[49] in Hesiod
Re: anyone using hesiod for sendmail aliases?
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Fri Mar 22 19:03:33 1991
Date: Fri, 22 Mar 91 18:58:57 -0500
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
To: mfrost@xtort.pyramid.com
Cc: hesiod@ATHENA.MIT.EDU
In-Reply-To: Mark Frost's message of Thu, 21 Mar 91 17:23:22 -0800,
Reply-To: tytso@ATHENA.MIT.EDU
At project Athena, we've never bothered, because we've hacked our client
workstations' sendmail configuration to send all outgoing mail to a
central mailhub. This has the advantage that mail won't sit on an
(insecure) workstation for hours or days if a remote site is down. When
a user sends mail, the local sendmail immediately ships it off to our
mailhub, so the mail message only briefly touches the mqueue directory
on the workstation. This setup also has the advantage of not needing to
leave sendmail process running on the client workstation --- it's one
less daemon that's running on a workstation.
Because if this, we've never bothered to hack hesiod into sendmail ---
instead we maintain an aliases file on our mailhub, which is updated via
Moira every night.
If there's some reason that you want to hack sendmail to use hesiod
instead of an aliases file, it shouldn't be difficult modify sendmail to
do so. There are two problems I can see with doing this, though. First
of all, the amount of information which can be passed back via hesiod is
limited to around 900 bytes; this would be a severe problem if you have
large mailing lists. Secondly, hesiod is not authenticated --- someone
could fire DNS packets at your mailhub telling it that the aliases for
some mailing list is "|/bin/rm -rf /" and then where would you be? You
really need to think about such design issues before going off and
integrating hesiod into an application!
- Ted
P.S. Yes, there is a design for a Kerberos-authenticated DNS; however,
as far as I know, it's not in production use anywhere.
