Scott van Looy wrote:
It is trivially easy to uncomment a line
and configure sendmail to connect to external ports.
Sorry, Rahul, I have to disagree with you there.
It is not trivially easy for normal human beings
to change anything in sendmail.
I managed, and I'm normal.
How many windows boxes are currently sending mail quite happily to you
as spam? And you think sendmail should be allowed to do the same?
Beg your pardon? First, the windows exploits tend to install their own
mail sender which has nothing to do with this situation, and second,
sendmail is already allowed to send everywhere in the default setup.
People who can't work a computer shouldn't be allowed to work one.
People who can't work Linux shouldn't be allowed to use it. Just like
people who don't know how to drive a car shouldn't be allowed to use
one. Not until they've been taught, right?
We aren't talking about using a computer or car, we are talking about
configuring it. This is like delivering a car with the brake lines in
the back seat and claiming that you will be a better driver if you
muddle through bolting some parts on yourself and getting the air out of
the brake fluid. My opinion is that such things are better handled by
the experts that have some experience.
But this is the real world, innit?
Sendmail has been exploited in the past. It's quite well known for
having been exploited lots in the past.
As has the kernel, sshd, named, and just about everything else. What's
your point here? Bugs get fixed and we move on. If you remember all of
those things sendmail used to be criticized for - they've all been fixed.
> And it's not just a user's
machine that gets compromised, it causes huge problems when a MTA is
compromised and used as an open relay for instance.
The access file keeps sendmail from being an open relay - and has for
quite a long time. It is much easier to understand than sendmail.mc or
sendmail.cf.
So no, in my humble
opinion, as a fedora user, I'd say yes, I prefer that it's not running
on external ports by default.
Nobody says it should run that way by default or without the user
knowing it - just that a distribution should not make a user edit a
config file directly to undo a change that they won't find mentioned
anywhere in the upstream application's documentation or examples. Or
even in the distribution's own documentation outside of the config file
itself.
Because if an exploit is discovered then
the people actually running sendmail externally will be aware that they
are and can fix/patch it.
Absolutely not! The way people using a distribution get updates is with
'yum update' or the equivalent. Otherwise, only experts will have
anything updated. And the config files should be constructed such that
most local changes are merged from /etc/sysconfig and thus updated
files in an RPM can replace the previous unmodified copies.
Remember the problems with RPC and windows being exploited? And the ones
with remote P&P and the remote registry hacks? All services running on
windows boxes that were unknown to the average user...
What does this have to do with a standard well documented service and
the complaint that it can't be activated without modifying a config file
that most people won't understand - and are likely to get wrong.
--
Les Mikesell
lesmikesell@xxxxxxxxx
