulnerability in sendmail that the Morris worm used only after failing to exploit rsh and finger (most systems, as I recall, were taken over via the finger bug) was not introduced by the authors of sendmail.
The distro vendors (Sun, for example) were shipping sendmail compiled in DEBUG mode. Which is not Eric Allman's fault; sorry to spoil your sendmail FUD, but that's the vendor's fault.
Do you ship code to your customers with all the developer debug hooks turned on? If you do, do you blame the people who wrote the code when somebody exploits a debug hook, or yourself since you're the one who compiled it stupidly?
The article you linked explains this.
I've configured NetBSD machines with just echo and cat (borked RAID controller, moving just one of the disks in the array). :-)
/etc/rc.conf". It normally comes right after "echo sshd=YES". I, for one, won't miss it. If I do need mail on a NetBSD machine, Postfix works quite nicely. If I'm actually serving Windows users with a NetBSD machine, it's normally Exim (with the integrated spamd/clamd interface), or Qmail.
:-D
Let's just say that writing an fstab is an adventure.
As for the Sendmail issue, one of my normal commands on first boot with a new NetBSD machine is "echo sendmail=NO >>
And, just to get flamed about the editors, normally the second thing I install from pkgsrc (after tcsh) is emacs.
Hi people,
I'd like to replace sendmail, but I need a certain feature called "smarttable". With this configuration I can send my mail through a single MTA and forward it automatically to the proper SMTP servers according to the envelope address. I have a few SMTP servers that only accept mails that have been sent from the correct email address.
Noone could answer how to do this with other MTAs. Any suggestions to solve my problem?
Not hitting the reply button to this one was too hard... note that I am not trying to flame, just point out a few things
/. and see the BSD is dead posts... most of them are funny, and I will mod them thus, some are insightful and again I will mod them.
Everyone knows about BSD's failure and imminent demise. As we pore over the history of BSD, we'll uncover a story of fatal mistakes, poor priorities, and personal rivalry, and we'll learn what mistakes to avoid so as to save Linux from a similarly grisly fate.
Very true... you will also uncover a community of people who share equally, rather than having one primary developer who says what can and cannot go into a kernel
In 1995, Theo de Raadt, one of the founders of the NetBSD project, formed his own rival distribution, OpenBSD, as the result of a quarrel that he documents on his website. Mr. de Raadt's stubborn arrogance was later seen in his clash with Darren Reed, which resulted in the expulsion of IPF from the OpenBSD distribution.
The fact that pf is better than ipf obviously had nothing to do with it. Personally, I hate Theo, but he is very focused on what he does. There is usally a damned good reason he does things.
As personal rivalries took precedence over a quality product, BSD's codebase became worse and worse.
wtf? OpenBSD has some of the cleanest code on the planet, it is the most secure. Where the hell did you get that from?
As we all know, incompatibilities between each BSD distribution make code sharing an arduous task. Research conducted at MIT found BSD's filesystem implementation to be "very poorly performing." Even BSD's acclaimed TCP/IP stack has lagged behind, according to this study.
...
Problems with BSD's codebase were compounded by fundamental flaws in the BSD design approach. As argued by Eric Raymond in his watershed essay, The Cathedral and the Bazaar, rapid, decentralized development models are inherently superior to slow, centralized ones in software development.
I am not going to argue with Eric Raymond... but I would like to point at the current OpenBSD hackathon. Centralized development...
Any achievements that BSD managed to make were nullified by the BSD license, which allows corporations and coders alike to reap profits without reciprocating the goodwill of open-source. Fortunately, Linux is not prone to this exploitation, as it is licensed under the GPL.
Fair enough, you can use the BSD code for anything... how does this nullify the achievements? It only means we are a little more caring and sharing than our Linux brethren.
The failure of BSD culminated in the resignation of Jordan Hubbard and Michael Smith from the FreeBSD core team. They both believed that FreeBSD had long lost its earlier vitality. Like an empire in decline, BSD had become bureaucratic and stagnant. As Linux gains market share and as BSD sinks deeper into the mire of decay, their parting addresses will resound as fitting eulogies to BSD's demise.
