an that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Reindl Harald h.reindl at thelounge.net
Mon Apr 21 07:42:46 UTC 2014


Am 21.04.2014 03:39, schrieb Lars Seipel:
> Nicely aligning with the current firewall thread I noticed that one of
> my machines was running the exim MTA for the last few days, dutifully
> listening on all interfaces

and now it is *proven for sure* that disable the firewall
by default is the most dumb thing a distribution can do

drago01 will now say again "that is a bug"
yes, in that case in *two* packages at the same time
but hwat matters is the impact of a bug

* smartmontools wanted sendmail instead MTA for sending sysmessages
* sendmail obviously has a braindead default configuration listening on all ports
* sendmail service is obviously enabled at install time even if smartmontools
  only need /usr/sbin/sendmail

all things i said that they are happening and will happen again and again
while they get fixed here and there - again and again - that's life

so you can run in circles and shout "that is a bug" which is
true and while you are fix it it brings people in trouble
or you have by default a security layer which hopefully does
not open port 25 automated because you install sendmail

the next problem: even if such a bug is fixed the affected users
keep to be fucked because the updated smartmontools only require
any MTA (which is correct) and so nothing will remove sendmail
on that machines nor close port 25 after a update of smartmontools

https://koji.fedoraproject.org/koji/buildinfo?buildID=511458
* Thu Apr 17 2014 Michal Hlavinka <mhlavink at redhat.com>
 - 1:6.2-5 - require /usr/sbin/sendmail as MTA is not provided by all packages (#1048618)
* Tue Apr 15 2014 Michal Hlavinka <mhlavink at redhat.com>
 - 1:6.2-4 - use MTA instead of sendmail as a requirement (#1048614)
* Thu Apr 10 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:6.2-3
 - add mail requires (#1048614)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140421/001263be/attachment.sig>


More information about the devel mailing list