Subject: Re: replacing sendmail with postfix (summary)
To: NetBSD current list <>
From: William Allen Simpson <>
List: current-users
Date: 07/04/2003 17:15:27
David Laight wrote:
> Why is support for incoming mail undesirable?

You're not thinking like a security analyst.  A service that isn't 
enabled -- isn't hackable.

Incoming port 25 service is not enabled by default on installation.  
Since it _was_ in the past, I'm assuming that the core folks here 
made that security decision, just as they did over in OpenBSD, etc.

> >  * comment (add # next to) smtpd in /etc/postfix/
> >  * swap the commented lines (sendmail to postfix) in /etc/mailer.conf
> >  * have sysinst add "postfix=YES" to /etc/rc.conf
> And using sendmail takes no changes!
Obviously, you haven't tried running NetBSD out of the box....  Or 
followed the related threads this past week.

> > This will not tread on anybody's toes, will not affect current
> > operations, will not prevent folks from using other mailers, but will
> > solve the current install bug (PR install/21998).
> I'm not sure it will.

I'm sure it will, *and* I've tested it.

> A certain amount of other mail has to suceed - eg from crashed vi sessions.
> These all require local mail delivery to be setup for all users.
And in postfix it does, simply by adding "postfix=YES" to rc.conf.

In sendmail it doesn't.

William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32