[OmniOS-discuss] OmniOS sendmail suitable for Internet mail hub?

John D Groenveld jdg117 at elvis.arl.psu.edu
Sun Feb 7 22:48:47 UTC 2016


In message <69F44698-1505-4321-BF7F-B51508B26C64 at omniti.com>, Dale Ghent writes
:
>Being on comcast's network who, like most consumer ISPs (outside of =
>business accounts) generally block port 25 in and out; which is why if =
>you're sending to a mail server, you should be using the MSP port anyway =
>(port 587) ... but this is something that the stock sendmail in OmniOS, =
>which comes straight out of illumos-gate, doesn't have configured by =
>default.

Great to read about nanny-grade ISPs who offer nanny-grade supervision
of their customers.

>Future plans and thoughts on MTAs in OmniOS specifically:
>
>You mentioned my mail, maybe you saw the one last night where I proposed =
>cutting sendmail out of illumos-gate entirely (in due time). Right now =
>my plans are to cease the inclusion and use of illumos-gate's sendmail =
>in OmniOS, and replace it with a small, lightweight MTA called DMA =
>(Dragonfly Mail Agent.) The only thing this will do is send mails to =
>either the local user's spool in /var/mail, or to a remote host via MX =
>record lookup or defined smarthost with TLS/SMTP-AUTH as an option. It =
>also does basic /etc/mail/aliases lookups and a outgoing queuing =
>ability. That's it, and a solution that I believe is suitable for /most/ =
>OmniOS use-cases (ie; 1 of many servers in a datacenter which never =
>accept incoming mail, but may send a lot to somewhere remotely.)

I'm all in favor of OmniOS and other Illumos-based distros using
smartly designed and implemented *BSD bits (Oracle is wisely migrating
from Darren Reed's IPF to OpenBSD PF for Solaris), but how is DMA
more secure than sendmail configured to only listen on localhost?

>This DMA package will be mediated under IPS, and provide the usual =
>/usr/lib/sendmail, /usr/sbin/sendmail, /usr/bin/mailq symlinks to =
>itself. The reason why these links will be mediated is because my plan =
>is to provide a better sendmail, also IPS-mediatetd, than is what on =
>current offer from illumos-gate. This sendmail will continue to have all =
>the SUN_* options enabled in the code, but it being freed from =
>illumos-gate means we can flush out additional features in it and track =
>newer versions faster. Because of the MTA mediation in IPS, one can even =
>implement other MTAs, such as postfix or opensmtpd or ... whatever your =
>heart wants.

That works for me.
Keep up the great work, OmniTI!

John
groenveld at acm.org


More information about the OmniOS-discuss mailing list