OpenBSD Journal

Heads Up: Sendmail Removed from Base

Contributed by tbert on from the day of the living tedu dept.

In the first of several commits, Matthieu Herrb (matthieu@) has removed sendmail from the release:

CVSROOT:	/cvs
Module name:	src
Changes by:	matthieu@cvs.openbsd.org	2014/09/15 16:25:57

Modified files:
	gnu/usr.sbin   : Makefile 

Log message:
Unlink sendmail from the build. ok krw@ ajacoutot@

Users of OpenSMTPd can rejoice in having no work to do; others will have to install sendmail from packages.

(Comments are closed)


Comments
  1. By Sebastian Rother (91.65.157.178) on

    Hip Hip Hurray! :-)

    I also do hope that a new release might come out soon now. It has been a while since a "stable Version" was released. :-]

    Comments
    1. By Renaud Allard (renaud) on

      > Hip Hip Hurray! :-)
      >
      > I also do hope that a new release might come out soon now. It has been a while since a "stable Version" was released. :-]

      You might want to read this: http://www.openbsd.org/faq/faq1.html#Next

      Comments
      1. By Anonymous Coward (91.65.157.178) on

        > > Hip Hip Hurray! :-)
        > >
        > > I also do hope that a new release might come out soon now. It has been a while since a "stable Version" was released. :-]
        >
        > You might want to read this: http://www.openbsd.org/faq/faq1.html#Next

        I don't see how this is related. I said I would love to see a (or well, more regular at least) "stable Version" (where stable here means: it compiles! hurray.. thus I puted these words in " :)) getting included in OpenBSD.

        Please do take a look at their git and compare it with the OpenBSD CVS commit logs. I assume that nobody who runs -current uses any "-current" smtpd-code. How do you test this software then?

        OpenSMTPd:
        https://github.com/OpenSMTPD/OpenSMTPD/commits/master

        Versus OpenBSD:
        http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/

        So my request to get more frequent inclusions/updates.. might be valid... :-)


        But thank you for pointing this out.

        Comments
        1. By Gilles Chehade (gilles) on https://www.poolp.org/~gilles/

          > > > Hip Hip Hurray! :-)
          >
          > [...]
          >
          > I don't see how this is related. I said I would love to see a (or well, more regular at least) "stable Version" (where stable here means: it compiles! hurray.. thus I puted these words in " :)) getting included in OpenBSD.
          >
          > Please do take a look at their git and compare it with the OpenBSD CVS commit logs. I assume that nobody who runs -current uses any "-current" smtpd-code. How do you test this software then?
          >
          > OpenSMTPd:
          > https://github.com/OpenSMTPD/OpenSMTPD/commits/master
          >
          > Versus OpenBSD:
          > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/
          >
          > So my request to get more frequent inclusions/updates.. might be valid... :-)
          >

          Our github gets experimental code that may or may not crash.

          OpenBSD-stable gets a stable OpenSMTPD release.

          OpenBSD-current gets experimental code proven stable for a while.



          Comments
          1. By Anonymous Coward (91.65.157.178) on

            > > > > Hip Hip Hurray! :-)
            > >
            > > [...]
            > >
            > > I don't see how this is related. I said I would love to see a (or well, more regular at least) "stable Version" (where stable here means: it compiles! hurray.. thus I puted these words in " :)) getting included in OpenBSD.
            > >
            > > Please do take a look at their git and compare it with the OpenBSD CVS commit logs. I assume that nobody who runs -current uses any "-current" smtpd-code. How do you test this software then?
            > >
            > > OpenSMTPd:
            > > https://github.com/OpenSMTPD/OpenSMTPD/commits/master
            > >
            > > Versus OpenBSD:
            > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/
            > >
            > > So my request to get more frequent inclusions/updates.. might be valid... :-)
            > >
            >
            > Our github gets experimental code that may or may not crash.
            >
            > OpenBSD-stable gets a stable OpenSMTPD release.
            >
            > OpenBSD-current gets experimental code proven stable for a while.

            Thank you for the inview!

            Kind regards,
            Sebastian

  2. By Ilyas Bakirov (79.142.53.90) on

    Good news, so many exciting changes in base :)

    Comments
    1. By BSDfan (193.200.119.132) on

      > Good news, so many exciting changes in base :)

      Yeah! :)
      Now it's time to performance improvements, better SMP, remove giant kernel lock, etc. Modern filesystem like Hammer2 and virtualization support (bhyve, jails) would be nice too.

      Comments
      1. By henning (46.115.159.147) on

        > Now it's time to performance improvements, better SMP, remove giant kernel lock, etc. Modern filesystem like Hammer2 and virtualization support (bhyve, jails) would be nice too.

        Looking forward to your diffs

        Comments
        1. By BSDfan (193.200.119.132) on

          > > Now it's time to performance improvements, better SMP, remove giant kernel lock, etc. Modern filesystem like Hammer2 and virtualization support (bhyve, jails) would be nice too.
          >
          > Looking forward to your diffs
          >
          >

          Typical answer from OpenBSD developer :->

          I'm sysadmin not programmer, sorry :)
          I very like OpenBSD (like all other BSDs) and I really appreciate your hard work.

          Comments
          1. By Anonymous Coward (2001:4b10:1002:cc01:f2de:f1ff:fef9:a752) on

            > > > Now it's time to performance improvements, better SMP, remove giant kernel lock, etc.

            If I was one of the developers who has been working over a long period of time on painstakingly moving drivers and subsystems to being mpsafe I would be feeling pretty disheartened at this type of thoughtless comment.

            This is delicate work and some other BSD went through a lot of pain and bad releases when they did this...

            Comments
            1. By TOOGAM (63.231.28.161) on http://toogam.com

              > > > > Now it's time to performance improvements, better SMP, remove giant kernel lock, etc.

              > This is delicate work and some other BSD went through a lot of pain and bad releases when they did this...

              Well, that settles that.
              I'd rather that some features be delayed for years longer, but not have a single bad release that delivers pain from broken things.

              To quote from elsewhere on this page:
              > I do request XEN support and a ZFS-port from Linux for the next release!

              I, for one, do agree that Xen support would be nice.
              I think, though, that I'd rather see that LibreSSL is operating at top quality, particularly since this OpenSSL replacement has already been publicly announced. A lot of people use OpenSSH but weren't familiar with SSH before OpenSSH was released. OpenSSL was different, as a lot of people have been using it. A lot of eyes are on the LibreSSL software.

              Between that, switching from Nginx to httpd, and removing sendmail... I think that making a brand new ZFS port for the next release is... umm... less urgent.

              I prefer that my filesystem not be started less than 6 weeks before the OS's release. Just my crazy preference.

              Comments
              1. By Anonymous Coward (2001:4b10:1002:cc01:f2de:f1ff:fef9:a752) on

                > > > > > Now it's time to performance improvements, better SMP, remove giant kernel lock, etc.
                >
                > > This is delicate work and some other BSD went through a lot of pain and bad releases when they did this...
                >
                > Well, that settles that.
                > I'd rather that some features be delayed for years longer, but not have a single bad release that delivers pain from broken things.

                Single? It was more like 5.0, 5.1, 5.2, ... Not sure when it started getting better again, I had given up and moved everything to OpenBSD by then.

              2. By Jorden Verwer (37.0.95.173) on

                > I prefer that my filesystem not be started less than 6 weeks before the OS's release. Just my crazy preference.
                Actually, this is the right time for starting work on big changes. Or maybe it's a little late, but not for the reason you're thinking of.

                OpenBSD 5.6 is already done on a source code level. You can check it out from CVS today. In fact you could've done that back in July if I'm not mistaken. Of course there's more to a release than just a CVS tag, which is part of the reason why you'll have to wait until November 1st to gets your hands on the new CDs.

                Comments
                1. By Anonymous Coward (91.65.157.178) on

                  > > I prefer that my filesystem not be started less than 6 weeks before the OS's release. Just my crazy preference.
                  > Actually, this is the right time for starting work on big changes. Or maybe it's a little late, but not for the reason you're thinking of.
                  >
                  > OpenBSD 5.6 is already done on a source code level. You can check it out from CVS today. In fact you could've done that back in July if I'm not mistaken. Of course there's more to a release than just a CVS tag, which is part of the reason why you'll have to wait until November 1st to gets your hands on the new CDs.

                  And the first Patch is avaiable too.. for nginx :-D

                  Kind regards,
                  Sebastian

                  Comments
                  1. By journeysquid (Tor) on http://www.bsdnow.tv/

                    > And the first Patch is avaiable too.. for nginx :-D

                    Second.

        2. By Anonymous Coward (135.23.87.149) on

          > > Now it's time to performance improvements, better SMP, remove giant kernel lock, etc. Modern filesystem like Hammer2 and virtualization support (bhyve, jails) would be nice too.
          >
          > Looking forward to your diffs
          >
          >

          I don't think you understand how software development works. It is really quite simple. First: you complain about things you want on various websites. Second: you're done! See, it is really easy.

          Comments
          1. By Sebastian Rother (91.65.157.178) on

            > > > Now it's time to performance improvements, better SMP, remove giant kernel lock, etc. Modern filesystem like Hammer2 and virtualization support (bhyve, jails) would be nice too.
            > >
            > > Looking forward to your diffs
            > >
            > >
            >
            > I don't think you understand how software development works. It is really quite simple. First: you complain about things you want on various websites. Second: you're done! See, it is really easy.

            And none of you got the sacasm of the original author.. *shrug*

            I do request XEN support and a ZFS-port from Linux for the next release!
            And if you've spare tiem an update to the WiFi-Stack would be kind to support the last 2 modern standards! (n + gbit wlan)! :)

            I'm sure this can get done in a week or even less... depends to the amount of beer shipped to the developers. Some HUMPA might also be required. ;-]


            Kind regards,
            Sebastian

  3. By sthen (2001:4b10:1002:cc01:f2de:f1ff:fef9:a752) on

    "Users of OpenSMTPd can rejoice in having no work to do; others will have to install sendmail from packages."

    s/OpenSMTPd/any MTA other than sendmail/ ;-)

    More importantly, sendmail isn't actually in packages yet. There's a WIP port, but it hasn't yet been committed. When it's there, it will actually be easier for sendmail users wanting any compiled-in features (LDAP, SASL etc) as there won't be a "base OS" version to have to deal with.

    Comments
    1. By Sebastian Rother (91.65.157.178) on

      > "Users of OpenSMTPd can rejoice in having no work to do; others will have to install sendmail from packages."
      >
      > s/OpenSMTPd/any MTA other than sendmail/ ;-)
      >
      > More importantly, sendmail isn't actually in packages yet. There's a WIP port, but it hasn't yet been committed. When it's there, it will actually be easier for sendmail users wanting any compiled-in features (LDAP, SASL etc) as there won't be a "base OS" version to have to deal with.

      I see not much interest from a broad group of people about "sendmail in the ports".....

      I would doubt there many users (I can be wrong but for what sendmail did by default... and a lot people dislike m4-scripts and likely used something else for other use-cases) of sendmail left...

      Compared to the insecurity related to the removal of nginx and how to replace existing installations with the base (new) httpd the noise about sendmail getting removed is kind of not existing. :-)

      I for myself hope that a new Version of OpenSMTPd gets imported soon.

  4. By Peter van Oord van der Vlies (87.213.12.18) on

    Sounds good but is there also some support for clamd and spamassassin ?

    Comments
    1. By Ilyas Bakirov (147.30.157.206) on

      > Sounds good but is there also some support for clamd and spamassassin ?
      OpenSMTPD supports clamav and spamassassin via tagging mechanism with using proxy(where mails injects into proxy and gets back to queue with tags) like DKIMProxy, clamsmtp and spamd. Official docs lacks information about this, but you can find config example on mailinglists

      Comments
      1. By Anonymous Coward (2001:7b8:1580:4:5d97:e26d:a6f0:8eb4) on

        > > Sounds good but is there also some support for clamd and spamassassin ?
        > OpenSMTPD supports clamav and spamassassin via tagging mechanism with using proxy(where mails injects into proxy and gets back to queue with tags) like DKIMProxy, clamsmtp and spamd. Official docs lacks information about this, but you can find config example on mailinglists
        >
        >

        How does this perform ? Do you have an link to some example for this ?
        I really like to test this before moving away from sendmail.

        Comments
        1. By Anonymous Coward (79.142.53.90) on

          > > > Sounds good but is there also some support for clamd and spamassassin ?
          > > OpenSMTPD supports clamav and spamassassin via tagging mechanism with using proxy(where mails injects into proxy and gets back to queue with tags) like DKIMProxy, clamsmtp and spamd. Official docs lacks information about this, but you can find config example on mailinglists
          > >
          > >
          >
          > How does this perform ? Do you have an link to some example for this ?
          > I really like to test this before moving away from sendmail.

          Sure:

          openSMTPD + amavisd-new(can be used as virus and spam scanner)

          (http://blog.admiral0.it/computing/mail-server-with-opensmtpd-dovecot-and-amavisdspamassassin/)

          Follow this thread: question about OpenSMTP and Clam (https://www.mail-archive.com/misc@opensmtpd.org/msg00405.html)

          Unfortunately poolp.org's reference example link (https://poolp.org/0x765d/OpenSMTPD:-LDAP-support-selectable-source--DKIM-and-Goodies) is broken

          Comments
          1. By Anonymous Coward (94.23.30.53) on

            > > > > Sounds good but is there also some support for clamd and spamassassin ?
            > > > OpenSMTPD supports clamav and spamassassin via tagging mechanism with using proxy(where mails injects into proxy and gets back to queue with tags) like DKIMProxy, clamsmtp and spamd. Official docs lacks information about this, but you can find config example on mailinglists
            > > >
            > > >
            > >
            > > How does this perform ? Do you have an link to some example for this ?
            > > I really like to test this before moving away from sendmail.
            >
            > Sure:
            >
            > openSMTPD + amavisd-new(can be used as virus and spam scanner)
            >
            > (http://blog.admiral0.it/computing/mail-server-with-opensmtpd-dovecot-and-amavisdspamassassin/)
            >
            > Follow this thread: question about OpenSMTP and Clam (https://www.mail-archive.com/misc@opensmtpd.org/msg00405.html)
            >
            > Unfortunately poolp.org's reference example link (https://poolp.org/0x765d/OpenSMTPD:-LDAP-support-selectable-source--DKIM-and-Goodies) is broken

            I can't believe that the abomination monster that amavisd is still exists nowadays working as a filtering relay.
            Amavisd has 4 policies:
            - bounce: if it's real spam or virus, you are at 99.999% chances responding to a forged sender, thus annoying real people or wasting bandwidth.
            - accept: what's the point of filtering then, wasting resources on your own servers?
            - quarantine: almost the worst, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass. There is a hope, you can still get it.
            - discard: the worst thing you can do, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass and there is no way to get it back.

            Comments
            1. By Anonymous Coward (2001:4b10:1002:cc01:f2de:f1ff:fef9:a752) on

              > - accept: what's the point of filtering then, wasting resources on your own servers?

              So you can deliver it to a spam mailbox, so that users have a chance to check through occasionally for misfiled mails. Then you can easily kill mails from the spam box after a couple of weeks if nobody picks them up to reduce resource use.

              > - quarantine: almost the worst, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass. There is a hope, you can still get it.

              You can have it send warnings. But this is probably more useful for cases where a postmaster reviews quarantined mail for a domain and handles false positives etc.

              > - discard: the worst thing you can do, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass and there is no way to get it back.

              But...but...this method has "worked" for large commercial email providers for years!

              Comments
              1. By Anonymous Coward (77.109.141.138) on

                > > - accept: what's the point of filtering then, wasting resources on your own servers?
                >
                > So you can deliver it to a spam mailbox, so that users have a chance to check through occasionally for misfiled mails. Then you can easily kill mails from the spam box after a couple of weeks if nobody picks them up to reduce resource use.
                >

                Then you should probably send a 5XX answer and put the mail in the user spam folder. So if he doesn't see it, at least the sender has been warned.

                > > - quarantine: almost the worst, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass. There is a hope, you can still get it.
                >
                > You can have it send warnings. But this is probably more useful for cases where a postmaster reviews quarantined mail for a domain and handles false positives etc.

                At least there is more work for the postmaster.

                >
                > > - discard: the worst thing you can do, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass and there is no way to get it back.
                >
                > But...but...this method has "worked" for large commercial email providers for years!

                That's why they nearly killed off email, because they changed a strong protocol with extremely low failure rates to an unreliable one.
                That's why sometimes you have to call someone to check if he received the document you sent.
                The thing people really don't want is that an important mail is lost to nowhere without any means of knowing.

                Comments
                1. By Ilyas Bakirov (79.142.53.90) on

                  You get out off topic:)

                  > That's why they nearly killed off email, because they changed a strong protocol with extremely low failure rates to an unreliable one.
                  > That's why sometimes you have to call someone to check if he received the document you sent.
                  You can enable mail delivery report for this. Normal mail user(not spammer) do not face these kind of problems, if his/her mail legitimate and passes checks

                  > The thing people really don't want is that an important mail is lost to nowhere without any means of knowing.
                  All sent mails stored in Sent folder, user may re-send mail for sure.
                  Smtp servers nowadays tries not to bounce back mail for spam mails from forged and unknown senders(why you should bounce mail for unknown sender? also remember spams via bounce mails). Whatever, these options can be configured according to domain policies, it is not headache



            2. By Ilyas Bakirov (79.142.53.90) on

              > I can't believe that the abomination monster that amavisd is still exists nowadays working as a filtering relay.
              > Amavisd has 4 policies:
              > - bounce: if it's real spam or virus, you are at 99.999% chances responding to a forged sender, thus annoying real people or wasting bandwidth.
              > - accept: what's the point of filtering then, wasting resources on your own servers?
              > - quarantine: almost the worst, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass. There is a hope, you can still get it.
              > - discard: the worst thing you can do, if it's not spam/virus, neither the sender neither the recipient is warned that the mail didn't pass and there is no way to get it back.

              You are free to use other filtering/DIP products :) These links just an example to show mail filtering integration with OpenSMTPD

  5. By Lars Schotte (80.152.30.211) gustik@gustik.eu on http://gustik.eu/

    Yes, I see this as a good step. I was wondering for a long time, why OpenBSD kept Sendmail in for so long. If I were them, I had it removed long before Apache and Bind. The more lightweight it is, the better.

    Comments
    1. By グレェ (87.189.119.88) on

      > Yes, I see this as a good step. I was wondering for a long time, why OpenBSD kept Sendmail in for so long. If I were them, I had it removed long before Apache and Bind. The more lightweight it is, the better.

      I more or less sympathize with this at this point; I am more or less done with SMTP as a protocol, so much grief.

      I did manage to put Bob Beck's spamd into production once, that was a site to behold; but the onslaught of spam persisted, the signal to noise ratio is practically beyond anything I would have conceived of in Lovecraft inspired fiction. A demiurge of digital v14gr4 vendors.

      Is OpenSMTPd on by default? Maybe it doesn't need to be?

      Comments
      1. By phessler (phessler) on http://www.openbsdfoundation.org/donations.html

        > > Yes, I see this as a good step. I was wondering for a long time, why OpenBSD kept Sendmail in for so long. If I were them, I had it removed long before Apache and Bind. The more lightweight it is, the better.
        >
        > I more or less sympathize with this at this point; I am more or less done with SMTP as a protocol, so much grief.
        >
        > I did manage to put Bob Beck's spamd into production once, that was a site to behold; but the onslaught of spam persisted, the signal to noise ratio is practically beyond anything I would have conceived of in Lovecraft inspired fiction. A demiurge of digital v14gr4 vendors.
        >
        > Is OpenSMTPd on by default? Maybe it doesn't need to be?

        OpenSMTPd is on by default, but is configured to only accept mail from local users. You have to send it locally, not via the network.

        This is a sane configuration, which allows the Daily mails and other important mails to be sent.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]