redhat-config-securitylevel vs redhat-config-firewall?

Andy Green fedora at warmcat.com
Wed Oct 8 07:49:03 UTC 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 08 October 2003 01:36, Michal Jaegermann wrote:
> On Tue, Oct 07, 2003 at 08:23:20PM -0400, James Drabb wrote:
> > I totally agree, there is not a real need for sendmail on a
> > desktop PC.
>
> This carping on sendmail from different quarters is getting really
> boring.  Did you ever bother to check _how_ sendmail is configured
> by default, for a very long time now, and why?
>
> > Most desktop users will use Evolution, Mozilla Mail, KMail,
>
> I can assure that you will not catch me using any of these
> stinkers. But what _this_ has to do with the issue?

I think he meant to imply they will be using POP3.

>User-Agent: Mutt/1.2.5.1i

Hm.  Let he who is without stink cast the first aspersion.  Kmail is 
pretty neat, maybe you should check it out if you didn't look at it 
lately.

> > so there is no reason for a MTA.
>
> There are reasons.

Specifically, several things want to send email inside a system, for 
example cron.  I didn't know this for a long time and was surprised 
how nice it is to get mail from logwatch every morning allowing me to 
see free disc space, etc.  You can configure cron on other machines 
to send email (look in /etc/crontab) to your main workstation too, 
its like a daily heartbeat check.

This requires a working MTA, I remove sendmail (rpm -e sendmail) and 
install postfix on my machines, on the basis there has been a steady 
trickle of security advisories for sendmail and much less with 
postfix.  I'm not experienced enough to make a judgement between them 
other than that.

One other tip, you can improve security by using iptables to only let 
a given IP or range of IPs see your port 25 is open.  Particularly if 
you expect relay traffic from one specific server, everyone else in 
the world sees nothing back from touching it.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/g8FvjKeDCxMJCTIRAu9wAKCCSqwiu26mY8q/7rN5C1wSUWwdYwCeNSnS
UrIU32fggTAI6e5qSzqFG/4=
=nkAH
-----END PGP SIGNATURE-----

More information about the test mailing list