Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sendmail Removed From NetBSD

Posted by ryuzaki0 on from the end-of-an-era dept.

Derkjan de Haan writes "Christos Zoulas removed sendmail from the NetBSD source tree, after a lot of discussion about its security track-record. Sendmail will remain available from pkgsrc." But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

19 of 248 comments (clear)

  1. The Security Concerns by eldavojohn · · Score: 5, Informative
    Well, I don't think that a short note covered much at all on why they removed it so I did some investigative work. Disclaimer: I use sendmail although I am by no means an expert at it. I'm ignoring pre-2k security issues as that is older than five years ago.
    • A security alert from March of 2003 in which Sendmail has been determined to contain a buffer overflow vulnerability.
    • Another security alert from later that year.
    • A security alert also from 2003 regarding a remote buffer overflow.
    • A security alert from 2002 regarding a trojan horse horse sendmail distro.
    • Some freebsd specific Sendmail alerts.
    • A security alert from March of 2006 (this year) regarding a race condition that may allow remote code execution by an arbitrary user.
    • A plethera of similar or smaller security concerns can easily be found.
    • The most recent release of Sendmail involves things like fixing possible integer overflows & unsafe use of setjmp(3)/longjmp(3) or adding time outs.

    As you can see with above security concerns, Sendmail has had significant historical problems but they have been active in rectifying these problems. If you have the time to patch often, Sendmail most probably will provide you with one of the safest mail transfer agents out there.

    The largest concern seems to be the possibility of being compromised via a remote connection. If you're not using it, simply turn off the Sendmail Daemon. And I think that's why they removed it from NetBSD. Some idiot like myself might install NetBSD and leave that sucker listening on port 25. Now, there are no problems immediately because I'll have the latest version but I'm lazy and I don't patch NetBSD regularly so a few security alerts come out and then ... well, you know the rest.

    Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?
    --
    My work here is dung.
    1. Re:The Security Concerns by Anonymous Coward · · Score: 5, Funny
      Funny thing is, I've never heard of anyone losing data or being hacked due to Sendmail. Perhaps it's because the last place I saw it used widely was college?

      Some time ago there was a 'hacker' movie made here in Poland. And there was a rather funny scene, where two main characters were trying to break into some server. Best part below:

      (from memory)
      H1: Wow, this thing is a real fortress...
      H2: Did you try to get through sendmail using emacs?
    2. Re:The Security Concerns by arivanov · · Score: 4, Insightful
      Honestly, I've never heard of anyone being hacked through sendmail either.. but that doesn't mean it didn't happen.

      I had. Several times back in 1996. Made me switch to qmail and after that to exim.

      As far as sendmail is concerned it is a good MTA provided that:

      • You have the money to pay for every edition of the "Hanging Bat" as it comes out. No point to even try doing anything moderately complex without it. Similarly you have to be a kbd+book person. Not all admins are.
      • You work for a large corp or edu which has fairly complex mail handling requirements. Less complex cases can happily get around using Exim or Postfix.
      • You intend to buy commercial software for some functions. The choice for commercial interfacing of archiving, compliance, AV, AntiSPAM on Unix is between milter and milter. Very few products interface into something else like exim filters.
      --
      Baker's Law: Misery no longer loves company. Nowadays it insists on it
      http://www.sigsegv.cx/
    3. Re:The Security Concerns by dodobh · · Score: 4, Informative

      http://www.postfix.org/postconf.5.html#canonical_m aps
      http://www.postfix.org/generic.5.html
      http://www.postfix.org/ADDRESS_REWRITING_README.ht ml
      http://www.postfix.org/transport.5.html

      Pretty trivial stuff.

      --
      I can throw myself at the ground, and miss.
  2. Let the qmail flamery begin! by Gothmolly · · Score: 5, Funny

    Now we will descend into a flamewar of qmail vs. courier vs. whateverMTAyouuse. Gentlement, choose one or more of your arguments:

    Qmail is more secure.
    Yes, the qmail author is a (code wizard|douchebag|weird academic) so I (will|will not) use qmail.
    Courier is cooler because it includes an IMAP server in its distribution.
    Sendmail is fine these days, its just the n00bs that admin it that make it broken.
    Yeah but so is Windows.
    So's your mother.
    I run on so I'm not affected.
    I outsourced my email to gmail and (couldn't be happier|hate it|Google rules|Google is teh evil).
    BSD is dying.
    BSD is alive.

    --
    I want to delete my account but Slashdot doesn't allow it.
  3. sendmail.cf test by cowbutt · · Score: 4, Insightful
    But without sendmail.cf foo, how will we distinguish between the best admins and the mediocre? Sendmail was more useful as a litmus test than as an MTA ;)

    In that the mediocre admins will bodge some hacks into sendmail.cf to make sendmail appear to perform the job they need it to, whilst the best admins will take the presence of sendmail.cf as an indication that they need to remove sendmail and replace it with something that's actually fit for purpose? :-P

    1. Re:sendmail.cf test by tqbf · · Score: 4, Insightful

      Exim is not a secure replacement for Sendmail. qmail and Postfix were both designed explicitly for security, and include:

      1. Privilege seperation
      2. Rewritten IO and string libraries
      3. Minimal-privilege SMTP listeners
      4. The backing of a security luminary (Bernstein or Venema)

      Exim was designed as a modernized SMail. It's got the same monolithic architecture as Sendmail has, meaning security vulnerabilities in Exim are less survivable than they are in qmail or Postfix, where a buffer overflow (none of which have ever been found, unlike in Exim) only gets you a one-off UID.

      I don't know how Exim has managed to brand itself as one of the "secure MTAs", but it's just a marketing trick.

  4. They did overhaul sendmail. by Trigun · · Score: 5, Informative

    And named it postfix.

  5. Unintentional humour by WalterGR · · Score: 4, Funny

    Did a little googling for sendmail.cf - the sendmail configuration file - and found this gem. The unintentional humour on the last line is hilarious:

    The sendmail.cf has long been renowned for sending system administrators away fleeing in panic...

    Just take a look at it on any system; it has traditionally been described as looking like an explosion in a punctuation factory.

    The good news is that things are much worse than they look.

    --
    The Online Slang Dictionary
  6. Well by Anonymous Coward · · Score: 5, Funny

    I run Windows, so thankfully I don't have to worry about this kind of security issue.

  7. Best way to measure Bat Book size? by Anonymous Coward · · Score: 5, Funny
    1. number of pages.
    2. thickness.
    3. Schwarzchild radius.
  8. Re:Sendmail is a pain in the ass by nullset · · Score: 4, Insightful

    Do you complain about how complex C is because editing object files (.o) is hard?

    sendmail.cf is a compiled file. If you configure sendmail with m4, the way it's supposed to be done, it's not that hard.

    ttyl,

    --buddy

  9. Re:What's the alternative? by jmcneill · · Score: 4, Informative

    On a default NetBSD installation where does the cron output go?

    Postfix has been in the tree for a while, and will now be the default MTA.

  10. 8 years after "The Worm" Snedmail is closed by sgent · · Score: 4, Informative
    You've never heard of a security issue with sendmail??!!!?? Time for a history lesson. Although obviously fixed now, Sendmail was the main culprit in the first internet worm ever found in the wild.

    The Internet Worm of 1988 -- Introduction by Francis Litterio

    The below document tells the story of the Internet Worm of 1988 and how it effectively shut down the Internet. I didn't write it, but it's hard to find it on the net these days, so I offer it here on the theory that those who fail to learn from history are doomed to repeat it.

    I remember when it happened. It was a big deal to computer people like me, but in 1988 the Internet was unknown even to the most sophisticated media reporters, and the World Wide Web had not been invented yet. I remember the NBC Evening News devoting less than 30 seconds to the topic. If an equally severe disruption of the Internet were to happen today, the President of the United States would probably hold a press conference to calm the nation.

    Google Cache to the Article by Don Seeley, Univ. of Utah

  11. Re:Sendmail is a pain in the ass by Megane · · Score: 4, Informative
    That's the new configuration process.

    Then it's at least nine years new. The second edition of the bat-book dates to January 1997. (I don't think I've ever seen a copy of the first edition, so I don't know if the m4 config is as old as late 1993.) I've been using the m4 config since early 2000 when I first got fixed IP DSL.

    Anyhow, in my experience, Sendmail also won't work right if your DNS is broken. Both the IP and MX records have to be right.

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  12. Re:Provide examples by dskoll · · Score: 4, Interesting

    liliafan wrote: Postfix is based on sendmails codebase

    Completely wrong. Postfix was written from scratch; it shares no code with Sendmail.

    I still use Sendmail because Milter is a killer feature. It is the sweetest API for mail filtering/mangling/processing. I should note that Wietse Venema has started implementing Milter compatibility in Postfix, and I'm following that development eagerly.

  13. Re:Provide examples by Kadin2048 · · Score: 4, Informative

    Personally, I use Postfix. It's Free, it's intelligently designed (by this guy, if you were wondering), it's much easier to set up to be secure, and it has a certain level of Sendmail compatibility, so that older programs that assume you're running Sendmail don't barf when you switch.

    The biggest architectural difference between Sendmail and Postfix is that Postfix has many small executables (arguably, many not-so-small executables) while Sendmail is monolithic. From a user's perspective this is basically transparent: the biggest benefit to a sysadmin of running Postfix is the config files, which are as close to being self-explanatory as a MTA config file can be, in my opinion.

    Sendmail always struck me as a bit of a challenge to set up securely/properly (i.e. "not an open relay"); Postfix is pretty simple to get going securely, and has well-chosen default parameters (at least as I've seen it installed, on Debian) that let you set up a server that won't be immediately spewing Russian penis-enlargement emails quickly. I've never tried to set up Sendmail with SSL support, but I'm going to go out on a limb and guess that it's easier to do this with Postfix as well.

    I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems). Plus I use flat mbox files and the situation may be totally different with the more modern database-type mailstores. (Yeah, yeah, I know -- 1986 called and they want their file format back and all that. But it works for me.)

    There are other choices out there for MTAs, and I'm sensitive to arguments in favor of them and I'm not trying to say that Postfix is necessarily the best possible thing out there for everyone, but at least in my experience it beats the hell out of Sendmail. If somebody wants to jump in here and discuss qmail or exim, and why they think they're great, please do.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  14. Re:Replacement? by perry · · Score: 4, Informative

    Postfix was made the default mailer.

  15. Re:Provide examples by Just+Some+Guy · · Score: 4, Interesting
    I can't personally vouch for its speed, because I don't run a high-volume mailserver, nor do I have the hardware to really give the MTA that much of a workout (it just becomes disk-bound on my systems).

    I do, or at least one of my clients does. He runs a reasonably high-volume ecommerce site, and has many (about 50,000) opted in subscribers to his newsletter. We tried our best to get Sendmail to play nicely with that volume, but the system would inevitably slow to a crawl for long periods of time whenever he sent a batch of mail (taking the webserver on the same machine with it). By our best, I mean that we tore through the bat book, tried delayed sending, created parallel queues with their own runners - everything we could find documented or rumored on Google and Usenet.

    After experimenting with Postfix on my personal servers, I convinced him to give it a shot. I installed it, ported over his Sendmail configuration, stopped one and started the other, and crossed my fingers.

    It worked.

    We confirmed that everything was working as expected, then he clicked the dreaded "Send now!" link. We watched as the outbound queue grew to 50,000 messages, then tailed maillog to watch them start spewing out at a record pace. Even though outbound traffic was heavy, the system never broke a sweat and the webserver kept chugging along happily.

    I like Sendmail and am quite comfortable digging around in its .mc files (.cf? Therefore but by the grace of God...), but Postfix showed me what a modern MTA is capable of. I've since switched every Sendmail installation in my responsibility over to Postfix and I've never regretted it for a minute.

    --
    Dewey, what part of this looks like authorities should be involved?