1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E8315CE.10406%40arcor.de%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="008332.html">
<LINK REL="Next" HREF="008476.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?</H1>
<B>Florian Hubold</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20%5BRFC%5D%20msec%20%28nail%29%20can%27t%20send%20reports%20to%20local%0A%20users%20accounts%20-%20require%20an%20MTA%3F&In-Reply-To=%3C4E8315CE.10406%40arcor.de%3E"
TITLE="[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?">doktor5000 at arcor.de
</A><BR>
<I>Wed Sep 28 14:40:46 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="008332.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI>Next message: <A HREF="008476.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#8475">[ date ]</a>
<a href="thread.html#8475">[ thread ]</a>
<a href="subject.html#8475">[ subject ]</a>
<a href="author.html#8475">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Am 22.09.2011 21:37, schrieb Florian Hubold:
><i> Am 22.09.2011 00:09, schrieb Luc Menut:
</I>>><i> Le 21/09/2011 20:35, Florian Hubold a écrit :
</I>>>><i> Hello,
</I>>>><i>
</I>>>><i> during validation of validation of msec/sectool update candidates,
</I>>>><i> a problem showed up: <A HREF="https://bugs.mageia.org/show_bug.cgi?id=1621">https://bugs.mageia.org/show_bug.cgi?id=1621</A>
</I>>><i> ...
</I>>>><i>
</I>>>><i> But if we want security reports to be sent to local users if they
</I>>>><i> specify so, how to proceed further?
</I>>>><i>
</I>>><i>
</I>>><i> msec can work very well without sending these reports by email; all the
</I>>><i> security's reports are available in /var/log/security, and msec notifies the
</I>>><i> user about this at each time it runs, so sendmail is absolutely not mandatory.
</I>>><i> So I think that msec shouldn't have a Requires on sendmail-command,
</I>>><i> eventually it can be a Suggest.
</I>>><i>
</I>>><i> But perhaps we could/should change the configuration of msec to not send
</I>>><i> email by default, by adding MAIL_WARN=no in /etc/security/msec/security.conf.
</I>>><i>
</I>>><i>
</I>><i> So, to summarize, there happen to be multiple solutions here:
</I>><i>
</I>><i>
</I>><i> 1. do NOT require an MTA, let users manually read reports from /var/log/security
</I>><i> maybe even remove nail from msec Requires as it is currently non-functional.
</I>><i> Also Luc's proposal cited above could be realized.
</I>><i>
</I>><i> 2. do require sendmail-command, which will pose a problem to users
</I>><i> installing from the CLI, because they are presented with a choice:
</I>><i>
</I>><i> One of the following packages is required:
</I>><i> 1 dma
</I>><i> 2 ssmtp
</I>><i> 3 postfix
</I>><i> 4 sendmail
</I>><i> 5 msmtp
</I>><i> Please make a selection:
</I>><i>
</I>><i> Additionally this will force an MTA onto every default installation and
</I>><i> every
</I>><i> installation that currently has msec installed.
</I>><i>
</I>><i> 3. do require dma, which is a rather minimal MTA, and delivers without
</I>><i> configuration
</I>><i> Please see <A HREF="https://bugs.mageia.org/show_bug.cgi?id=2255#c36">https://bugs.mageia.org/show_bug.cgi?id=2255#c36</A> for details.
</I>><i> This would also allow coexistence with an already-installed MTA, IIUC.
</I>><i>
</I>><i> 4. Try to fix nail, which is required by msec and so in every default
</I>><i> installation,
</I>><i> so that it is able to deliver mail by itself, without sendmail.
</I>><i>
</I>><i> Please give your votes.
</I>><i>
</I>><i>
</I>
After rereading the thread, i'm posting an excellent summary
from Derek Jennings, the original reporter of the msec/MTA issue:
Am 28.09.2011 11:14, schrieb Derek Jennings:
><i>
</I>><i> I seem to have sparked off quite a discussion on the dev list.
</I>><i>
</I>><i> Luc Menut made a very good point. If all these mails from msec started
</I>><i> being actually delivered instead of going into the bit bucket, then users
</I>><i> will be overwhelmed with emails they do not understand. As Claire
</I>><i> mentioned in a previous posting msec **always** finds something in error
</I>><i> which could alarm users. I can imagine the user forum being flooded with
</I>><i> alarmed posts.
</I>><i>
</I>><i> My own opinion is we should do both 1 and 3 in your list of options
</I>><i> 1/ Change the defaults in /etc/security/msec/level.* and
</I>><i> 3/ make dma a suggest for msec
</I>><i>
</I>><i> If these two changes were introduced as updates to Mageia 1 then the
</I>><i> consequences would I believe be.
</I>><i> a/ Users with default configuration :-
</I>><i>
</I>><i> Changing the defaults in /etc/security/msec/level.* will not affect an
</I>><i> existing installation unless they change their security level.
</I>><i>
</I>><i> Mail would go into /var/spool/mail/root instead of /root/dead.letter They
</I>><i> probably would still not see the mail because they are unlikely to know
</I>><i> how to configure another user to receive roots mail. The only change they
</I>><i> would notice is when logging in at a root console they would see a message
</I>><i> saying "You have new mail".
</I>><i>
</I>><i> b/ Users who have configured a real mail address in msec
</I>><i> Installing dma as a require will cause these mails to actually start being
</I>><i> delivered. Since the user has put the real mail address in the msec
</I>><i> configuration we have to assume they actually want the mails to be
</I>><i> delivered so that is a "good thing". If their ISP will only accept mail
</I>><i> from a real MTA as mentioned by Frank Griffin then the message will not be
</I>><i> delivered unless a relay host is defined in dma. Since they are already
</I>><i> not being delivered nothing will have changed.
</I>><i>
</I>><i> c/ New users of Mageia 2
</I>><i> Changing the defaults in /etc/security/msec/level.* will suppress emails
</I>><i> other than to those users who have specifically requested them.
</I>><i>
</I>><i>
</I>><i> Hope that helps
</I>><i>
</I>><i> Derek
</I>><i>
</I>><i>
</I>So if nobody objects or sees other problem with this, i'll modify
the defaults in /etc/security/msec/level.* to not send email by default
and making dma a suggest for msec.
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="008332.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI>Next message: <A HREF="008476.html">[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#8475">[ date ]</a>
<a href="thread.html#8475">[ thread ]</a>
<a href="subject.html#8475">[ subject ]</a>
<a href="author.html#8475">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
