and that is why we need a firewall -> Re: When a yum update sets up an MTA ...

Reindl Harald h.reindl at thelounge.net
Mon Apr 21 11:02:31 UTC 2014



Am 21.04.2014 12:58, schrieb Mauricio Tavares:
> On Mon, Apr 21, 2014 at 3:42 AM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>
>> Am 21.04.2014 03:39, schrieb Lars Seipel:
>>> Nicely aligning with the current firewall thread I noticed that one of
>>> my machines was running the exim MTA for the last few days, dutifully
>>> listening on all interfaces
>>
>> and now it is *proven for sure* that disable the firewall
>> by default is the most dumb thing a distribution can do
>>
>> drago01 will now say again "that is a bug"
>> yes, in that case in *two* packages at the same time
>> but hwat matters is the impact of a bug
>>
>> * smartmontools wanted sendmail instead MTA for sending sysmessages
>> * sendmail obviously has a braindead default configuration listening on all ports
>> * sendmail service is obviously enabled at install time even if smartmontools
>>   only need /usr/sbin/sendmail
>>
>> all things i said that they are happening and will happen again and again
>> while they get fixed here and there - again and again - that's life
>>
>> so you can run in circles and shout "that is a bug" which is
>> true and while you are fix it it brings people in trouble
>> or you have by default a security layer which hopefully does
>> not open port 25 automated because you install sendmail
>>
>> the next problem: even if such a bug is fixed the affected users
>> keep to be fucked because the updated smartmontools only require
>> any MTA (which is correct) and so nothing will remove sendmail
>> on that machines nor close port 25 after a update of smartmontools
>>
> If all smartmontools need is to just send emails out, I would
> suggest using something like ssmtp or msmtp

which needs configuration
local mail-pickup don't

and no i am not interested in discussions who reads that mails
serious users / admins do after they realized existence and
after that also the mails from the past

but you missed the point: because such things can happen a OS must
not be shipped with a disabled firewall these days - period

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140421/3240359a/attachment.sig>


More information about the devel mailing list