jrm@
Developer
This is an opinion piece by blakkheim (aka TJ), the former producer of the BSDNow poscast.
https://vez.mrsk.me/freebsd-defaults.txt
https://vez.mrsk.me/freebsd-defaults.txt
Really, really thank you jrm! It was very interesting and useful. I'm happy that I now know these aspects about FreeBSD and security in general!This is an opinion piece by blakkheim (aka TJ), the former producer of the BSDNow poscast.
https://vez.mrsk.me/freebsd-defaults.txt
We'll wait for his toughts about the topic!Hmm. Oko is going to love this one!
blakkheim obviously put a lot of time and thought into it, and it was reviewed by people who care about FreeBSD. Some of the points are subjective, but it's good to discuss them in a logical way so things move closer to the optimum.Really, really thank you jrm! It was very interesting and useful. I'm happy that I now know these aspects about FreeBSD and security in general!
Surely, a big thank to him and to all the people that put their efforts in it.blakkheim obviously put a lot of time and thought into it, and it was reviewed by people who care about FreeBSD.
Right!Some of the points are subjective, but it's good to discuss them in a logical way so things move closer to the optimum.
Do you have a link?I've seen an article similar to this elsewhere a while back.
They could of used something like sendmail_enable="LOCAL" for local only, and possibly even made that the default. That way, you get local delivery by default. If you actually want sendmail fully running and accepting remote connections you set it to YES, and if you want it completely off because you're using something else, you set it to NO.
No. I read it a year or two ago. It wasn't as old as yours.Do you have a link?
sendmail
installed as the SMTP default is a big plus for me. I've used sendmail
ever since there was a sendmail
. My access file is huge, built over a good 15 years. And the other configuration stuff I have in Solaris just moves right over to FreeBSD. bind
is not the default named
. No big deal to built from /usr/ports, I suppose. I don't know what unbound
does to performance, but Solaris has a similar caching setup that is slower than a caching bind
. I'm told Oko's spirited style pushed a moderator too far.
One reason for choosing FreeBSD (aside from having run a much older version years ago for a while) was that it's Unix---the real deal, not just another Windows/Mac replacement. To me, the less Linux stuff, the better.
I think he is quoting the T800.I liked him. He spoke loud and true.
So long Oko, so long... :/...
I think he is quoting the T800.
I'm going to beg to disagree with some of the suggestions made here.
The majority of users who don't want a mail server and just need to be able to submit mail to another system can just use whatever the modern lightweight replacement is. (Of course this is the only thing holding up removing Sendmail. I have no experience with OpenSMTPD so I don't know how well that would fit.
A similar discussion I read, years ago, (or was it in a book?) that gives the reason for all this. I don't recall much of it but, essentially, it had to do with the fact that there are thousands and thousands of users around the world who rely on all these things being there and it's part of what makes FreeBSD steady and reliable. Jumping on any new thing needs lots of proof of its reliability as well as lots of notice of a change which also requires lots of testing first.I don't really get the arguments against removing Sendmail