diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2011-September/008475.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2011-September/008475.html | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2011-September/008475.html b/zarb-ml/mageia-dev/2011-September/008475.html new file mode 100644 index 000000000..ffd24918b --- /dev/null +++ b/zarb-ml/mageia-dev/2011-September/008475.html @@ -0,0 +1,173 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E8315CE.10406%40arcor.de%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008332.html"> + <LINK REL="Next" HREF="008476.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1> + <B>Florian Hubold</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E8315CE.10406%40arcor.de%3E" + TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">doktor5000 at arcor.de + </A><BR> + <I>Wed Sep 28 14:40:46 CEST 2011</I> + <P><UL> + <LI>Previous message: <A HREF="008332.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008476.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8475">[ date ]</a> + <a href="thread.html#8475">[ thread ]</a> + <a href="subject.html#8475">[ subject ]</a> + <a href="author.html#8475">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Am 22.09.2011 21:37, schrieb Florian Hubold: +><i> Am 22.09.2011 00:09, schrieb Luc Menut: +</I>>><i> Le 21/09/2011 20:35, Florian Hubold a écrit : +</I>>>><i> Hello, +</I>>>><i> +</I>>>><i> during validation of validation of msec/sectool update candidates, +</I>>>><i> a problem showed up: <A HREF="https://bugs.mageia.org/show_bug.cgi?id=1621">https://bugs.mageia.org/show_bug.cgi?id=1621</A> +</I>>><i> ... +</I>>>><i> +</I>>>><i> But if we want security reports to be sent to local users if they +</I>>>><i> specify so, how to proceed further? +</I>>>><i> +</I>>><i> +</I>>><i> msec can work very well without sending these reports by email; all the +</I>>><i> security's reports are available in /var/log/security, and msec notifies the +</I>>><i> user about this at each time it runs, so sendmail is absolutely not mandatory. +</I>>><i> So I think that msec shouldn't have a Requires on sendmail-command, +</I>>><i> eventually it can be a Suggest. +</I>>><i> +</I>>><i> But perhaps we could/should change the configuration of msec to not send +</I>>><i> email by default, by adding MAIL_WARN=no in /etc/security/msec/security.conf. +</I>>><i> +</I>>><i> +</I>><i> So, to summarize, there happen to be multiple solutions here: +</I>><i> +</I>><i> +</I>><i> 1. do NOT require an MTA, let users manually read reports from /var/log/security +</I>><i> maybe even remove nail from msec Requires as it is currently non-functional. +</I>><i> Also Luc's proposal cited above could be realized. +</I>><i> +</I>><i> 2. do require sendmail-command, which will pose a problem to users +</I>><i> installing from the CLI, because they are presented with a choice: +</I>><i> +</I>><i> One of the following packages is required: +</I>><i> 1 dma +</I>><i> 2 ssmtp +</I>><i> 3 postfix +</I>><i> 4 sendmail +</I>><i> 5 msmtp +</I>><i> Please make a selection: +</I>><i> +</I>><i> Additionally this will force an MTA onto every default installation and +</I>><i> every +</I>><i> installation that currently has msec installed. +</I>><i> +</I>><i> 3. do require dma, which is a rather minimal MTA, and delivers without +</I>><i> configuration +</I>><i> Please see <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c36">https://bugs.mageia.org/show_bug.cgi?id=2255#c36</A> for details. +</I>><i> This would also allow coexistence with an already-installed MTA, IIUC. +</I>><i> +</I>><i> 4. Try to fix nail, which is required by msec and so in every default +</I>><i> installation, +</I>><i> so that it is able to deliver mail by itself, without sendmail. +</I>><i> +</I>><i> Please give your votes. +</I>><i> +</I>><i> +</I> +After rereading the thread, i'm posting an excellent summary +from Derek Jennings, the original reporter of the msec/MTA issue: + +Am 28.09.2011 11:14, schrieb Derek Jennings: +><i> +</I>><i> I seem to have sparked off quite a discussion on the dev list. +</I>><i> +</I>><i> Luc Menut made a very good point. If all these mails from msec started +</I>><i> being actually delivered instead of going into the bit bucket, then users +</I>><i> will be overwhelmed with emails they do not understand. As Claire +</I>><i> mentioned in a previous posting msec **always** finds something in error +</I>><i> which could alarm users. I can imagine the user forum being flooded with +</I>><i> alarmed posts. +</I>><i> +</I>><i> My own opinion is we should do both 1 and 3 in your list of options +</I>><i> 1/ Change the defaults in /etc/security/msec/level.* and +</I>><i> 3/ make dma a suggest for msec +</I>><i> +</I>><i> If these two changes were introduced as updates to Mageia 1 then the +</I>><i> consequences would I believe be. +</I>><i> a/ Users with default configuration :- +</I>><i> +</I>><i> Changing the defaults in /etc/security/msec/level.* will not affect an +</I>><i> existing installation unless they change their security level. +</I>><i> +</I>><i> Mail would go into /var/spool/mail/root instead of /root/dead.letter They +</I>><i> probably would still not see the mail because they are unlikely to know +</I>><i> how to configure another user to receive roots mail. The only change they +</I>><i> would notice is when logging in at a root console they would see a message +</I>><i> saying "You have new mail". +</I>><i> +</I>><i> b/ Users who have configured a real mail address in msec +</I>><i> Installing dma as a require will cause these mails to actually start being +</I>><i> delivered. Since the user has put the real mail address in the msec +</I>><i> configuration we have to assume they actually want the mails to be +</I>><i> delivered so that is a "good thing". If their ISP will only accept mail +</I>><i> from a real MTA as mentioned by Frank Griffin then the message will not be +</I>><i> delivered unless a relay host is defined in dma. Since they are already +</I>><i> not being delivered nothing will have changed. +</I>><i> +</I>><i> c/ New users of Mageia 2 +</I>><i> Changing the defaults in /etc/security/msec/level.* will suppress emails +</I>><i> other than to those users who have specifically requested them. +</I>><i> +</I>><i> +</I>><i> Hope that helps +</I>><i> +</I>><i> Derek +</I>><i> +</I>><i> +</I>So if nobody objects or sees other problem with this, i'll modify +the defaults in /etc/security/msec/level.* to not send email by default +and making dma a suggest for msec. +</PRE> + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008332.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI>Next message: <A HREF="008476.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8475">[ date ]</a> + <a href="thread.html#8475">[ thread ]</a> + <a href="subject.html#8475">[ subject ]</a> + <a href="author.html#8475">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |