None of the Above (was Re: Sendmail still default?)
Les Mikesell
lesmikesell at gmail.com
Tue Oct 21 17:09:41 UTC 2008
Bill Nottingham wrote:
>>>> Which is why mail is a sensible delivery mechanism. It already knows
>>>> how to deliver elsewhere if you want.
>>> With built-in mechanisms to allow for easy spoofing of critical events
>>> to the user from anyone on the internet, no less!
>> I'm surprised you are able to do that with fedora's default mail
>> configuration that only accepts from localhost... Perhaps you should
>> let us in on the secret.
>
> ????
>
> We're talking about arbitrary mail delivery. It could be forwarded
> to any e-mail account, anywhere. (After all, that's what you're asking
> for with redirection of root e-mail.) Ergo, anyone with knowledge of
> 1) your e-mail address 2) your machine could send you a spoof/phishing/etc.
But that's true whether or not you use it yourself. And it is
relatively difficult to spoof the originating host IP since it is
recorded by the receiving server.
>>> Should the information be sent via e-mail to an adminstrator, and
>>> stored for later viewing in general? Yes. Does that mean e-mail is
>>> the best mechanism for presenting it? No.
>> If you have a bad email mechanism, fix that problem.
>
> I think attempting to have all cron/alert/whatever mail gpg-signed
> with a host-specific key would be waaaaaaaaaaaay overkill.
The value of unix-like systems is that they provide the user with a
standard toolbox to be used in an appropriate way for any situation.
Good working defaults are just a plus - the tools, and the fact that
they follow standards, are the critical part.
--
Les Mikesell
lesmikesell at gmail.com
More information about the devel
mailing list