OpenBSD Journal

Trouble brewing in the land of smtp.

Contributed by grey on from the this crap again? Let's give them an earful dept.

Thanks to Theo de Raadt for pointing out some issues that merit attention from the community.

As you may have noticed, there is currently a bit of a kafufle with the licensing Microsoft is proposing for Sender-ID. Seeing how the IETF is considering Sender-ID as a new standard (and we all know how well the IETF track record has been on such things recently), it doesn't take a rocket scientist to see the similarities here.

While I'm sure undeadly readers are happy to have the free, functional and secure alternatives like CARP and OpenBSD's robust stack implementation, the IETF now seems to be pandering to large corporations and their poorly licensed or patented IP all too often. In this particular case, even Eric Allman indicates that this may change some of the ways in which sendmail is distributed or licensed.

Ironically, on a different, but somewhat related issue, the proposed license for the upcoming Sendmail X is already raising eyebrows on its own, and concerns exist as to whether such future versions will be free enough to distribute.

(Comments are closed)


Comments
  1. By Anthony (68.145.111.152) on

    If the licensing terms on Sender-ID aren't acceptible, it will end up absent from a good chunk of the live MTAs out there. Domainkeys is free, technically superior, and not mutally exclusive with Sender-ID. Therefore, it will end up on every MTA except Exchange. Now who's the standard?

    Comments
    1. By ivlad (83.149.192.3) on

      Exchange, of course. :(

      M$ marketing is gooood, so every dumb ass manager in the every IT department will be convinsed to use it.

      Comments
      1. By knomevol (216.99.238.3) knomevol@altivolus.com on

        wondertwin powers, INCORPORATE!!! form of, GREED! shape of, REPUBLICAN!

        Comments
        1. By goatmaster (65.49.54.179) blsonne@rogers.com on

          Definately one of the better comments I've come across anywhere ;)

      2. By Anthony (68.145.111.152) on

        Ah yes. That's why sendmail is the standard right now with more than 60%.

  2. By Ash'aman (212.135.28.58) on

    Maybe this will inspire Henning and Co. to write OpenSMTP for 3.7. ; - )

    Comments
    1. By Anonymous Coward (68.142.8.147) on

      Imagine. A config file that is simple yet robust as pf.conf, the man page of ntpd, security and efficiency of OpenBSD, and a BSD license.

  3. By Anonymous Coward (67.153.107.130) on http://www.postfix.org

    This would be the perfect opportunity, it seems, to migrate to a less monolithic and more robust MTA, Postfix.

    Comments
    1. By janus (213.39.128.56) janus % errornet % de on http://janus.errornet.de

      No chance to get it further than into the ports. The license isn't compatible.

    2. By pravus (204.66.3.28) on

      yes, you are correct... switching to Postfix will eliminate the licensing encumbrance on 'Sender-ID' and we will all be free! thank-you for making it so clear!

      wake up...

      Comments
      1. By chill (216.229.170.65) on

        No...but it does address the OTHER part of the article, which was about SENDMAIL X's proposed license.

        Wake up yourself.

        Comments
        1. By Anonymous Coward (69.197.92.190) on

          No it doesn't, postifx isn't free either. Try not telling other people to wake up while you are dozing off yourself.

    3. By djm@ (61.95.66.134) on

      Postfix is really, really nice but one clause of the license (5 IIRC) is quite pernicious and could expose OpenBSD to damages.

    4. By tedu (66.93.171.98) on

      or not.

  4. By Anonymous Coward (141.211.62.118) on

    According to http://spf.pobox.com/rfcs.html:

    Sender ID is essentially backward compatible with SPF Classic
    in circumstances when a SUBMITTER parameter is not provided.

    If I understand the authorship of these things correctly, SPF Classic was written wholly by Meng Wong. As such, he is the only person who can claim patents on any item of SPF Classic. Furthermore, any patent on those parts of Sender ID which are obvious in light of SPF Classic is invalid. Consequently, an implementation of SPF Classic which follows the original standard strictly is free of any patent restrictions, and furthermore, if any of the changes made by Sender ID to the original standard are obvious (such as cosmetic changes), they are also free of patent restrictions.

    I think this is the way to go.

  5. By t (172.194.139.174) on

    This is pretty disturbing, as it is yet another instance that clearly shows the continual deterioration of the IETF. We as a community need to speak up, and continue in the advocacy and wide deployment of more superior, open protocols (e.g. CARP).

  6. By CAMNE (68.76.9.62) on


    Maybe someone can explain why no one is discussing email certificates... they are supported by most/all email clients, and are easily obtainable.

    Thawte

    All you need is the crypto-signature, skip the web-of-trust stuff... it takes maybe five minutes to setup.

    Simply configure your email client to filter all non-signed (or invalid-signed) email into a junk folder, and tell everyone you exchange email with to get a certificate.

    SPAM and virus-infected emails will not have valid signatures, and if spammers ever start signing their emails, everyone can petition the trusted third party to revoke their certificate.

    Granted this is all at the client-end, but maybe someone will come up with patches for common SMTP servers to check signatures...

    FYI - Mozilla Mail and Thunderbird on OpenBSD work fine with certificates...



    Comments
    1. By djm@ (61.95.66.134) on

      Really? I can't see anywhere where I can load a cert into thunderbird from ports - I was looking just the other dat to use one for SMTP authentication...

      Comments
      1. By CAMNE (68.76.9.62) on

        My bad...

        I use both Mozilla Mail and Thunderbird, I have IMAP/SSL and A-SMTP/SSL setup in both (connecting to a remote OpenBSD mail server), but the eMail Certificate is in Mozilla only (which I use daily).

        I only use Thunderbird to auto-sort my email (I have a *lot* of message filters defined in Thunderbird).

      2. By CAMNE (68.76.9.62) on

        After a quick double-check, the current version of Thunderbird (v0.7.3) does support email certificates, the version in ports (v0.5) doesn't.

  7. By Anonymous Coward (69.197.92.190) on

    I like how the license tries to pretend they can restrict use of the software to people agreeing to the license. Who wrote that crap, and why wasn't someone with a passing knowledge of copyright law consulted?

    Comments
    1. By janus (213.39.149.25) janus % errornet % de on http://janus.errornet.de

      > Who wrote that crap, and why wasn't someone with a passing knowledge of copyright law consulted?
      What do you expect from the IETF?!
      I've read a bit on their mailinglist regarding those anti spam things...
      in my opinion they don't care about free software.
      Sounds familiar if you remember that the IETF mostly consists of companies interessted in making profit with `standards' they `develop'.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]