diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-October/008773.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-October/008773.html | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-October/008773.html b/zarb-ml/mageia-dev/2011-October/008773.html new file mode 100644 index 000000000..547622b77 --- /dev/null +++ b/zarb-ml/mageia-dev/2011-October/008773.html @@ -0,0 +1,168 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E957049.3030005%40arcor.de%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008744.html"> + <LINK REL="Next" HREF="008892.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1> + <B>Florian Hubold</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E957049.3030005%40arcor.de%3E" + TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">doktor5000 at arcor.de + </A><BR> + <I>Wed Oct 12 12:47:37 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="008744.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008892.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8773">[ date ]</a> + <a href="thread.html#8773">[ thread ]</a> + <a href="subject.html#8773">[ subject ]</a> + <a href="author.html#8773">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Am 11.10.2011 11:21, schrieb andre999: +><i> Florian Hubold a écrit : +</I>>><i> Am 28.09.2011 14:40, schrieb Florian Hubold: +</I>>>><i> Am 22.09.2011 21:37, schrieb Florian Hubold: +</I>>>>><i> Am 22.09.2011 00:09, schrieb Luc Menut: +</I>>>>><i> My own opinion is we should do both 1 and 3 in your list of options +</I>>>>><i> 1/ Change the defaults in /etc/security/msec/level.* and +</I>>>>><i> 3/ make dma a suggest for msec +</I>>>>><i> +</I>>>>><i> If these two changes were introduced as updates to Mageia 1 then the +</I>>>>><i> consequences would I believe be. +</I>>>>><i> a/ Users with default configuration :- +</I>>>>><i> +</I>>>>><i> Changing the defaults in /etc/security/msec/level.* will not affect an +</I>>>>><i> existing installation unless they change their security level. +</I>>>>><i> +</I>>>>><i> Mail would go into /var/spool/mail/root instead of /root/dead.letter They +</I>>>>><i> probably would still not see the mail because they are unlikely to know +</I>>>>><i> how to configure another user to receive roots mail. The only change they +</I>>>>><i> would notice is when logging in at a root console they would see a message +</I>>>>><i> saying "You have new mail". +</I>>>>><i> +</I>>>>><i> b/ Users who have configured a real mail address in msec +</I>>>>><i> Installing dma as a require will cause these mails to actually start being +</I>>>>><i> delivered. Since the user has put the real mail address in the msec +</I>>>>><i> configuration we have to assume they actually want the mails to be +</I>>>>><i> delivered so that is a "good thing". If their ISP will only accept mail +</I>>>>><i> from a real MTA as mentioned by Frank Griffin then the message will not be +</I>>>>><i> delivered unless a relay host is defined in dma. Since they are already +</I>>>>><i> not being delivered nothing will have changed. +</I>>>>><i> +</I>>>>><i> c/ New users of Mageia 2 +</I>>>>><i> Changing the defaults in /etc/security/msec/level.* will suppress emails +</I>>>>><i> other than to those users who have specifically requested them. +</I>>>>><i> +</I>>>>><i> +</I>>>>><i> Hope that helps +</I>>>>><i> +</I>>>>><i> Derek +</I>>>>><i> +</I>>>>><i> +</I>>>><i> So if nobody objects or sees other problem with this, i'll modify +</I>>>><i> the defaults in /etc/security/msec/level.* to not send email by default +</I>>>><i> and making dma a suggest for msec. +</I>>>><i> +</I>>><i> This poses another problem: +</I>>><i> +</I>>><i> On a default configuration, we would enable sending reports by installing +</I>>><i> dma with +</I>>><i> the msec update, but also disable sending of all reports by changing the +</I>>><i> default settings, +</I>>><i> which will apply for everybody who has not run msec-gui or configured msec +</I>>><i> manually. +</I>>><i> So this change would be quite antipodal. +</I>>><i> +</I>>><i> I'm for not changing the default to send mail to root, as this would enable +</I>>><i> sending of +</I>>><i> reports on default configurations, and change nothing for configurations +</I>>><i> where people +</I>>><i> want those reports sent by mail. +</I>>><i> +</I>>><i> Opinions, please? +</I>><i> +</I>><i> Option 1 disables sending reports by default. +</I>><i> Option 3 ensures that if the user decides to enable sending reports, +</I>><i> everything needed to send reports locally is already installed. +</I>><i> Considering that dma is only adds 64 k, and yields gracefully if another MTA +</I>><i> is installed, that is not a big overhead. +</I>><i> +</I>><i> However note that ignored messages quickly accumulate and will end up +</I>><i> occupying a lot of disk space, which would be problematic after a while for +</I>><i> users with limited space on their / partition. +</I>><i> Because of this, I would suggest another change : +</I>><i> (maybe call it option 1+ ?) +</I>><i> 1) No default destination. (It is now MAIL_USER=root for all security levels.) +</I>><i> and +</I>><i> 2) To make this effective, msec will have to be changed so that if there is +</I>><i> no email adresse (or userid) is entered, then no email is sent, even if +</I>><i> sending is inadvertantly enabled. +</I>><i> +</I>><i> I've tested msec, and if +</I>><i> 1) sending a security alert is enabled, and +</I>><i> 2) there is no default defined (stored as MAIL_USER= in +</I>><i> /etc/security/msec/level.*), and +</I>><i> 3) there is an empty send-to field (stored as MAIL_USER= in +</I>><i> /etc/security/msec/security.conf), +</I>><i> an email is now sent to root. +</I>><i> +</I>><i> It may be that msec is sending the email without an addressee, and it is +</I>><i> automatically routed it to root by my MTA (sendmail). +</I>><i> +</I>><i> This change should be relatively simple to implement (once we find the place +</I>><i> in the code), as instead of sending an alert email to a default destination +</I>><i> (root) if the user hasn't entered one, the alert is simply not sent. +</I>><i> +</I>><i> my 2 cents :-) +</I>><i> +</I>This sounds like a rather big change for a purely bugfix update, because it +would also need changes in msec code. +Any other opinions on this? +</PRE> + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008744.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008892.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8773">[ date ]</a> + <a href="thread.html#8773">[ thread ]</a> + <a href="subject.html#8773">[ subject ]</a> + <a href="author.html#8773">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |