Is mail/fdm good? It uses an ISC License. I've read that sendmail is not a secure MTA. OpenBSD uses mail/opensmtpd, which is available for FreeBSD, but it only uses smtp.
You guys shouldn't assume that, as users, your needs are the same as corporations, ISPs, server farms, etc.
sendmail
goes, it works out of the box. And I like getting the reports on a local mail spool, as they can be dealt with individually with a simple mail reader like mutt
. Boosting up the configuration to work as a incoming/outgoing MTA is, for the most part, adding As I recall, without a FQDN it will give errors on bootup. So no, it still doesn't quite work out of the box.I think that so far as the current FreeBSD default sendmail goes, it works out of the box.
As I recall, without a FQDN it will give errors on bootup. So no, it still doesn't quite work out of the box.
Of course. So?Entering a FQDN is part of the installation.
Of course. So?
My needs are "the same as corporations, ISPs, server farms etc." but without a large user base. To get down to brass tacks, I think there are two questions that need to be answered:
1. Should an O/S rely on its security resources to run "bare" on an outside network, without a hardware appliance between it and the outside? I've experimented with that, and while it's a chore, it's risky. Problem for the SOHO user is that a really good small security appliance isn't well-supported by the consumer device market. I use Fortinet Fortigate 60's, which are not cheap, and overkill for my needs---but they do a real job at blocking the script kiddies.
While setting up a Fortigate to protect a Windows system is fairly quick and simple, the moment you start adding an MTA and an HTTP server, you've got to get an appropriate configuration. Some of the needed resources require command-line programming.
Not sure about the current Cisco ASA's, but I think that they also require a lot of command-line configuration.
2. How much is it reasonable to expect a "systems administrator" to do in O/S configuration? When I read the Mailman support mail lists and a few other places, I get the impression that many people employed as "systems administrators" expect to install pre-built binaries and use point-and-click GUI tools.
YepSo sendmail comes up on a fresh install, if it was done by the book.
+1I agree that OpenSSL should be exiled from base, specially now that we have much better solutions
I agree that OpenSSL should be exiled from base, specially now that we have much better solutions. But things are done for a reason and some of the other points seem a lot like "Why is FreeBSD not OpenBSD?".
pkg install openssl/libressl
as the first step in a freshly installed system to get those working but as it happens pkg(8) itself relies on SSL/TLS...Ideally you would just pkg install openssl/libressl as the first step in a freshly installed system to get those working but as it happens pkg(8)itself relies on SSL/TLS...
Same with Sendmail. I would never suggest having no built-in email functionality at all, but to me it makes much more sense to provide Sendmail as a package, and just have a minimal SMTP client and local delivery agent in base.
Sendmail dependency on a FQDN.
Thanks kpa. I'll defer to your better knowledge. It has been a little while since I did an install, but I could have sworn I was getting an error message at boot when I only had a single name, and that adding a full name solved that. In fact it would stop and wait for a timeout before continuing.This is not true. Sendmail only depends on hostname that resolves to an address, any address. The hostname can be just joe and as long as that name resolves to an address through the resolver(3) Sendmail is happy. All MTAs have the same basic requirement, even the most minimal ones. They need to know the name of the system they are running on to properly fill in the header values in emails.
I agree but how to actually do it? There are many many utilities in base that absolutely need SSL/TLS support out of the box such as fetch(1).
Ideally you would just pkg install openssl/libressl as the first step in a freshly installed system to get those working but as it happens pkg(8) itself relies on SSL/TLS...
Who knows if this project is still alive and worked on?Some of these complaints should be moot soon with the (hopeful) arrival of base packages in 11. It sounds like there will be easy, fine-grained control for swapping out things like sendmail and openssl.
Yes, saw this. Along with these links:Hm, looking at the PkgBase wiki entry, you can read about these "kinks", and the impression is that, yes, it's alive, but just a little bit .
After discussing with the team, we're going to go ahead and abandon this revision. While we wanted to see something usable happen in this space, it's just not cost or time effective to spend far more effort fighting politics than the actual implementation took. We will continue using a non-package solution for our products for the future.
This is not PkgBase, it was an attempt to "integrate" base into ports. There are good reasons not to do this (and probably other good reasons why it was attempted as well). Talking about "politics" is nothing but a code for not accepting the counter arguments.The disturbing phrase there is "fighting politics".