F20 - Unintended consequences of no default MTA - How best to fix

Robert Moskowitz rgm at htt-consult.com
Tue Dec 31 01:06:37 UTC 2013


On 12/30/2013 07:46 PM, Suvayu Ali wrote:
> Hi Chris,
>
> On Mon, Dec 30, 2013 at 01:20:04PM -0600, Chris Adams wrote:
>> Once upon a time, Robert Moskowitz <rgm at htt-consult.com> said:
>>> On 12/30/2013 01:34 PM, Kevin Fenzi wrote:
>>>> On Mon, 30 Dec 2013 13:24:07 -0500
>>>> Robert Moskowitz <rgm at htt-consult.com> wrote:
>>>> If you want logwatch or have cron jobs with output you wish, feel free
>>>> to install a MTA and configure it.
>>> been there done that.  Looking to follow the flow of no MTA.  See if
>>> it can be done.
>> Well, as it has been said, mailx is not an MTA, and it takes an MTA to
>> transfer mail (even locally, because it crosses privilege boundaries).
>> In the "old days", /bin/mail was setuid and could directly write
>> /var/mail, but there were security issues with that and it is no longer
>> supported (it also caused confusion when you actually had a local MTA
>> configured to smart-host to a remote server).
>>
>> If you want to handle mail in any fashion beyond using a client that
>> sends/receives via network protocols (IMAP/POP3 and SMTP to a remote
>> server, like mutt or Thunderbird), install an MTA.  IIRC, at least
>> Postfix and Sendmail will work for local mail handling (and not
>> listening on the network) in a default install, so "yum install <your
>> preferred MTA>" and you should be set.
> I was under the same impression, hence my original thread:
>
>    <https://lists.fedoraproject.org/pipermail/users/2013-December/443441.html>
>
> However I was told (by Frank) that it is possible using mailx.
>
>    <https://lists.fedoraproject.org/pipermail/users/2013-December/444265.html>
>    <https://lists.fedoraproject.org/pipermail/users/2013-December/444304.html>
>
> So now I'm completely lost as to what is possible and what is not.  For
> now I have sendmail installed, but if possible I would like to remove
> that (at least on my laptop).
>
> Hope that makes sense.  And thanks for any explanations.

I did search, and read your post and made responses before starting this 
thread.

I can see why the securities boundary issue means that a secure process 
with elevated privledges has to do the writing to /var/mail, and mailx 
does not run as such.  Thus we need a real MTA for this purpose and 
choose sendmail or postfix.




More information about the users mailing list