Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sendmail Removed From NetBSD

Posted by ryuzaki0 on from the end-of-an-era dept.

Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

10 of 248 comments (clear)

  1. Sendmail is a pain in the ass by Chanc_Gorkon · · Score: 2, Interesting

    I hate Sendmail. With that said, when properly configured, Sendmail is excellent. Getting it that way takes a metric tonne of work! This is one Open Source instance I would PAY to get the commercial version (which has a web admin interface). The sendmail.cf file has to be THE most convulted config file on ANY UNIX. Period. It's WAYYYY to easy to set this up unsecure also(open relay anyone??).

    --

    Gorkman

  2. Why not overhaul sendmail? by Viol8 · · Score: 2, Interesting

    And I don't just mean removing exploits , I mean completely
    redesigning its config files so its a lot easier to set up
    and be made secure by non-gurus. There could always be a
    compat mode with the old .cf file for people who don't want
    to change. I don't understand why the guys behind sendmail
    have never done this since I've never found anyone who liked
    the .cf file or the alternative of writing .m4 files and then
    converting them into .cf (yuck , what a kludge).

  3. Re:The Security Concerns by jtshaw · · Score: 2, Interesting

    Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

    What I have witnessed a lot is people who run sendmail as an open relay because they don't know any better. Not to say you can't also configure qmail or postfix to be an open relay.

    The biggest reason I switched away from sendmail was I did lose data because of mbox file corruption on two occasions. Maildir is much better at protecting against that.

    Qmail/Qmail-Scanner/Qmail-SPP have been doing a great job for me for the last few years.

  4. Replacement? by meh13579 · · Score: 1, Interesting

    So what are they planning on replacing it with; if anything?

  5. Re:Provide examples by dskoll · · Score: 4, Interesting

    liliafan wrote: Postfix is based on sendmails codebase

    Completely wrong. Postfix was written from scratch; it shares no code with Sendmail.

    I still use Sendmail because Milter is a killer feature. It is the sweetest API for mail filtering/mangling/processing. I should note that Wietse Venema has started implementing Milter compatibility in Postfix, and I'm following that development eagerly.

  6. Re: by XPACT · · Score: 2, Interesting

    I am not the original poster, but I can give you some examples too. I had worked with Sendmail, Qmail, Postfix, Exim, Xmailserver and Zmail. I needed SMTP-AUTH and virtual users, virtual domains, same user names different domains etc. The last time I touched sendmail was version 8.12.something I guess, I was able to configure Sendmail the way I wanted after spending lot of time reading, it worked for me but I decided to try some other MTAs as well. I was abler to do the simular configuration with Qmail, I was not able to do it with Exim and Postfix, but to be quite honest I didn' spend much time with them. Didn't spend much time with Zmailer either. Then I have discovered Xmail. This thing is awesome!!!! It is all in one package and it is very easy to configure, it has a lot of add-ons. I have been using it for more than 2 years, never had a single problem. I did install from tarball archive not from RPM. I dont' recommend using RPM archives. http://www.xmailserver.org/

  7. WIZ backdoor by babanada · · Score: 3, Interesting

    Well, how many widely used MTAs are written by somebody that put in a backdoor? Sendmail wizard (WIZ) backdoor allows anonymous remote root access

    I go for Postfix these days, but Sendmail is infinitely configurable, even (Turing complete. Finally, Eric is All Man.

    As for the "getting hacked via sendmail issue", I've never known anybody that has, personally, or even a friend of a friend. I know more people that got hacked via SSH (some issue around 2000 or so, I forget, but it was bad).

    If I had complicated needs for an MTA, I would assume that Sendmail would be more likely to support those needs than any other MTA. Simplicity is better, though, if possible.

    --
    I never clip my fingernails for fear of dangling symbolic links.
  8. Re:Provide examples by Anonymous Coward · · Score: 1, Interesting

    Here's one: I run a MTA for load-testing another MTA's filters. It delivers to that MTA a blast of 10,000 messages at top speed over a private link, lets it run its filtering, and it delivers it on to its ultimate recipient, which is the box that just sent it (there should be a third destination box, but the sending doesn't interfere much). I ran sendmail to receive the message blast back, and it took 40 minutes at 96% CPU. Switching to Postfix, it went down to 5 minutes and that itself is I/O bound.

    Maybe it's just sendmail's default configuration, but it just doesn't handle load. Most ISP's still using sendmail have hacked it up and down for speed over the years, and just can't switch because of the deployment and migration headaches. Inertia, basically.

    Sendmail, BIND, and cron are from an era where neither security nor performance mattered, only reliability. Frankly, they have better competition on even the third front nowadays.

  9. Do I even need an MTA? by Halo- · · Score: 2, Interesting
    Okay, (deep breath)... I'm going to ask a question I really _should_ know the answer to: does the average user need an MTA anyway?

    I don't even send mail directly from my machines, and I've often wondered "what if I just removed sendmail completely?" Would a whole host of system admin packages (cron, logrotate, etc...) break? Or do they write to the spool directly?

  10. Re:Provide examples by Just+Some+Guy · · Score: 4, Interesting
    I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems).

    I do, or at least one of my clients does. He runs a reasonably high-volume ecommerce site, and has many (about 50,000) opted in subscribers to his newsletter. We tried our best to get Sendmail to play nicely with that volume, but the system would inevitably slow to a crawl for long periods of time whenever he sent a batch of mail (taking the webserver on the same machine with it). By our best, I mean that we tore through the bat book, tried delayed sending, created parallel queues with their own runners - everything we could find documented or rumored on Google and Usenet.

    After experimenting with Postfix on my personal servers, I convinced him to give it a shot. I installed it, ported over his Sendmail configuration, stopped one and started the other, and crossed my fingers.

    It worked.

    We confirmed that everything was working as expected, then he clicked the dreaded "Send now!" link. We watched as the outbound queue grew to 50,000 messages, then tailed maillog to watch them start spewing out at a record pace. Even though outbound traffic was heavy, the system never broke a sweat and the webserver kept chugging along happily.

    I like Sendmail and am quite comfortable digging around in its .mc files (.cf? Therefore but by the grace of God...), but Postfix showed me what a modern MTA is capable of. I've since switched every Sendmail installation in my responsibility over to Postfix and I've never regretted it for a minute.

    --
    Dewey, what part of this looks like authorities should be involved?