F20 - Unintended consequences of no default MTA - How best to fix

Suvayu Ali fatkasuvayu+linux at gmail.com
Tue Dec 31 03:12:02 UTC 2013


On Tue, Dec 31, 2013 at 10:50:46AM +0800, Ed Greshko wrote:
> On 12/31/13 10:14, Suvayu Ali wrote:
> > On Mon, Dec 30, 2013 at 08:06:37PM -0500, Robert Moskowitz wrote:
> >> I can see why the securities boundary issue means that a secure process with
> >> elevated privledges has to do the writing to /var/mail, and mailx does not
> >> run as such.  Thus we need a real MTA for this purpose and choose sendmail
> >> or postfix.
> > All that is fine, and I follow the reasoning.  But saying mailx cannot
> > do the job is contradictory to Frank's experience in the original
> > thread.  I would like to know what is the bit that makes Frank's setup
> > work so that I can replicate it on my less powerful machines.
> >
> 
> First of all, let me reiterate one thing.  "sendmail" does not do
> local delivery by itself.  It relies on another program to do this.
> In the default configuration (sendmail.mc) on Fedora it is defined to
> use procmail for local delivery.
> 

Okay, makes sense.

> Now, if you (pl) would do a bit of man page reading you'd find in "man crond"....
> 
>        -m   This  option  allows  you  to  specify a shell command to use for
>               sending Cron mail output instead of using sendmail(8)  This  com‐
>               mand must accept a fully formatted mail message (with headers) on
>               standard input and send it as a mail message  to  the  recipients
>               specified  in the mail headers.  Specifying the string off (i.e.,
>               crond -m off) will disable the sending of mail.
> 
> So, you can edit /etc/sysconfig/crond to contain....
> 
> CRONDARGS=-m/bin/procmail
> 
> systemctl restart crond.service
> 
> Now, the only "problem" is that procmail cannot initially create files in /var/mail.  So, to get this to work you'll need to do, as root....
> 
> touch /var/mail/username
> chown username:mail /var/mail/username
> 
> I know this works with procmail but not sure about mailx.  You can certainly test.... 
> 
> So, you don't need sendmail.  procmail will do just fine.

Okay I follow, it seems what you propose should work.  However cron is
not the only thing that sends mail for me.  In my post it was just the
most frequent example.  For example, I want to receive mail from smartd
(particularly important!), denyhosts, ddclient, etc.  I would then have
to setup something like the above for all such use cases.

I guess it is simplest to just use an MTA.  Thanks for the response
though, I understand the system mail system better now.

And happy new year,

:)

-- 
Suvayu

Open source is the future. It sets us free.


More information about the users mailing list