Hi there! On Thu, 13 Oct 2011 05:34:52 +0200, Josh Triplett wrote: > Bjørn Mork wrote: >> Josh Triplett <josh@joshtriplett.org> writes: >>> Have I missed any important points? >> >> You forgot to explain the upside, reason, why, gain, whatever. > > Re-reading my original mail, you're right, I do seem to have missed > covering that point explicitly. Thanks. :) > > The main reasons to stop having an MTA in standard: > > - Starting a daemon at boot time, which slows down booting. This led me > to notice the problem in Debian Live: it took a non-trivial amount of > time for the boot process to finish starting exim and move on. I experienced the same in the past on non-live Debian systems, but IIRC only when there was no network connection, is this a bug in exim? > - Listening on ports by default, which exposes the system to any > potential vulnerabilities, as well as potentially allowing the sending > of spam. I've checked, and out of all the packages with priority > standard or above, only exim and isc-dhcp-client listen on ports by > default. Removing an MTA significantly reduces the attack surface of > a default Debian system. On a tasksel's "standard" squeeze, by default exim listens only to port 25 (both IPv4 and IPv6) and for local connections, so no external connections are allowed: ===== root@debian:~# debconf-show exim4-config exim4/dc_other_hostnames: debian exim4/dc_eximconfig_configtype: local delivery only; not on a network exim4/no_config: true exim4/hide_mailname: exim4/dc_postmaster: rescue exim4/dc_smarthost: exim4/dc_relay_domains: exim4/dc_relay_nets: exim4/mailname: debian exim4/dc_readhost: exim4/use_split_config: false exim4/exim4-config-title: exim4/dc_localdelivery: mbox format in /var/mail/ exim4/dc_local_interfaces: 127.0.0.1 ; ::1 exim4/dc_minimaldns: false root@debian:~# ===== And BTW it seems you missed portmap and rpc.statd/nfs-common in your list of packages with priority standard ;-) FWIW, on a tasksel's "desktop" squeeze there is only one more daemon listening by default: it is cupsd, again only for local connections. > - Asking configuration questions via debconf at install time, which > increases the amount of work and complexity required to install > Debian. Which "install time" are you referring to? During a squeeze installation there are no questions asked about the MTA, either with tasksel's "standard" or "graphical system" choices. > For most users, these questions will duplicate the process > they later go through to configure their MUA. . o O (simply because these MUAs do not use the local sendmail) > - Taking time to download and install, which increases the time and > bandwidth needed to install or upgrade a Debian system. > > - Taking up space on disk, as with any other package installed but not used. Actually, in a clean and up-to-date sid chroot I think ~9MB for exim4-daemon-lightz2 or postfix (including dependencies) is way less than other crap you get because of Recommends: on by default: ===== (sid)root@gismo:/# apt-get install exim4-daemon-light [...] The following NEW packages will be installed: adduser cron exim4-base exim4-config exim4-daemon-light libgcrypt11 libgnutls26 libgpg-error0 libp11-kit0 libpcre3 libtasn1-3 netbase 0 upgraded, 12 newly installed, 0 to remove and 0 not upgraded. Need to get 3792 kB of archives. After this operation, 8812 kB of additional disk space will be used. Do you want to continue [Y/n]? n Abort. (sid)root@gismo:/# apt-get install postfix [...] The following NEW packages will be installed: adduser libsasl2-2 libssl1.0.0 netbase openssl postfix ssl-cert 0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded. Need to get 3710 kB of archives. After this operation, 9055 kB of additional disk space will be used. Do you want to continue [Y/n]? ^C (sid)root@gismo:/# ===== >>> Would any other packages need changes, other than the ones I've >>> mentioned above? >> >> all packages with cron jobs, > > ...which produce output to somewhere other than a log file, in some > scenario other than "being buggy and accidentally producing output", and > which expect end users to read their output, and which therefore expect > that the end user has configured root's mail to go somewhere they'll > actually read. In any case, cron can still suggest an MTA, and any > package which absolutely needs a working MTA can depend on one (and add > giant warnings that they require a *working* MTA configuration, which a > depends does not guarantee). Please remember that the default MTA configuration works for *local* delivery, so at least these emails from cron jobs are saved somewhere, which is not the same WRT to logs, which at some point could be lost (think about logrotate...). >> all 3rd party applications assuming an UNIX >> environment, ++ > > By which you mean having a sendmail binary? [...] > And on top of all of that, nothing guarantees that the sendmail binary > can actually send mail outside the local system. The admin will still > need to know that the program they install wants to send mail with > sendmail, so that they know not to say "local delivery only". I think you are mixing two situations: local and external deliveries. As I wrote just above, the former will work in any case by default (and AFAIK is mandatory on a UNIX system), the second must be configured. >> The reasons are all explained in the release notes. > > Which release notes do you mean? I don't see anything about exim or > mail-transport-agent in the Debian squeeze release notes (other than the > large table of various package versions in Debian, which includes > notable packages of many different priorities). The installation-guide explains the situation in the "§ 8.5. Setting Up Your System To Use E-Mail" section: <http://www.debian.org/releases/stable/amd64/ch08s05.html.en> Thx, bye, Gismo / Luca
Attachment:
pgpq5gklk6vjv.pgp
Description: PGP signature