On Tue, Dec 31, 2013 at 10:50:46AM +0800, Ed Greshko wrote:
On 12/31/13 10:14, Suvayu Ali wrote:
On Mon, Dec 30, 2013 at 08:06:37PM -0500, Robert Moskowitz wrote:
I can see why the securities boundary issue means that a secure process with elevated privledges has to do the writing to /var/mail, and mailx does not run as such. Thus we need a real MTA for this purpose and choose sendmail or postfix.
All that is fine, and I follow the reasoning. But saying mailx cannot do the job is contradictory to Frank's experience in the original thread. I would like to know what is the bit that makes Frank's setup work so that I can replicate it on my less powerful machines.
First of all, let me reiterate one thing. "sendmail" does not do local delivery by itself. It relies on another program to do this. In the default configuration (sendmail.mc) on Fedora it is defined to use procmail for local delivery.
Okay, makes sense.
Now, if you (pl) would do a bit of man page reading you'd find in "man crond"....
-m This option allows you to specify a shell command to use for sending Cron mail output instead of using sendmail(8) This com‐ mand must accept a fully formatted mail message (with headers) on standard input and send it as a mail message to the recipients specified in the mail headers. Specifying the string off (i.e., crond -m off) will disable the sending of mail.So, you can edit /etc/sysconfig/crond to contain....
CRONDARGS=-m/bin/procmail
systemctl restart crond.service
Now, the only "problem" is that procmail cannot initially create files in /var/mail. So, to get this to work you'll need to do, as root....
touch /var/mail/username chown username:mail /var/mail/username
I know this works with procmail but not sure about mailx. You can certainly test....
So, you don't need sendmail. procmail will do just fine.
Okay I follow, it seems what you propose should work. However cron is not the only thing that sends mail for me. In my post it was just the most frequent example. For example, I want to receive mail from smartd (particularly important!), denyhosts, ddclient, etc. I would then have to setup something like the above for all such use cases.
I guess it is simplest to just use an MTA. Thanks for the response though, I understand the system mail system better now.
And happy new year,
:)