Default-installed MTA (was Re: MTA virtual provides craziness)

Mon May 20 19:30:52 UTC 2013

On Thu, May 16, 2013 at 12:17 AM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
> On Wed, May 15, 2013 at 10:30 AM, Lennart Poettering
> <mzerqung at 0pointer.de> wrote:
>> On Wed, 15.05.13 09:08, Chris Adams (linux at cmadams.net) wrote:
>>
>>> Once upon a time, Dan Mashal <dan.mashal at gmail.com> said:
>>> > Sanity: Switching to postfix?
>>>
>>> That's a long-time sore point, but the general idea is that "sanity" is
>>> not switching desktops/non-mail-servers from one full-featured MTA to
>>> another.  The right move is to either remove a local MTA from the
>>> default install (which I think has been worked on), or switch to a
>>> light-weight daemon that is a local queue-and-forward mail handler.
>>>
>>> The downside of that would be that configuration of an upstream mail
>>> server (possibly requiring SSL and/or authentication) would be required
>>> for it to work, while sendmail/postfix/etc. can actually deliver
>>> messages (modulo other servers' spam filtering) in the default config.
>>
>> I am pretty sure that the big majority of mail servers on the internet
>> still accept mails from servers in this default mode.
>
> Look again. The recent defaults for postfix and sendmail accept mail
> from localhost only. It may actually be another MTA sending to
> localhost, but that's usually above and beyond the call of weirdness.
>
>> An unconfigured mail server doesn't really do anything good. And stuff
>> that needs configuration before being useful shouldn't be in the default
>> install.
>
> Except that it is configured. It accepts and delivers email locally,
> and accepts mail from other tools (such as Nagios, Hypermail, or
> nightly cron jobs) that expect to be able to send mail using the local
> daemon, by default.
>
>> I'd suggest that mdadm should do what cronie already does these days:
>> try to use sendmail if it's there and only then, and unconditionally log
>> things to syslog. This would the allow us to remove an SMTP server from
>> the default install, and everything would appear in the logs just
>> fine. And as soon as the admin decides to install a mail server and
>> configure it then he will get mails too.
>
> The convention now is to use /usr/lib/sendmail, which is an old, old
> hardcoded standard in a lot of software and which the
> "update-alternatives" tool activates for any installed SMTP server in
> Fedora's configurations. It works, and there is a *lot* of software
> that tacitly assumes a locally available SMTP server for error
> reporting.
>
>> That would allow people who want everything via logs to get everything
>> via logs. It would make our basic installed set smaller, and boot-up
>> faster. And people who want a mail server can just install one and
>> configure it and things will be magically hooked up with everything else.
>>
>> Lennart
>
> I suggest not, because in most cases reviewing syslogs requires local
> root privilege. Alert or warning emails are easily configured with
> aliases or "MAILTO" settings for cron jobs to go somewhere safer and
> less security sensitive, even somewhere offsite, with much less work.

by default all mail messages go to root which you need root
permissions to access them so it's not really an argument.

Peter