Slashdot Mirror
Sendmail Removed From NetBSD
Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)
As you can see with above security concerns, Sendmail has had significant historical problems but they have been active in rectifying these problems. If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.
The largest concern seems to be the possibility of being compromised via a remote connection. If you're not using it, simply turn off the Sendmail Daemon. And I think that's why they removed it from NetBSD. Some idiot like myself might install NetBSD and leave that sucker listening on port 25. Now, there are no problems immediately because I'll have the latest version but I'm lazy and I don't patch NetBSD regularly so a few security alerts come out and then
Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?
My work here is dung.
It is about time that this archaic MTA gets the boot. I did so on my servers a few years ago. Configuration and security are a nightmare and it didn't have to be that way.
My
I just don't believe it...
Happiness is like peeing yourself. Everybody can see it but only you can feel its warmth.
I hate Sendmail. With that said, when properly configured, Sendmail is excellent. Getting it that way takes a metric tonne of work! This is one Open Source instance I would PAY to get the commercial version (which has a web admin interface). The sendmail.cf file has to be THE most convulted config file on ANY UNIX. Period. It's WAYYYY to easy to set this up unsecure also(open relay anyone??).
Gorkman
And I don't just mean removing exploits , I mean completely .cf file for people who don't want .cf file or the alternative of writing .m4 files and then .cf (yuck , what a kludge).
redesigning its config files so its a lot easier to set up
and be made secure by non-gurus. There could always be a
compat mode with the old
to change. I don't understand why the guys behind sendmail
have never done this since I've never found anyone who liked
the
converting them into
Now we will descend into a flamewar of qmail vs. courier vs. whateverMTAyouuse. Gentlement, choose one or more of your arguments:
Qmail is more secure.
Yes, the qmail author is a (code wizard|douchebag|weird academic) so I (will|will not) use qmail.
Courier is cooler because it includes an IMAP server in its distribution.
Sendmail is fine these days, its just the n00bs that admin it that make it broken.
Yeah but so is Windows.
So's your mother.
I run on so I'm not affected.
I outsourced my email to gmail and (couldn't be happier|hate it|Google rules|Google is teh evil).
BSD is dying.
BSD is alive.
I want to delete my account but Slashdot doesn't allow it.
In that the mediocre admins will bodge some hacks into sendmail.cf to make sendmail appear to perform the job they need it to, whilst the best admins will take the presence of sendmail.cf as an indication that they need to remove sendmail and replace it with something that's actually fit for purpose? :-P
And named it postfix.
Did a little googling for sendmail.cf - the sendmail configuration file - and found this gem. The unintentional humour on the last line is hilarious:
The Online Slang Dictionary
The entity that was Sendmail, last manifestation of Chaos which would remain with this new distribution as it grew, looked down on the corpse the system administrator and smiled.
'Farewell, friend. I was a thousand times more evil than thou!'
And then it leapt from NetBSD and went spearing upwards, its wild voice laughing mockery at System Security; filling the universe with its unholy joy.
"Total destruction the only solution" - Bob Marley
I run Windows, so thankfully I don't have to worry about this kind of security issue.
The purpose of sendmail is to transfer mail from host A to host B, not to be a filter against mediocre SysAdmin.
I think that sendmail.cf is the worst written configuration file and a good SysAdmin has edited the SECOND part of it almost once, but never twice because the second time he removed sendmail and installed something better.
On a default NetBSD installation where does the cron output go?
Postfix has been in the tree for a while, and will now be the default MTA.
<grammar-nazi>
On his development box, he used to keep the source code to unpublished exploits in his home directory that effected the current version of sendmail.
So the unpublished exploits actually brought about the current version of sendmail? That explains quite a lot actually.
Here is a description of the difference between "effect" and "affect."
</grammar-nazi>
The Internet Worm of 1988 -- Introduction by Francis Litterio
The below document tells the story of the Internet Worm of 1988 and how it effectively shut down the Internet. I didn't write it, but it's hard to find it on the net these days, so I offer it here on the theory that those who fail to learn from history are doomed to repeat it.
I remember when it happened. It was a big deal to computer people like me, but in 1988 the Internet was unknown even to the most sophisticated media reporters, and the World Wide Web had not been invented yet. I remember the NBC Evening News devoting less than 30 seconds to the topic. If an equally severe disruption of the Internet were to happen today, the President of the United States would probably hold a press conference to calm the nation.
Google Cache to the Article by Don Seeley, Univ. of Utah
Postfix is based on sendmails codebase, with much stronger security features and a lot of the more complex configuration hidden away. It is very fast and featureful.
Qmail is a fairly secure pretty fast MTA it is very modular and very suited to sites with multiple domains to handle.
There is others such as exim, james, etc but Sendmail, Postfix and Qmail are the 3 biggest I think next would be exim (it used to be the default in debian I don't know if it still is).
Personally I would recommend postfix if you are handling just your own email, I use postfix, courier-imapd, spamassassin, amavisd, clamav, maildrop, and procmail and I haven't had a single security incident on my system (knock on wood), additionally I have about a 99% success rate catching spam with almost no false positives.
GeekServ Unix Consulting Services (http://www.geekserv.com)
liliafan wrote: Postfix is based on sendmails codebase
Completely wrong. Postfix was written from scratch; it shares no code with Sendmail.
I still use Sendmail because Milter is a killer feature. It is the sweetest API for mail filtering/mangling/processing. I should note that Wietse Venema has started implementing Milter compatibility in Postfix, and I'm following that development eagerly.
Personally, I use Postfix. It's Free, it's intelligently designed (by this guy, if you were wondering), it's much easier to set up to be secure, and it has a certain level of Sendmail compatibility, so that older programs that assume you're running Sendmail don't barf when you switch.
The biggest architectural difference between Sendmail and Postfix is that Postfix has many small executables (arguably, many not-so-small executables) while Sendmail is monolithic. From a user's perspective this is basically transparent: the biggest benefit to a sysadmin of running Postfix is the config files, which are as close to being self-explanatory as a MTA config file can be, in my opinion.
Sendmail always struck me as a bit of a challenge to set up securely/properly (i.e. "not an open relay"); Postfix is pretty simple to get going securely, and has well-chosen default parameters (at least as I've seen it installed, on Debian) that let you set up a server that won't be immediately spewing Russian penis-enlargement emails quickly. I've never tried to set up Sendmail with SSL support, but I'm going to go out on a limb and guess that it's easier to do this with Postfix as well.
I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems). Plus I use flat mbox files and the situation may be totally different with the more modern database-type mailstores. (Yeah, yeah, I know -- 1986 called and they want their file format back and all that. But it works for me.)
There are other choices out there for MTAs, and I'm sensitive to arguments in favor of them and I'm not trying to say that Postfix is necessarily the best possible thing out there for everyone, but at least in my experience it beats the hell out of Sendmail. If somebody wants to jump in here and discuss qmail or exim, and why they think they're great, please do.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I sort of agree with you. I'd like Novell to put out something like an official SLICK which would be optimized for GUI-less implementations and built to run in the smallest footprint possible (ie. less than 50M). If it was included as an option in the stock SuSE, then wow. Now, as for spending 2-3 hours running rpm -ev / yast pulling packages from SLES to make it usable, somehting isn't right there. First off, you should have setup a test server to determine your needs. Once that's done, create an AutoYast install script (think RH KickStart) to do your production installs (eg. yast2 autoyast). Second, even if unneeded pacakges are installed, you can easily disable the cruft services you don't need in Yast->System->Services, I'd guess in under 5 minutes start to finish.
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
Sendmail was more useful as a litmus test than as an MTA ;)
Actually, that was UUCP. Back when you couldn't just search the web for documentation, if you wanted to get UUCP running you had to figure it out yourself. If you could do a full mesh of three machines into a UUCP network then you were a guru indeed.
Tired of FB/Google censorship? Visit UNCENSORED!
I don't much like sendmail, and there are better alternatives for the overwhelming majority of cases (particularly as far as standard installs go).
Here's hoping that this move by NetBSD is a sign that even more Unix-like operating systems and distributions will take this approach. The time has come for sendmail to be an option, not the default.
I am not the original poster, but I can give you some examples too. I had worked with Sendmail, Qmail, Postfix, Exim, Xmailserver and Zmail. I needed SMTP-AUTH and virtual users, virtual domains, same user names different domains etc. The last time I touched sendmail was version 8.12.something I guess, I was able to configure Sendmail the way I wanted after spending lot of time reading, it worked for me but I decided to try some other MTAs as well. I was abler to do the simular configuration with Qmail, I was not able to do it with Exim and Postfix, but to be quite honest I didn' spend much time with them. Didn't spend much time with Zmailer either. Then I have discovered Xmail. This thing is awesome!!!! It is all in one package and it is very easy to configure, it has a lot of add-ons. I have been using it for more than 2 years, never had a single problem. I did install from tarball archive not from RPM. I dont' recommend using RPM archives. http://www.xmailserver.org/
Postfix was made the default mailer.
It's still garbage. Sample "improved" sendmail config:
Sample postfix config:
I know which I'd rather edit. I mean, without looking at the manual, I've no idea what that dnl crap is about.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Well, how many widely used MTAs are written by somebody that put in a backdoor? Sendmail wizard (WIZ) backdoor allows anonymous remote root access
I go for Postfix these days, but Sendmail is infinitely configurable, even (Turing complete. Finally, Eric is All Man.
As for the "getting hacked via sendmail issue", I've never known anybody that has, personally, or even a friend of a friend. I know more people that got hacked via SSH (some issue around 2000 or so, I forget, but it was bad).
If I had complicated needs for an MTA, I would assume that Sendmail would be more likely to support those needs than any other MTA. Simplicity is better, though, if possible.
I never clip my fingernails for fear of dangling symbolic links.
Sendmail is pre-Internet. It was built to route mail between BITNET, UUCP, ARPAnet, JAnet, and so on, all of which had different e-mail syntax. That's why it has a big slow crufty macro engine that every message goes through, and that's why it rewrites the headers of e-mail passing through it. None of that is necessary or desirable these days. Most of sendmail's other problems, from lack of speed to poor security, flow from that initial design decision, so you really need to start again from scratch with a simple e-mail parser and build up from there.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Actually, Mr Grammar Nazi, what he said was correct, it probably just wasn't what he meant.
Exploits that are found and patched DO bring about a new version of the software. It's usually mixed in with a bunch of other patches, but it's there.
Maybe you should calm down and simply laugh at people that have no idea what they are saying, instead of pointlessly screaming at them. They don't CARE or they'd have made sure they had it right the first time.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Wine+Exchange 2000
I too love NetBSD, but shipping with both vi and ed is stupid. Personally, I don't think an editor should be included at all, since pkgsrc makes adding one trivial.
I don't even send mail directly from my machines, and I've often wondered "what if I just removed sendmail completely?" Would a whole host of system admin packages (cron, logrotate, etc...) break? Or do they write to the spool directly?
The main reason an MTA is included is because of the daily (and weekly, monthly) cron jobs that email their output to root. As one of the daily jobs is /etc/security (which compares the checksum, permissions, and timestamps of a list of system files to known values, among other things), this is a good thing. (It's also a good idea to put audit-packages in security.local, and download-vulnerability-list in daily.)
::1 -- you have to manually configure it (insert sendmail.cf snark) to listen on physical interfaces.
Just an FYI, on both NetBSD and OpenBSD (and also FreeBSD, AFAIK), the out-of-the-box configuration has sendmail listening only on 127.0.0.1 and
While pkgsrc does make installation very easy, the stuff in base undergoes more throrough audits, and usually has {Net,Open,Free}BSD-specific patches to it. While pkgsrc includes patches as well, those are usually just what's sufficient to make it run on $platform.
"It's better to keep your mouth shut and be thought a fool than to open it and remove all doubt."
I do, or at least one of my clients does. He runs a reasonably high-volume ecommerce site, and has many (about 50,000) opted in subscribers to his newsletter. We tried our best to get Sendmail to play nicely with that volume, but the system would inevitably slow to a crawl for long periods of time whenever he sent a batch of mail (taking the webserver on the same machine with it). By our best, I mean that we tore through the bat book, tried delayed sending, created parallel queues with their own runners - everything we could find documented or rumored on Google and Usenet.
After experimenting with Postfix on my personal servers, I convinced him to give it a shot. I installed it, ported over his Sendmail configuration, stopped one and started the other, and crossed my fingers.
It worked.
We confirmed that everything was working as expected, then he clicked the dreaded "Send now!" link. We watched as the outbound queue grew to 50,000 messages, then tailed maillog to watch them start spewing out at a record pace. Even though outbound traffic was heavy, the system never broke a sweat and the webserver kept chugging along happily.
I like Sendmail and am quite comfortable digging around in its .mc files (.cf? Therefore but by the grace of God...), but Postfix showed me what a modern MTA is capable of. I've since switched every Sendmail installation in my responsibility over to Postfix and I've never regretted it for a minute.
Dewey, what part of this looks like authorities should be involved?