alicia@cyberstation.ca (Alicia da Conceicao) wrote:
> Why is the sendmail included with NetBSD or built with pkgsrc, compiled
> with IDENT?  Very few sites run IDENT daemons anyone, especially when
> most individual users use e-mail from their own standalone workstations
> (Win/Mac/Unix), and may also be behind firewalls that block the IDENT
> port.  And IDENT is so easy to fake, that it cannot be trusted.  So what
> is the point of the extra overhead of having sendmail make an IDENT socket
> connection back to a remote computer, everytime that computer makes an
> SMTP socket connection to it?
> 
> Although sendmail can easily be compiled from source on NetBSD, without
> IDENT support, would it not be better to distribute, from the NetBSD
> binaries or pkgsrc, a NetBSD port of sendmail without the IDENT?

I don't think so. IDENT can be very useful, and there's little cost to
having it in sendmail. (There is an obscure DoS attack I can think of, but
I've never heard of anyone actually using it.) Still, if you don't want it,
there's a sendmail option to disable it that can go in the command line or
the .cf file.

/a

---
Alexis Rosen
PANIX Public Access Unix & Internet, NYC.
alexis@panix.com