Sendmail Error at Boot
Robert Simmons
rsimmons0 at gmail.com
Mon Jan 27 07:40:52 UTC 2014
On Mon, Jan 27, 2014 at 2:28 AM, Matthew Seaman <matthew at freebsd.org> wrote:
> On 27/01/2014 03:19, Robert Simmons wrote:
>> Why is this not part of the install?
>
> Sendmail in base doesn't come configured to use TLS by default, although
> the appropriate capabilities are compiled in to the binaries.
>
> I've no idea why enabling TLS isn't the default -- seems like a
> no-brainer in this day and age. It would require generating a key and
> (self-signed) cert on first startup after installation, much like the
> way SSH keys are generated, but so long as the problems with startup
> entropy availability have been satisfactorily sorted out (which I
> believe they have) I can't see any huge problem with that.
Thanks for the explanation. I agree with the no-brainer. Last week the
keynote at ShmooCon was Ian Golberg, and one of the main points of his
talk was that nothing should ever be sent over a network in plaintext
from now on. And there should not be a choice of two protocol
versions, one encrypted and one plaintext, because a non-zero number
of users will choose plaintext.
More information about the freebsd-questions
mailing list