diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-October/008744.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-October/008744.html | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-October/008744.html b/zarb-ml/mageia-dev/2011-October/008744.html new file mode 100644 index 000000000..485d989e4 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-October/008744.html @@ -0,0 +1,176 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E940AAE.402%40laposte.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008726.html"> + <LINK REL="Next" HREF="008773.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1> + <B>andre999</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E940AAE.402%40laposte.net%3E" + TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">andre999mga at laposte.net + </A><BR> + <I>Tue Oct 11 11:21:50 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="008726.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008773.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8744">[ date ]</a> + <a href="thread.html#8744">[ thread ]</a> + <a href="subject.html#8744">[ subject ]</a> + <a href="author.html#8744">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Florian Hubold a écrit : +><i> Am 28.09.2011 14:40, schrieb Florian Hubold: +</I>>><i> Am 22.09.2011 21:37, schrieb Florian Hubold: +</I>>>><i> Am 22.09.2011 00:09, schrieb Luc Menut: +</I>>>><i> My own opinion is we should do both 1 and 3 in your list of options +</I>>>><i> 1/ Change the defaults in /etc/security/msec/level.* and +</I>>>><i> 3/ make dma a suggest for msec +</I>>>><i> +</I>>>><i> If these two changes were introduced as updates to Mageia 1 then the +</I>>>><i> consequences would I believe be. +</I>>>><i> a/ Users with default configuration :- +</I>>>><i> +</I>>>><i> Changing the defaults in /etc/security/msec/level.* will not affect an +</I>>>><i> existing installation unless they change their security level. +</I>>>><i> +</I>>>><i> Mail would go into /var/spool/mail/root instead of +</I>>>><i> /root/dead.letter They +</I>>>><i> probably would still not see the mail because they are unlikely to know +</I>>>><i> how to configure another user to receive roots mail. The only change +</I>>>><i> they +</I>>>><i> would notice is when logging in at a root console they would see a +</I>>>><i> message +</I>>>><i> saying "You have new mail". +</I>>>><i> +</I>>>><i> b/ Users who have configured a real mail address in msec +</I>>>><i> Installing dma as a require will cause these mails to actually start +</I>>>><i> being +</I>>>><i> delivered. Since the user has put the real mail address in the msec +</I>>>><i> configuration we have to assume they actually want the mails to be +</I>>>><i> delivered so that is a "good thing". If their ISP will only accept +</I>>>><i> mail +</I>>>><i> from a real MTA as mentioned by Frank Griffin then the message +</I>>>><i> will not be +</I>>>><i> delivered unless a relay host is defined in dma. Since they are already +</I>>>><i> not being delivered nothing will have changed. +</I>>>><i> +</I>>>><i> c/ New users of Mageia 2 +</I>>>><i> Changing the defaults in /etc/security/msec/level.* will suppress +</I>>>><i> emails +</I>>>><i> other than to those users who have specifically requested them. +</I>>>><i> +</I>>>><i> +</I>>>><i> Hope that helps +</I>>>><i> +</I>>>><i> Derek +</I>>>><i> +</I>>>><i> +</I>>><i> So if nobody objects or sees other problem with this, i'll modify +</I>>><i> the defaults in /etc/security/msec/level.* to not send email by default +</I>>><i> and making dma a suggest for msec. +</I>>><i> +</I>><i> This poses another problem: +</I>><i> +</I>><i> On a default configuration, we would enable sending reports by +</I>><i> installing dma with +</I>><i> the msec update, but also disable sending of all reports by changing +</I>><i> the default settings, +</I>><i> which will apply for everybody who has not run msec-gui or configured +</I>><i> msec manually. +</I>><i> So this change would be quite antipodal. +</I>><i> +</I>><i> I'm for not changing the default to send mail to root, as this would +</I>><i> enable sending of +</I>><i> reports on default configurations, and change nothing for +</I>><i> configurations where people +</I>><i> want those reports sent by mail. +</I>><i> +</I>><i> Opinions, please? +</I> +Option 1 disables sending reports by default. +Option 3 ensures that if the user decides to enable sending reports, +everything needed to send reports locally is already installed. +Considering that dma is only adds 64 k, and yields gracefully if another +MTA is installed, that is not a big overhead. + +However note that ignored messages quickly accumulate and will end up +occupying a lot of disk space, which would be problematic after a while +for users with limited space on their / partition. +Because of this, I would suggest another change : +(maybe call it option 1+ ?) +1) No default destination. (It is now MAIL_USER=root for all security +levels.) +and +2) To make this effective, msec will have to be changed so that if there +is no email adresse (or userid) is entered, then no email is sent, even +if sending is inadvertantly enabled. + +I've tested msec, and if +1) sending a security alert is enabled, and +2) there is no default defined (stored as MAIL_USER= in +/etc/security/msec/level.*), and +3) there is an empty send-to field (stored as MAIL_USER= in +/etc/security/msec/security.conf), +an email is now sent to root. + +It may be that msec is sending the email without an addressee, and it is +automatically routed it to root by my MTA (sendmail). + +This change should be relatively simple to implement (once we find the +place in the code), as instead of sending an alert email to a default +destination (root) if the user hasn't entered one, the alert is simply +not sent. + +my 2 cents :-) + +-- +André + +</PRE> + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008726.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008773.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8744">[ date ]</a> + <a href="thread.html#8744">[ thread ]</a> + <a href="subject.html#8744">[ subject ]</a> + <a href="author.html#8744">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |