Procmail Vulnerabilities check

Chris H portmaster at BSDforge.com
Sun Dec 10 22:57:17 UTC 2017


On Sun, 10 Dec 2017 14:49:02 -0700 "Adam Weinberger" <adamw at adamw.org> said

> > On 10 Dec, 2017, at 10:11, Steve Kargl <sgk at troutmask.apl.washington.edu>  
> > wrote:
> >
> > On Sun, Dec 10, 2017 at 01:21:13PM +0000, Matthew Seaman wrote:
> >> Hence the current sendmail in base is neither fish nor fowl: way
> >> overpowered for almost all installations, but with significant
> >> limitations for a machine providing a full-blown mail service.
> >> Personally I agree with his reasoning: unless the primary function of
> >> your FreeBSD machine is to be an MTA, you really don't need any more
> >> capability than to either deliver to a local mailbox, or forward all
> >> e-mails to a smart host.  Certainly you don't need anything capable of
> >> receiving incoming e-mails.
> >
> > I disagree.  FreeBSd used to pride itself on being a complete operating
> > system oout-of-the-box.  Lately, a smaller number of developers are
> > moving FreeBSD to being a kernel with a bunch of add-on software.
> >
> > dma(1) does not support a .forward file and by extension vacation(1).
> > Without .forward, then those of use who use procmail(1) (subject of
> > this email thread) in .forward and by extension spamassisin are
> > hosed.
> >
> > Chapter 27 of the FreeBSD Handbook would need to be rewritten before
> > sendmail can be removed.  It is assumed that sendmail is installed
> > with base.
> 
> Hi Steve,
> 
> I agree with you about the merits of FreeBSD providing a complete system  
> out-of-the-box. But of all the mail servers out there, sendmail is the most 
> 
> archaic and arcane. Sendmail is used primarily by people who are intimately 
> 
> familiar with it over a long history, and simply isn’t a great choice for 
> 
> people getting into mail servers. I’d rather see sendmail installable  
> through ports, and replaced in base with a better solution. Sendmail is too 
> 
> difficult to configure correctly; we should keep it trivial to install  
> (i.e. ports) for those who prefer it, but it shouldn’t be our primary  
> recommendation for users looking for a new MTA.
> 
> DMA is a phenomenal program and is totally sufficient for a large  
> percentage of our user-base. I wasn’t aware of the lack of .forward  
> support, and I completely agree that that’s a very detrimental omission.
> 
> # Adam
OK I'm puzzled a bit. FreeBSD' motto has always been:
FreeBSD
The power to serve!

but many of the proposed, and recent changes/removals end up more like:
FreeBSD
I's castrated!

IOW
Why the big push to eliminate perhaps it's biggest attributes. FreeBSD
has always been a *server* out-of-the-box. This should never change.
You need something other than a server? You can install almost every
other OS/distro. Let's also not forget, that if you need a FreeBSD
/desktop/ one need only look at the fork to accomplish just that
http://www.desktopbsd.net/
Want to produce a FreeBSD desktop from the FreeBSD source?
https://www.freebsd.org/doc/en/books/handbook/x11-wm.html
from the handbook. There's also much documentation on all the other
possibilities regarding more lightweight alternatives to the
applications installed in $BASE.

You don't want Sendmail installed by/as default? FreeBSD *already*
provides that option in src.conf(5):
WITHOUT_SENDMAIL=true
and a myriad of other possibilities -- including the addition of
things from ports(7)!
Please, let's not attempt to dilute FreeBSD' biggest strengths/
value anymore that has already been done. FreeBSD' strongest
attribute is it's being quite possibly, the best server installation
out-of-the-box -- certainly the closest POSIX server out-of-the-box.
Why remove it's best selling point/attribute?

--Chris




More information about the freebsd-ports mailing list