[Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?
Florian Hubold
doktor5000 at arcor.de
Thu Sep 22 12:19:40 CEST 2011
Am 21.09.2011 20:59, schrieb Mjules:
> Le Wed, 21 Sep 2011 20:35:38 +0200,
> Florian Hubold<doktor5000 at arcor.de> a écrit :
>
>> Hello,
>>
>> during validation of validation of msec/sectool update candidates,
>> a problem showed up: https://bugs.mageia.org/show_bug.cgi?id=1621
>> Seems mailx (on behalf of msec) can't send mails to local user
>> accounts due to missing sendmail, citing one of the comments:
>>
>> https://bugs.mageia.org/show_bug.cgi?id=2255#c25
>> But sendmail (or alternative) is required for local delivery.
>> Try it out for yourself
>>
>> $ mailx -v -s "test mail" root
>> EOT
>> /usr/lib/sendmail: No such file or directory
>> "/home/derek/dead.letter" 9/214
>> . . . message not sent.
>>
>> This results in msec reports ending as /dead.letter and never being
>> sent to the user who was specified in msec configuraion or during
>> initial installation of Mageia.
>>
>> So i added a require on sendmail to msec. But sendmail conflicts
>> with vacation, and more importantly with postfix.
>> So how to solve this mess? Do we want the reports to not be sent
>> to some local user account, we can leave it like it is and i'll
>> remove the require on sendmail.
>>
>> But if we want security reports to be sent to local users if they
>> specify so, how to proceed further?
>>
> Hi,
>
> IIRC mailx don't do local delivery alone. If we want to allow local
> delivery but not require a full smtp server, we could use dma
> (DragonFly Mail Agent [1]) which is a lightweight alternative.
>
> It seems sendmail-command is a provide of most of smtp package so maybe
> you can add a require on it.
>
> regards
> Julien
>
> [1] https://gitorious.org/dma& http://svnweb.mageia.org/packages/cauldron/dma/
>
The main problem when adding sendmail-command (or another MTA) is
that at least every default installation of Mageia 1 will get an MTA installed.
The question is, do we really want to force this on our users?
As Luc Menut already mentioned, msec works fine without an MTA, and
that all reports should be available under /var/log/security.
Also his proposal to change default msec config to not send reports
by email sounds sensible. So if nobody objects, i'll remove the require
on sendmail-command and change default msec config.
More information about the Mageia-dev
mailing list