F20 - Unintended consequences of no default MTA - How best to fix
rgm at htt-consult.com
Tue Dec 31 01:06:37 UTC 2013
On 12/30/2013 07:46 PM, Suvayu Ali wrote:
> Hi Chris,
> On Mon, Dec 30, 2013 at 01:20:04PM -0600, Chris Adams wrote:
>> Once upon a time, Robert Moskowitz <rgm at htt-consult.com> said:
>>> On 12/30/2013 01:34 PM, Kevin Fenzi wrote:
>>>> On Mon, 30 Dec 2013 13:24:07 -0500
>>>> Robert Moskowitz <rgm at htt-consult.com> wrote:
>>>> If you want logwatch or have cron jobs with output you wish, feel free
>>>> to install a MTA and configure it.
>>> been there done that. Looking to follow the flow of no MTA. See if
>>> it can be done.
>> Well, as it has been said, mailx is not an MTA, and it takes an MTA to
>> transfer mail (even locally, because it crosses privilege boundaries).
>> In the "old days", /bin/mail was setuid and could directly write
>> /var/mail, but there were security issues with that and it is no longer
>> supported (it also caused confusion when you actually had a local MTA
>> configured to smart-host to a remote server).
>> If you want to handle mail in any fashion beyond using a client that
>> sends/receives via network protocols (IMAP/POP3 and SMTP to a remote
>> server, like mutt or Thunderbird), install an MTA. IIRC, at least
>> Postfix and Sendmail will work for local mail handling (and not
>> listening on the network) in a default install, so "yum install <your
>> preferred MTA>" and you should be set.
> I was under the same impression, hence my original thread:
> However I was told (by Frank) that it is possible using mailx.
> So now I'm completely lost as to what is possible and what is not. For
> now I have sendmail installed, but if possible I would like to remove
> that (at least on my laptop).
> Hope that makes sense. And thanks for any explanations.
I did search, and read your post and made responses before starting this
I can see why the securities boundary issue means that a secure process
with elevated privledges has to do the writing to /var/mail, and mailx
does not run as such. Thus we need a real MTA for this purpose and
choose sendmail or postfix.
More information about the users