Re: jessie release goals
On 2013-05-15 01:00:37 +0800, Thomas Goirand wrote:
> On 05/13/2013 07:08 PM, Vincent Lefevre wrote:
> > On 2013-05-07 23:54:36 +0800, Thomas Goirand wrote:
> >> On 05/07/2013 04:00 AM, Vincent Lefevre wrote:
> >>> This can be fine for some daemons/servers. For instance, for a web
> >>> server, displaying a default web page is harmless. But what about a
> >>> mail server? Any default config would probably lead to loss of mail
> >>> if things like virtual alias domains are used.
> >> If you set your MX pointer before setting-up your mail server,
> >> then it's your fault if you loose some mails, and not at all
> >> the fault of the way postfix (for example) is packaged.
> > In one case, this was after a full reinstallation of the server (not
> > Debian, but the problem would be the same). I didn't have the choice.
>
> This is, IMO, a very special case.
>
> > And removing the MX pointer several hours before the reinstallation
> > would also have resulted in loss of mail.
>
> Why do you think so? Normally, a mail server can be down
> for up to a day, without any lost of mail.
Here this is more than a mail server being down. It is a domain
without a MX; doesn't this mean a direct reject? Actually removing
the MX pointer wouldn't be OK, as the client may look at the A record
instead, which can't be removed without temporarily affecting other
services. So, I'm not sure what should be done (except iptables...).
> > The cleanest solution, IMHO, would have been to use iptables to
> > prevent SMTP connections before installing postfix, but for
> > someone who doesn't know iptables yet, that's more complex than
> > having the control on whether the daemon is started or not at
> > install time.
> I don't think iptables is more complex than postfix
I meant that instead of learning one software, one would have to
learn several ones.
> (in fact, to some degree, it might even be more simple, considering
> how complex postfix is). I do expect any administrator handling
> postfix to also know iptables.
In my case, I don't. Well, I used it in the past, but forgot, and
things have changed. And by not looking closely at the documentation,
one can easily do something wrong (e.g. forget IPv6 rules).
> Anyway, I don't think this is a reason good enough to have postfix
> to not start when you install it, and add one more step when
> configuring it.
Anyway one more step is needed in both cases:
* If postfix has not started yet, start it at the end.
* If postfix has already started, reload the configuration.
> You are also considering a specific case of the SMTP server,
> where it is used to receive outbound emails. Sometimes, you
> only install a mail server to handle system mails (like cron
> jobs, and so on). In this case, it would really be not convenient
> to have the daemon not starting by default.
Hmm, OK, it seems that postfix works differently from exim (with
exim, the daemon is not needed to send a local mail: the sendmail
interface does all the job).
Then, I think that it would be better to have another debconf question
for the Internet Site case (and Internet with smarthost?) in order to
let the admin decide whether he wants to listen to all interfaces now
or later. The goal would be to benefit from the automatic config from
the first debconf questions, but let the admin terminate advanced
configuration.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Reply to: