[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Making mail-transport-agent Priority: optional

Hi there!

On Thu, 13 Oct 2011 05:34:52 +0200, Josh Triplett wrote:
> Bjørn Mork wrote:
>> Josh Triplett <josh@joshtriplett.org> writes:
>>>  Have I missed any important points?
>> You forgot to explain the upside, reason, why, gain, whatever.
> Re-reading my original mail, you're right, I do seem to have missed
> covering that point explicitly.  Thanks. :)
> The main reasons to stop having an MTA in standard:
> - Starting a daemon at boot time, which slows down booting.  This led me
>   to notice the problem in Debian Live: it took a non-trivial amount of
>   time for the boot process to finish starting exim and move on.

I experienced the same in the past on non-live Debian systems, but IIRC
only when there was no network connection, is this a bug in exim?

> - Listening on ports by default, which exposes the system to any
>   potential vulnerabilities, as well as potentially allowing the sending
>   of spam.  I've checked, and out of all the packages with priority
>   standard or above, only exim and isc-dhcp-client listen on ports by
>   default.  Removing an MTA significantly reduces the attack surface of
>   a default Debian system.

On a tasksel's "standard" squeeze, by default exim listens only to port
25 (both IPv4 and IPv6) and for local connections, so no external
connections are allowed:
root@debian:~# debconf-show exim4-config
  exim4/dc_other_hostnames: debian
  exim4/dc_eximconfig_configtype: local delivery only; not on a network
  exim4/no_config: true
  exim4/dc_postmaster: rescue
  exim4/mailname: debian
  exim4/use_split_config: false
  exim4/dc_localdelivery: mbox format in /var/mail/
  exim4/dc_local_interfaces: ; ::1
  exim4/dc_minimaldns: false

And BTW it seems you missed portmap and rpc.statd/nfs-common in your
list of packages with priority standard ;-)

FWIW, on a tasksel's "desktop" squeeze there is only one more daemon
listening by default: it is cupsd, again only for local connections.

> - Asking configuration questions via debconf at install time, which
>   increases the amount of work and complexity required to install
>   Debian.

Which "install time" are you referring to?  During a squeeze
installation there are no questions asked about the MTA, either with
tasksel's "standard" or "graphical system" choices.

>   For most users, these questions will duplicate the process
>   they later go through to configure their MUA.

. o O (simply because these MUAs do not use the local sendmail)

> - Taking time to download and install, which increases the time and
>   bandwidth needed to install or upgrade a Debian system.
> - Taking up space on disk, as with any other package installed but not used.

Actually, in a clean and up-to-date sid chroot I think ~9MB for
exim4-daemon-lightz2 or postfix (including dependencies) is way less
than other crap you get because of Recommends: on by default:
(sid)root@gismo:/# apt-get install exim4-daemon-light
The following NEW packages will be installed:
  adduser cron exim4-base exim4-config exim4-daemon-light libgcrypt11
  libgnutls26 libgpg-error0 libp11-kit0 libpcre3 libtasn1-3 netbase
0 upgraded, 12 newly installed, 0 to remove and 0 not upgraded.
Need to get 3792 kB of archives.
After this operation, 8812 kB of additional disk space will be used.
Do you want to continue [Y/n]? n

(sid)root@gismo:/# apt-get install postfix
The following NEW packages will be installed:
  adduser libsasl2-2 libssl1.0.0 netbase openssl postfix ssl-cert
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 3710 kB of archives.
After this operation, 9055 kB of additional disk space will be used.
Do you want to continue [Y/n]? ^C

>>>  Would any other packages need changes, other than the ones I've
>>> mentioned above?
>> all packages with cron jobs,
> ...which produce output to somewhere other than a log file, in some
> scenario other than "being buggy and accidentally producing output", and
> which expect end users to read their output, and which therefore expect
> that the end user has configured root's mail to go somewhere they'll
> actually read.  In any case, cron can still suggest an MTA, and any
> package which absolutely needs a working MTA can depend on one (and add
> giant warnings that they require a *working* MTA configuration, which a
> depends does not guarantee).

Please remember that the default MTA configuration works for *local*
delivery, so at least these emails from cron jobs are saved somewhere,
which is not the same WRT to logs, which at some point could be lost
(think about logrotate...).

>> all 3rd party applications assuming an UNIX
>> environment, ++
> By which you mean having a sendmail binary?
> And on top of all of that, nothing guarantees that the sendmail binary
> can actually send mail outside the local system.  The admin will still
> need to know that the program they install wants to send mail with
> sendmail, so that they know not to say "local delivery only".

I think you are mixing two situations: local and external deliveries.
As I wrote just above, the former will work in any case by default (and
AFAIK is mandatory on a UNIX system), the second must be configured.

>> The reasons are all explained in the release notes.
> Which release notes do you mean?  I don't see anything about exim or
> mail-transport-agent in the Debian squeeze release notes (other than the
> large table of various package versions in Debian, which includes
> notable packages of many different priorities).

The installation-guide explains the situation in the "§ 8.5. Setting Up
Your System To Use E-Mail" section:


Thx, bye,
Gismo / Luca

Attachment: pgpIauvmhrkCa.pgp
Description: PGP signature

Reply to: