Default-installed MTA (was Re: MTA virtual provides craziness)

Wed May 15 23:17:37 UTC 2013

On Wed, May 15, 2013 at 10:30 AM, Lennart Poettering
<mzerqung at 0pointer.de> wrote:
> On Wed, 15.05.13 09:08, Chris Adams (linux at cmadams.net) wrote:
>
>> Once upon a time, Dan Mashal <dan.mashal at gmail.com> said:
>> > Sanity: Switching to postfix?
>>
>> That's a long-time sore point, but the general idea is that "sanity" is
>> not switching desktops/non-mail-servers from one full-featured MTA to
>> another.  The right move is to either remove a local MTA from the
>> default install (which I think has been worked on), or switch to a
>> light-weight daemon that is a local queue-and-forward mail handler.
>>
>> The downside of that would be that configuration of an upstream mail
>> server (possibly requiring SSL and/or authentication) would be required
>> for it to work, while sendmail/postfix/etc. can actually deliver
>> messages (modulo other servers' spam filtering) in the default config.
>
> I am pretty sure that the big majority of mail servers on the internet
> still accept mails from servers in this default mode.

Look again. The recent defaults for postfix and sendmail accept mail
from localhost only. It may actually be another MTA sending to
localhost, but that's usually above and beyond the call of weirdness.

> An unconfigured mail server doesn't really do anything good. And stuff
> that needs configuration before being useful shouldn't be in the default
> install.

Except that it is configured. It accepts and delivers email locally,
and accepts mail from other tools (such as Nagios, Hypermail, or
nightly cron jobs) that expect to be able to send mail using the local
daemon, by default.

> I'd suggest that mdadm should do what cronie already does these days:
> try to use sendmail if it's there and only then, and unconditionally log
> things to syslog. This would the allow us to remove an SMTP server from
> the default install, and everything would appear in the logs just
> fine. And as soon as the admin decides to install a mail server and
> configure it then he will get mails too.

The convention now is to use /usr/lib/sendmail, which is an old, old
hardcoded standard in a lot of software and which the
"update-alternatives" tool activates for any installed SMTP server in
Fedora's configurations. It works, and there is a *lot* of software
that tacitly assumes a locally available SMTP server for error
reporting.

> That would allow people who want everything via logs to get everything
> via logs. It would make our basic installed set smaller, and boot-up
> faster. And people who want a mail server can just install one and
> configure it and things will be magically hooked up with everything else.
>
> Lennart

I suggest not, because in most cases reviewing syslogs requires local
root privilege. Alert or warning emails are easily configured with
aliases or "MAILTO" settings for cron jobs to go somewhere safer and
less security sensitive, even somewhere offsite, with much less work.