Differential D36950
disable sendmail with variables specified in rc.sendmail(8) Authored by john.grafton_runbox.com on Oct 12 2022, 3:29 PM. Tags None Referenced Files
Subscribers
Details
According to the rc.sendmail(8) man page under sendmail_enable: Yet the hardening menu of bsdinstall uses the NONE option to disable sendmail. This change updates bsdinstall to use the documented method for disabling sendmail. Execute patched bsdinstall and select disable sendmail in the hardening menu. /etc/rc.conf should reflect disabled sendmail options specified in rc.sendmail(8)
Diff Detail
Event TimelineComment Actions At this point in time, it might be easier to revert d87e0e8e230495df3be59a8a5c173aafc83bc450 😓 Comment Actions I concur. This change is from 2002, and the commit message only gives "new rcNG effort" as the justification, which is most probably irrelevant 20 years after (whatever "rcNG effort" means and whether it completed or not). More generally, having a single knob to deactivate sendmail completely is useful as long as Sendmail is shipped in base (barring custom builds and installs, obviously). Even if the NONE case is removed, the Sendmail's rc variables would arguably still not comply with the usual practice. The sendmail_enable knob gives the impression that all functionality related to Sendmail can be controled at once, as is the case for other programs. Comment Actions Honestly, I don't have an opinion on whether the documentation or code should be changed. I'd just like the one of them changed so bsdinstall doesn't configure rc.conf in a way that is specifically called out as deprecated. In the past, I've been confused why a newly installed system used sendmail_enable=NONE when the documentation explicitly states it's not supported. Thus why I picked up the bug report and submitted a patch. :) FWIW: Bastille disables sendmail with the four rc configuration options described in rc.sendmail(8) in its base template: |