What is sendmail doing?

So? The major point is, base doesn't need a full-featured MTA, it just needs a tiny one with the most basic features (like local delivery and relaying to a "smarthost"). Or would you want Postfix or Exim to replace Sendmail in base? Would make little sense.

For all those who prefer sendmail, there's always mail/sendmail.
I think the minimalist dma is probably the best approach (see my comments below about my philosophy). People who want something a little more feature rich should choose one of the ports (postfix, exim, sendmail, or one of the others).

Personally, I use postfix. I've used it on my exterior gateway for a couple of decades and have switched all my machines, except one, to it this calendar year, with the last one running the sendmail port because I feel I should keep one sendmail machine around just to keep my hands dirty with it.

Regarding my base O/S philosophy, everything server-like except for the absolute essentials such as sshd should be moved to ports. This includes moving KRB5 KDC, ntp, full featured MTA (keeping dma), telnetd, ftpd, and all other daemons not needed for initial system setup, all moved to ports. People should be able to pick and choose what they want to run on their machines.
 
We need sendmail compiled with cyrussasl support. Do first:

# pkg install cyrus-sasl

Then recompile sendmail according to item 4 in:

https://docs.freebsd.org/en_US.ISO8859-1/books/handbook/SMTP-Auth.html

Yeah, brilliant start. You need additional packages because the first change made by the average user isn't supported by default, and then you have to recompile part of base.
This just backs up my point that configuring a basic feature that many people need is way more awkward than it should be.

To make it even more ridiculous, it would of been easier to *not* have sendmail in base, and for the instructions to just start with installing the sendmail package that has SASL enabled.
 
People don't condemn sendmail because of its functionality, that makes no sense. They condemn it because it's barely supported, difficult for anyone other than bearded sysadmins to use, and is complete nonsense to be part of base considering the mail functionality required in a standard system.
The reason sendmail is not supported like before was that the Sendmail corporation was sold to a company which incorporated it into their firewall/gateway appliance. They were subsequently purchased by another company. My hunch is that they're probably not sharing as much of the work they've put into it since then or maybe not even developing it as before because if it ain't broke, don't fix it. (I've worked for software development companies before. Those are the discussions management has, even over the objections of developers. It's about profitability.)
 
To make it even more ridiculous, it would of been easier to *not* have sendmail in base, and for the instructions to just start with installing the sendmail package that has SASL enabled.

The solution is, as I wrote before:

I think, instead of excluding sendmail, it should be upgraded for example to allow authentification. And cyrus
sasl is not acceptable, then also a replacement of it should be written.

Authentication on MTAs is since long a standard.
 
The reason sendmail is not supported like before was that the Sendmail corporation was sold to a company which incorporated it into their firewall/gateway appliance. They were subsequently purchased by another company. My hunch is that they're probably not sharing as much of the work they've put into it since then or maybe not even developing it as before because if it ain't broke, don't fix it. (I've worked for software development companies before. Those are the discussions management has, even over the objections of developers. It's about profitability.)

Yes I'm sure I looked into this years ago and it had effectively become closed software with maybe the odd fix here and there for the open source version.
 
  • Like
Reactions: cy@
zirias@,

The only thing dma(8) does not support is $HOME/.forward. This can be addressed by using /etc/mail/aliases.

There was some discussion about adding .forward support to our dma(8). I'm not enamoured with that idea because our dma(8) source diverges from DragonFlyBSD sources. I'd prefer we send them the patch so they can maintain it for everyone.

Note that Qmail doesn't support .forward either. An add-on package is required. I don't know how many others don't support it either. The major MTAs, Sendmail, Postfix, and Exim, do but I think support for .forward outside of them is a bit of hit and miss and probably not a big concern anyway. For those who do need it should install one of the three MTAs that do support it.
 
I think, instead of excluding sendmail, it should be upgraded for example to allow authentification. And cyrus
sasl is not acceptable, then also a replacement of it should be written.

Sorry but I absolutely disagree. The solution is to finally remove sendmail from base, a decade after it was first discussed, and get something small and simple that provides the basic requirements of local delivery and smtp forwarding and can be set up with a couple of simple config lines. Suggesting large changes to an already massively complex application built on decades of legacy code, that is basically the product of a commercial company these days, is insane, especially to anyone with even the slightest experience in software development.

It just needs a simple application with modern tls & auth subsystems built-in as fundamental parts of the initial software (i.e. dma), not shoe-horned in as an afterthought 4 decades later.

I don't get what the issue is. Even for die-hard sendmail users, you are literally better off with pkg add sendmail than you are with the one in base.
 
sendmail is a minimal program, really a small program, but people condemn it due to its huge functionality.
No, people condemn it because of its poor record of vulnerabilities, and the difficulty of configuration. I'm not an expert on MTAs but I've hung-out on mailing lists where there are people with the decades of full-time experience of them and I've never seen anyone recommend sendmail except for legacy installation and certain niche uses in large organizations. The usual recommendation is postfix which was designed from the start to be as secure as possible.

I'm not even keen on smtp forwarding because it's a potential gift to a hacker.
 
No, people condemn it because of its poor record of vulnerabilities, and the difficulty of configuration.
Other are not better, regarding vulnerabilities and configuration.

I tried to configure postfix and exim, ended with sendmail.

Exim had not long ago a big vulnerability, sendmail no one since many years.

People complain for complaining.
 
cy@ as I already mentioned, I do use dma for these simple requirements. I think a complete self-contained base system actually needs a (simple) MTA, e.g. for cron mail... but thinking about ~/.forward, that very much sounds like some extra feature really not needed for base.
 
  • Like
Reactions: cy@
cy@ as I already mentioned, I do use dma for these simple requirements. I think a complete self-contained base system actually needs a (simple) MTA, e.g. for cron mail... but thinking about ~/.forward, that very much sounds like some extra feature really not needed for base.
Probably just needs an UPDATING entry and a simple note in release-notes.
 
Back
Top