So if I read that right, two people left one branch of the BSD operating system (assuming the big three, Net, Open and Free) and BSD has failed? That's like saying Red Hat has become corporate, so Linux is failing?
I continually read
Its a pity I posted earlier, otherwise I would have modified this -10 [Fucking Stupid]... it would be nice to see someone actually consider what they post, rather than just posting blindly from one point or the other.
Incidentally, I have been using SuSE and debian for quite some time now, as well as all three BSD's. I'm not a guru, but I do have some experience...
Me failed English...
FreeBSD over Linux. If my comments seem odd, this may explain...
Sendmail was pretty much it in 1988. That is like saying the Christian church in 640AD called the Roman Catholic Church, uh, what other Christian church would it have been?
Click here or here.
dnl is simply "disregard until newline". It is a method to comment lines and end statements which can be followed by comments.
Click here or here.
sorry guys.
If you need text styles to communicate then you don't have a message.
a. How does encouraging people to seek one of several alternatives to a certain behaviour count as groupthink?
b. What in the world is "Most alternatives to sendmail are basically less functional sendmail clones" supposed to mean? That's like saying most web browsers are basically Mosaic clones. Maybe they are, maybe they aren't, depending how strictly you define "clone"; but really, what's it matter?
My comments:
1) Back in my day I wrote my own cf files from scratch. Sendmail complexity didn't scare me, but neither does Geometrodynamics. Like most things in life, complex problems in the real world rarely have simple solutions.
My observation: People pick the wrong tools to solve problems with. There are plenty of alternatives to Sendmail. Throwing a temper tantrum and removing it from a distro doesn't make the problems it was designed to handle go away.
Problems, that many alternatives still can't handle or scale well. Postfix is simple to set up because I don't use postfix with several different directory service systems, and have to format email addresses into non standard formats over a variety of transport mechanisms.
If and when Postfix or others can do these things, people will throw them aside as well and say they are too complex to setup.
2) Personally, I think this is a growing up issue. We are now seeing BSD, Linux leaving the engineering/science sectors and entering peoples homes and small businesses. You do not need sendmail on a desktop for example.
Althought, for myself who designs very complex mail systems, I run it on my personal laptop where it then forwards my mail when it senses I have a net connection.
3) Sendmail is one of the oldest pieces of software on the net. Often duplicated, but never dominated it will be here to stay to solve really complex mail problems.
People who say sendmail is complex and we shouldn't use it probably think the same thing about calculas. Calculas took about 3500 years to rediscover. You can figure out sendmail in about 30 days if you put some study and thought into it. But to say it is too hard like calculas, so we should not go to the moon, build better drugs through protein folding and what not is not a very good reason.
4) Personally I think distros are getting out of hand and are including a lot of stuff people do not need besides sendmail. I think package systems suck right now, but are improving. My favorite is yum right now. Whats yours? Do you think your grandma can operator your packaging system and pick what she needs to view that abc news clip on the web?
Better packaging systems are one of the frontiers of end user security that I think will help us go a long way to fixing security problems by keeping user machines free of cruft.
Sendmail and Postfix etc are cruft if the user doesn't need them.
Just my thoughts....
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
Future belongs to Postfix..
Good move.
I wish FreeBSD switch to PostFix too.
-Arabian CEO We Arab Portal Network http://www.WeArab.Net/
Just to correct a wrong statement in your article: Eric Allman
is not the author of sendmail X. See also the design document
(reachable via the webpage to which you linked).
You can certainly say with authority that sendmail 8 suffers from antique design and that it is difficult for n00bs to configure. You can accurately say that many of its features are effectively obsolete. But saying it's got a "poor security record" is just being ignorant.
He's involved, certainly, but you're right; he's not writing the code. And since ithey are OSS projects there are really many hands at work in all versions of sendmail currently available (sendmail X has chunks taken from OpenBSD in it).
Thanks for the clarification!
Hmm, looks like my sarcasm wasn't as obvious as I thought ...
I'm ignoring pre-2k security issues as that is older than five years ago.
1988 doesn't enter into the equation until after the equation is parsed. pre-2k refers to 2001-01-01, which is older than five years ago when he wrote the comment.
Do you work for SCO's legal team? Or do you just like to appear stupid and confused?
Infuriate left and right