F20 - Unintended consequences of no default MTA - How best to fix
fatkasuvayu+linux at gmail.com
Tue Dec 31 03:12:02 UTC 2013
On Tue, Dec 31, 2013 at 10:50:46AM +0800, Ed Greshko wrote:
> On 12/31/13 10:14, Suvayu Ali wrote:
> > On Mon, Dec 30, 2013 at 08:06:37PM -0500, Robert Moskowitz wrote:
> >> I can see why the securities boundary issue means that a secure process with
> >> elevated privledges has to do the writing to /var/mail, and mailx does not
> >> run as such. Thus we need a real MTA for this purpose and choose sendmail
> >> or postfix.
> > All that is fine, and I follow the reasoning. But saying mailx cannot
> > do the job is contradictory to Frank's experience in the original
> > thread. I would like to know what is the bit that makes Frank's setup
> > work so that I can replicate it on my less powerful machines.
> First of all, let me reiterate one thing. "sendmail" does not do
> local delivery by itself. It relies on another program to do this.
> In the default configuration (sendmail.mc) on Fedora it is defined to
> use procmail for local delivery.
Okay, makes sense.
> Now, if you (pl) would do a bit of man page reading you'd find in "man crond"....
> -m This option allows you to specify a shell command to use for
> sending Cron mail output instead of using sendmail(8) This com‐
> mand must accept a fully formatted mail message (with headers) on
> standard input and send it as a mail message to the recipients
> specified in the mail headers. Specifying the string off (i.e.,
> crond -m off) will disable the sending of mail.
> So, you can edit /etc/sysconfig/crond to contain....
> systemctl restart crond.service
> Now, the only "problem" is that procmail cannot initially create files in /var/mail. So, to get this to work you'll need to do, as root....
> touch /var/mail/username
> chown username:mail /var/mail/username
> I know this works with procmail but not sure about mailx. You can certainly test....
> So, you don't need sendmail. procmail will do just fine.
Okay I follow, it seems what you propose should work. However cron is
not the only thing that sends mail for me. In my post it was just the
most frequent example. For example, I want to receive mail from smartd
(particularly important!), denyhosts, ddclient, etc. I would then have
to setup something like the above for all such use cases.
I guess it is simplest to just use an MTA. Thanks for the response
though, I understand the system mail system better now.
And happy new year,
Open source is the future. It sets us free.
More information about the users