1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7C47A2.4040507%40arcor.de%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="008326.html">
<LINK REL="Next" HREF="008337.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1>
<B>Florian Hubold</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E7C47A2.4040507%40arcor.de%3E"
TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">doktor5000 at arcor.de
</A><BR>
<I>Fri Sep 23 10:47:30 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="008326.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI>Next message: <A HREF="008337.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#8334">[ date ]</a>
<a href="thread.html#8334">[ thread ]</a>
<a href="subject.html#8334">[ subject ]</a>
<a href="author.html#8334">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Am 22.09.2011 23:11, schrieb andre999:
><i> Florian Hubold a écrit :
</I>>><i> Am 22.09.2011 00:09, schrieb Luc Menut:
</I>>>><i> Le 21/09/2011 20:35, Florian Hubold a écrit :
</I>>>>><i> Hello,
</I>>>>><i>
</I>>>>><i> during validation of validation of msec/sectool update candidates,
</I>>>>><i> a problem showed up: <A HREF="https://bugs.mageia.org/show_bug.cgi?id=1621">https://bugs.mageia.org/show_bug.cgi?id=1621</A>
</I>>>><i> ...
</I>>>>><i> But if we want security reports to be sent to local users if they
</I>>>>><i> specify so, how to proceed further?
</I>>>><i>
</I>>>><i> msec can work very well without sending these reports by email; all
</I>>>><i> the security's reports are available in /var/log/security, and msec
</I>>>><i> notifies the user about this at each time it runs, so sendmail is
</I>>>><i> absolutely not mandatory.
</I>>>><i> So I think that msec shouldn't have a Requires on sendmail-command,
</I>>>><i> eventually it can be a Suggest.
</I>>>><i>
</I>>>><i> But perhaps we could/should change the configuration of msec to not
</I>>>><i> send email by default, by adding MAIL_WARN=no in
</I>>>><i> /etc/security/msec/security.conf.
</I>>>><i>
</I>>><i> So, to summarize, there happen to be multiple solutions here:
</I>>><i>
</I>>><i> 1. do NOT require an MTA, let users manually read reports from
</I>>><i> /var/log/security
</I>>><i> maybe even remove nail from msec Requires as it is currently
</I>>><i> non-functional.
</I>><i>
</I>><i> Reading from /var/log/security is not especially user-friendly, and will be
</I>><i> ignored by less savy users.
</I>Less savvy users might also not want to read security reports, also it would
mean they
can't interpret them properly or fix the cause of reported problems, no?
><i>
</I>>><i> Also Luc's proposal cited above could be realized.
</I>><i>
</I>><i> see below.
</I>><i>
</I>>><i> 2. do require sendmail-command, which will pose a problem to users
</I>>><i> installing from the CLI, because they are presented with a choice:
</I>>><i>
</I>>><i> One of the following packages is required:
</I>>><i> 1 dma
</I>>><i> 2 ssmtp
</I>>><i> 3 postfix
</I>>><i> 4 sendmail
</I>>><i> 5 msmtp
</I>>><i> Please make a selection:
</I>>><i>
</I>>><i> Additionally this will force an MTA onto every default installation and
</I>>><i> every
</I>>><i> installation that currently has msec installed.
</I>><i>
</I>><i> Solution 3 avoids the complication of choosing, with virtually no disadvantage.
</I>><i>
</I>>><i> 3. do require dma, which is a rather minimal MTA, and delivers without
</I>>><i> configuration
</I>>><i> Please see <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c36">https://bugs.mageia.org/show_bug.cgi?id=2255#c36</A> for details.
</I>>><i> This would also allow coexistence with an already-installed MTA, IIUC.
</I>><i>
</I>><i> (dragonfly mail agent)
</I>><i> If this works, I'd say that it is the best solution, since it is very compact
</I>><i> (64k), and virtually every system will have the DNS it requires installed.
</I>><i> (Unless of course they don't have Internet or network access. In which case
</I>><i> msec would not be particularly important.)
</I>><i> Note that it is only at version 0.2 (or 0.3 upstream), so we should test it
</I>><i> carefully.
</I>><i>
</I>>><i> 4. Try to fix nail, which is required by msec and so in every default
</I>>><i> installation,
</I>>><i> so that it is able to deliver mail by itself, without sendmail.
</I>><i>
</I>><i> Solution #3 seems much better in every respect.
</I>><i>
</I>>><i> Please give your votes.
</I>><i>
</I>><i> Solution 3, with changes/verifications noted below.
</I>><i> Since it is much simpler for the end-user to always have the capability to
</I>><i> send security alerts if an email address is entered, without installing
</I>><i> anything extra.
</I>><i>
</I>><i> There are 2 options at the bottom of the first security page of msec, which
</I>><i> should already realise Luc's proposals. They may have to be fixed.
</I>><i>
</I>><i> a) An option to send a security alert by email, where one enters the email
</I>><i> address. By default it is checked.
</I>><i> However, if no valid format email address is entered, an email should _not_
</I>><i> be sent.
</I>><i> As well, we should display something similar to
</I>><i> "(Enter {userid}@localhost for a local user.)",
</I>><i> to help ensure that the user enters a valid local address.
</I>><i> (Note that there are multi-line descriptions for all the other options above
</I>><i> on the same page, so this would fit nicely.)
</I>><i>
</I>><i> b) An option to display security alerts on the desktop. Again, checked by
</I>><i> default. They should probably remain visible until the user dismisses them.
</I>><i> (They currently display for a few seconds, then disappear.)
</I>><i>
</I>><i> My 2 cents :)
</I>><i>
</I>Feel free to send patches for a) and b).
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="008326.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI>Next message: <A HREF="008337.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#8334">[ date ]</a>
<a href="thread.html#8334">[ thread ]</a>
<a href="subject.html#8334">[ subject ]</a>
<a href="author.html#8334">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
