[HN Gopher] Mail: Make The Dragonfly Mail Agent (dma) the defaul... ___________________________________________________________________ Mail: Make The Dragonfly Mail Agent (dma) the default mta Author : rfmoz Score : 111 points Date : 2022-11-08 07:55 UTC (15 hours ago) (HTM) web link (cgit.freebsd.org) (TXT) w3m dump (cgit.freebsd.org) | mnd999 wrote: | I've been doing this on my FreeBSD boxes for a while. Great move. | rasengan wrote: | I respect sendmail. Obviously there are other MTAs like djb's Q | mail, postfix as well as newer ones written in Go and Rust. Sure | sendmail has had its share of vulnerabilities. But it's the falls | it suffered that made every other MTA strong. | | Let's respect the software of the past. It's the past's software | that built today's software. | pjc50 wrote: | No. Let it die and stand over the grave to make sure it stays | dead. Even 20 years ago there were better alternatives; Debian | sensibly defaulted to Exim. | | It's always been a horrendously difficult to configure | monolith. | jsrcout wrote: | Agree. The hardest thing in the world (besides configuring | sendmail) is to remember that other peoples' use cases are not | necessarily my use case. The world of email was a whole lot | different back when sendmail was created. | | https://en.wikipedia.org/wiki/Email#History | zokier wrote: | > The world of email was a whole lot different back when | sendmail was created. | | Sure, email in 80s was different than in the 90s. The problem | with sendmail is that it didn't get replaced when it really | wasn't a good fit anymore and instead it got dragged on for | extra 30 years. | throw0101c wrote: | > _But it's the falls it suffered that made every other MTA | strong._ | | Worth remembering that Sendmail was, generally speaking, first. | Shoulder of giants and all that. | Beltalowda wrote: | Sendmail wasn't really the first per se, but it was the first | that _worked well_. In the early 80s there were a lot of | competing email protocols and systems and implementations, | and Sendmail could talk to all of them, in a "bug- | compatible" way. This is also why sendmail.cf is so | bewilderingly flexible and complex. | | Later email systems like Postfix and qmail in the 90s had it | much easier as they operated in a much simpler ecosystem. | gpvos wrote: | At least MMDF was (a little) earlier. Maybe it lacked some | features compared to sendmail? It ran at several university | sites at least. It was an early adopter of least-privilege | architecture, predating qmail by a lot. | FrostKiwi wrote: | Really happy to see this cross-pollination in BSD land. Not just | DragonFlyBSD getting packages via DeltaPorts, but FreeBSD also | getting updates from DragonFly. | stock_toaster wrote: | Maybe someday npf will be ported to FreeBSD from NetBSD too. I | can hope. | anecdotal1 wrote: | Can it outperform IPFW? | cpach wrote: | Is it not enough with pf, ipfw and ipfilter? (^_^) | Beltalowda wrote: | Maybe the movies and "he hacked through four firewalls!!!" | are correct after all. | cpach wrote: | Haha! Maybe (: | puyoxyz wrote: | End of an era | ruslan wrote: | Previous EoE was when they removed UUCP. | | PS. I use uucico to automate some offline factory processes for | 25+ years. | deck4rd wrote: | I'm a fan of msmtp for this sort of "lightweight" mail sender, | since I really only need it for cron notifications and a few | hacky scripts. Maybe I'll give dma a spin. | nix23 wrote: | Oh yes!! That is the right decision!! And maybe also change NTP | to DNTPD or NTPsec..maybe? | ilyt wrote: | I'm more surprised they still used sendmail, most of the other | distros moved away from that... abomination in every respect | decades ago. I still remember _fun_ of setting it up then | migrating to qmail (which was also ...interesting to setup) | bell-cot wrote: | Sendmail, as configured & documented in FreeBSD, is very easy | to set up for _really_ simple use cases. Or to disable. | | For more complex use cases - it's kinda obvious that they | expect ~everyone to install their favorite MTA and use that. | | I'd guess that sendmail is still there because they could never | agree on which replacement for it was "the best". | crest wrote: | The "real" sendmail hasn't been the base system one for ages. | The sendmail in the base system ist only a fairly minimal | configuration used for local mail delivery (cron, sudo, etc.). | The reason it took so long is that there was no consensus on | what should succeed sendmail as the default mailer. There are | several mail transfer agents just one pkg install away | (Postfix, exim, OpenSMTPd, (newer) DMA, ssmtp, msmtp, etc.). | ruslan wrote: | Really bad news! Please keep sendmail default MTA! | nix23 wrote: | Why? But anyway, you can install it from ports if you wish ;) | ruslan wrote: | Of course I can, I can even compile it from source codes, | which I sometimes do. :) | | I use FreeBSD for decades and sendmail was my number one and | the only choice of MTA all that time. Not only mine, but all | others FreeBSD users I know too. I don't get why would | something that works excellent should be changed to something | that, well, is just a dummy ? I love sendmail. I think I can | cook it quite well, and I don't get why I should change my | habits. Not changing habits is one of the major reasons I use | FreeBSD these days. Otherwise I would switch to Linux long | time ago. Now FreeBSD made one more step towards its death. | | If someone has prejudice against sendmail adding | sendmail_enable="NONE" in rc.conf is easy. | gpvos wrote: | There are many more people who dislike sendmail than people | who like it. It's like several orders of magnitude. And | it's objectively hard to configure securely. Sorry. If you | want to keep using it, nothing is stopping you, but the | rest of the world wants sensible defaults. | Beltalowda wrote: | Sendmail was developed in the early 80s to be bug- | compatible with crappy bespoke email systems of the time, | as well as long-dead protocols like decmail and whatnot. It | made a lot of decisions in that context that were sensible | at the time, but that have become a lot less sensible as | the world and ecosystem has changed over the last 40 years. | | Sendmail is not dead, but its glory days are over. 30 years | ago the entire world was running on Sendmail, but this | already started shifting 20 years ago, and today Sendmail | operates a tiny minority of the world's email servers. | | If you want to keep running Sendmail: great! Go for it! But | it's just not a sensible default any more. The art of | picking defaults is choosing something that will work for | _most_ people with a minimal surface for footguns. And | Sendmail is clearly not it. I appreciate you don 't want to | "change your habits" - I usually don't want to either - but | FreeBSD does not revolve around you. | nix23 wrote: | I cant even argue about that mentality of beein so against | changes. It's for sending emails...gosh...have you said the | same about the git change? | | Btw if you just used sendmail..always..my condolences. | ruslan wrote: | Git is so recent comparing to Sendmail. I began using Git | for my projects just a couple of years ago. I was die- | hard CVS user, switching to Git was a pain for me. Now | with Git I've had to employ Linux best practice - update | everything once a month or so, which often leads to | compatibility problems that have to be resolved. This all | eats quite a lot of time, unfortunately. | nix23 wrote: | Yeah but freebsd was subversion for a long time, you cant | tell me you liked it ;) | | BTW Bitkeeper user here...well and git because i have to. | jabl wrote: | I've been using dma for some Linux servers in a simple 'smart | host only' configuration (that is, all mail is forwarded to some | central 'real' MTA), mostly in order to deliver mails from cron. | As the commit message notes, DMA is not a full-featured MTA like | sendmail or postfix, but rather a minimalistic MTA. Makes sense | to have as the default one; those who have a need for a 'real' | MTA can install and setup such a thing. | hdjjhhvvhga wrote: | In hindsight, one can wonder why it's not the default behavior | everywhere. After all, most systems need some form of mail, but | only basic. The rest can install a fully-featured version | easily. It's a win-win situation: increased security for those | who don't need a fully-featured MTA and the rest doesn't lose | anything. | jabl wrote: | > In hindsight, one can wonder why it's not the default | behavior everywhere. | | Nowadays most Linux distros don't install any MTA by default. | Which I think is an entirely valid choice, considering home | users, laptop warriors etc. that don't run any services (for | the external world) on the machine, and setting up even a | simple smarthost type configuration requires putting in some | config data during the installation process. | zokier wrote: | To me the olden way of every server running some email | daemon in the background always felt so weird; the only | purpose seemed to be a black hole for a things like sudo | and cron write their messages to, something surely a simple | log file would have sufficed for. | jabl wrote: | Guess it's some leftover from ye olde days when machines | were multiuser things, lovingly cared for by sysadmins. | In such a world, might make sense to have local mail | delivery on each host. | yamtaddle wrote: | People pay for services to get unified status dashboards | for all their shit, despite having logs on disk they | could use instead. | | A correctly-configured MTA on all your servers, and a few | email filters on the client side, are basically the old- | school version of that. | aljarry wrote: | That's exactly my problem today - I have some old PCs | repurposed as homelab, and they require some cron jobs to | keep them in check - like forcing modules, or keeping the | fans from whining. Without any MTA, it's such a chore to | learn why something is failing. In this age, the whole | "cron only sends output logs through email" seems super | anachronistic. | SoftTalker wrote: | It saves having every program that might want to send | mail from requiring configuration. | ComputerGuru wrote: | Eh. I felt that way until I configured my MTA correctly | on FreeBSD and I was suddenly receiving emails with | package out-of-date notifications, summaries of failed | cron jobs, etc that are more suited as "push" than "pull" | unless it's your job to monitor the logs on an | hourly/daily basis. | yamtaddle wrote: | There's a ton of basically-forgotten system-level | functionality that's tossed aside in favor of complex | aggregator services and SPA dashboards and new | configuration systems and such. | | You can get a hell of a lot of mileage out of knowing | which parts of your system can be swapped out or | configured in interesting ways, but these days you're | more likely to treat your OS as a dumb binary-runner and | let a dozen SaaS do all the interesting stuff instead. | | Kinda like people who treat their DB as a dumb datastore | and don't actually leverage any interesting or | distinctive features of it. I guess it's nice that your | system can be ported to almost any datastore without | trouble, but... man you'd have saved yourself a lot of | time, bugs, and money if you'd just _actually leveraged_ | your DB. Seems operating systems are getting the same | treatment. Why learn to configure a forwarding log daemon | when you can just ship to logstash? Why use email alerts | when you have pagerduty and an uptime monitor and just | auto-rebuild any instances that error? Why use full- | featured filesystems like ZFS, and really take advantage | of its capabilities to easily add features that 'd | otherwise be very difficult or to attain much greater | server reliability/uptime if you're gonna store | everything on S3 and your instances are ephemeral? But | then one wonders, why run an actual full OS in the first | place, then, if you're not going to _use it_ at all? And | indeed, I gather some are moving away from that, for | precisely that reason (e.g. Firecracker, "serverless") | | Me, I find myself digging deeper and deeper into letting | the OS, system services, and mature daemons solve | problems for me, rather than searching Github first thing | for whatever half-baked Nodejs "webscale" solution there | is, or DIYing something that treats the OS as nothing but | a job-runner and socket-provider. But that seems to be | dinosaur thinking these days. | mmcgaha wrote: | Same here. I am psyched to see DMA mentioned on HN so more | folks will be exposed to it. | eddieh wrote: | Or anything from DragonFly BSD for that matter. | jeltz wrote: | How does it compare to other lightweight agents like msmtp? | jabl wrote: | I did look into a number of these minimal MTA's, reading a | few blog posts etc. before deciding on dma. A couple of neat | features: | | - Reads aliases from /etc/aliases like the Flying Spaghetti | Monster intended. | | - Limited (very limited, but good enough for smarthost type | usage) spooling support. So if there's a glitch at the moment | you're trying to send mail, it's not lost (as DMA doesn't run | any daemons, there's a cronjob which checks the outgoing | spool and tries to deliver the email). | | - Actively maintained, and available in the distro archives. | jeltz wrote: | Interesting solution to the spool, not sure if I want it | for my own stuff, but it is very minimalistic and nice. I | get why you picked it. Seems like it tries to do the | minimum possible to replace traditional sendmail with | something still unixy. | ysleepy wrote: | Finally. For, well, decades, the first thing I added to my | rc.conf was sendmail_enable=NONE. | | I think local email is dumb in general though. | bell-cot wrote: | ...as the _default_ MTA, in FreeBSD 14.0, which is scheduled to | be released in July 2023. | | The currently-supported production versions are 12.3 and 13.1. | Which are scheduled to be replaced by 12.4 (Dec'22) and 13.2 | (Mar'23). | monotux wrote: | To be fair, dma has been in the base system for a long time. | | Now (well sometime in the future) I can remove half of my Ansible | role for setting up dma on my systems, just skipping disabling | sendmail. | | I learned about dma here, a great blog btw! | https://jpmens.net/2020/03/05/simple-solution-for-outgoing-m... | rfmoz wrote: | Maybe a coincidence, but Eric Allman is the developer of Sendmail | [1] and the spouse of Marshall Kirk McKusick, one of the long- | serving board members that left the FreeBSD Foundation this | summer [2]. | | [1] - https://en.wikipedia.org/wiki/Eric_Allman [2] - | https://freebsdfoundation.org/blog/foundation-elects-new-off... | loeg wrote: | McKusick is also known for the filesystem (FFS / UFS). | | The use of sendmail in FreeBSD isn't exactly a coincidence -- | it, too, was developed at Berkeley in the 70s and 80s. And it's | probably unsurprising that people meet other people living and | working in the same place (grad school). | nix23 wrote: | It's especially funny that Marshall said never tell anyone that | your are good at writing drivers or sendmail-configuration | because that will be your life's destination then ;) | yamtaddle wrote: | Heh, similar to "never let your coworkers know you are good | with Excel". Or, in non-tech offices, never let anyone know | you understand technology at all. | | I wonder if there's a name for that general sentiment, and | how far back comments on that sort of thing go. | a1369209993 wrote: | "The reward for a job well done is usually another job to | do. Remember that if you're ever tempted to do a good job | of something thankless and unpleasant." | josteink wrote: | I remember trying to setup sendmail 15-20 years ago, and it was a | horrendous experience. | | Seeing this news reminds me of an old quote (which I cannot find | a direct reference to at this point): | | "There is nothing in human experience when compared to setting up | a sendmail config-file which can be considered hard." | | Based on this move, I guess this means sendmail haven't really | improved much in that regard since, and most people just avoiding | it for that reason? I guess... Good riddance, then? | darrenf wrote: | Sendmail as Turing machine: | https://okmij.org/ftp/Computation/sendmail-as-turing-machine... | nonrandomstring wrote: | The thickest, heaviest and least used old book I keep by the | door for battering intruders is O'Reilly "Sendmail". | | It taught me one important thing; that the elegance and | reliability of any program is inversely proportional to the | size if the configuration guide. | anthk wrote: | A good step in the right direction. FreeBSD has bad defaults, but | I hope they can fix them one step at a time. | linsomniac wrote: | This is your sendmail therapy thread. Relate how sendmail scarred | you here. :-) | neilv wrote: | Circa 1990, our site (mostly a Sun shop) had to mess with our | email setup, which included a UUCP link with HQ addressed by | the unqualified hostname of the site's mail server, public bang | paths to site servers (and percents), but also domain names | (probably SMTP served from HQ and forwarded), and delivered to | Unix workstation users by dropping into an mbox file in NFS | automounted homedirs, and to non-engineering people running PC | NFS and Eudora I don't know how... | | We did almost all sysadmin expertise in-house, but for this | Sendmail, we brought in a consultant. | | It was a name I recognized from Usenet, and knowingly meeting a | "famous" person was pretty new to me at the time. Turns out he | wasn't a Unix graybeard (closer to my young skinny nerd age), | and he was working on a Neuroscience PhD, while building/fixing | everyone's Sendmail setups. | | I didn't know to ask him which discipline was more difficult. | neilv wrote: | Once I started hosting my own personal email seriously, I | think Exim was probably available. Even Exim config for a | simple setup could get a bit tricky (e.g., I made it drop | `Received` headers of outgoing email it was relaying for me), | but nothing like Sendmail. | gw98 wrote: | I inherited one of these once. Someone had got half way | through migrating it to Pegasus on NT and given up. Just as I | got the whole damn thing in reasonable shape the bastards | hired some Lotus consultants and replaced it with Lotus | Notes. | hdjjhhvvhga wrote: | I remember I implemented some modifications my boss asked me | and went on a business trip to Russia. It was early 2000s, no | smartphones, and the only Internet on the phone was WAP. So my | boss is calling me and telling me our mail server is sending | out spam. Yes, I turned on open relay by accident... | | I run to the nearest Internet cafe and discovered they're | blocking SSH ports. It took quite some time to unblock it, make | the changes (it took less than a minute) and pray nobody | intercepted my access data and make a mess before I get back. | I've never felt so ashamed about my lack of professionalism in | my entire life. I literally hated myself for being forced to | use a public Internet cafe to configure my server. | Someone wrote: | That's why you should always have debug mode enabled. It | would have allowed you to fix this issue by sending an email | /s | | https://www.mit.edu/people/eichin/virus/strategies.html: | | _"Debugging mode has many features, including the ability to | send a mail message with a program as the recipient (i.e. the | program would run, with all of its input coming from the body | of the message)."_ | | I don't know why that page follows that with _"This is | inappropriate"_ /s | tenebrisalietum wrote: | I read a sendmail configuration file once. | INTPenis wrote: | All you really need to show is how Linus Akesson made a Turtle | animation[1] using Sendmail cf. That level of complexity should | not exist in any configuration language. | | 1. https://www.linusakesson.net/programming/sendmail/index.php | hericium wrote: | Life is too short for software with its own, unique | configuration language. I've spent months on learning Exim | configuration gymnastics, trying to make it both efficient | and useful and without breaking functionality used by a | company/organization. | thiagocsf wrote: | Sendmail made me think everything in Unix was so scary and | esoteric. | jbverschoor wrote: | sendmail and bind :) | raffraffraff wrote: | Shudders. The LPIC exams I took back in 2005 made me think | I would spend the next 20 years in vim manually configuring | apache, sendmail, bind, openldap and a bunch of other stuff | I haven't touched since the exam. | doubled112 wrote: | I never did get used to running make on my config files. | | Or the pain of somebody on the team routinely editing the | output files without making the changes on the config files, | and never knowing whether it'll work the same when you're | done. | mkovach wrote: | Worked at a place with OpenVMS and a UUCP setup. Yep, I've used | mail11. I've use to setup UUCP mailers. I've hand configured | sendmail with fingertips scarred from thumbing through the bat | book. I've worked with sendmail to route mail to Novell | NetMail! | | I use to be a Sendmail consultant. | | I've seen things you people won't believe. Open SMTP relays | with zero firewall protection. I've watched people use sendmail | to get root without a password. I've seen volumes of email lost | in time, like bits into /dev/null. Time to patch. | linsomniac wrote: | I ran UUCP well into the 2010s. Starting around 1999 I was | running a small company and we all had laptops as our primary | machines. Remember, back then Internet was fairly spotty: | Still dial up, CDMA 9600bps cellular, Richochet, PCMCIA, | BreezeNet... | | UUCP with qmail and later Postfix was a great way to shove | e-mail over these really unreliable connections. The g | protocol worked amazingly well over these unreliable | connections because it could pick up where it left off, so as | long as you could get a few packets through, eventually your | (sometimes large) e-mail messages could make it through, even | if they had the spend the night trying. | | The company kept that architecture well into the 2010s, even | when we all had fairly speedy, reliable Internet connections, | because it just worked really well. They eventually went to | gmail years after I left. | mkovach wrote: | I will always have a fondness for UUCP. I eventually moved | to qmail (a bit hacked up to handle for some unusual | requirements) for all the UUCP related stuff. | | UUCP had it's issues, but it was (and still is) one of the | best was to transfer stuff over really bad connections. We | worked at a place where we had really remote locations and | UUCP stuff worked without much work. | | Plus, I learned a ton in writing something to do reports | and monitoring of the UUCP connections. Fun times, but I am | still scarred Sendmail. Some wounds are pretty deep. | linsomniac wrote: | Back circa 1994, I was getting e-mail by dialing in to | the Boulder Internet Coop via UUCP. They were really | experienced Unix folks (Trent Hein, Evi Nemeth RIP), | running Sun. At one point, the uucp queue got big enough | (I believe from machines that were connecting | infrequently or maybe not at all), that the directory | holding all those files couldn't be scanned in less than | the UUCP timeout. All the while I was paying long | distance rates (remember those) to sit on the line | idling. | | I had recommended they switch to using Taylor UUCP, | because it splits the queue directory up into a | hierarchy. They said Taylor wasn't mature enough, but I | asked Ian Lance Taylor about it and he laughed and said | "<THE major commercial UUCP provider> doesn't seem to | agree." :-) | | I've always heard that Kermit has really great protocols | for handling horribly, horribly bad modem connections. I | had at times wondered if a kermit UUCP protocol would | have been useful. | mkovach wrote: | Kermit could be pretty good. Used it for VMS stuff for | quite a bit. Really lost track of it when I moved to | mainly Unix setups. | shellac wrote: | The Bat book fell off a high shelf and killed my cat. | | Ok, I may be lying, but if the sheer mass of that book was more | than sufficient to convince me to never try configuring | sendmail. | _joel wrote: | No, no, don't, I repressed those memories and don't want them | to resurface! :D | ape4 wrote: | Are there Linux packages? I'd rather not compile from source | since you don't get updates. Thx. | nix23 wrote: | Yes, at least for Arch and Debian (the only two i searched for) ___________________________________________________________________ (page generated 2022-11-08 23:01 UTC)