Re: [Mageia-dev] [RFC] msec (nail) can't send reports to local users accounts - require an MTA?

Thu, 22 Sep 2011 03:19:53 -0700 

Am 21.09.2011 20:59, schrieb Mjules:

Le Wed, 21 Sep 2011 20:35:38 +0200,
Florian Hubold<[email protected]>  a écrit :


Hello,

during validation of validation of msec/sectool update candidates,
a problem showed up: https://bugs.mageia.org/show_bug.cgi?id=1621
Seems mailx (on behalf of msec) can't send mails to local user
accounts due to missing sendmail, citing one of the comments:

     https://bugs.mageia.org/show_bug.cgi?id=2255#c25
     But sendmail (or alternative) is required for local delivery.
     Try it out for yourself

     $ mailx -v -s "test mail" root
     EOT
     /usr/lib/sendmail: No such file or directory
     "/home/derek/dead.letter" 9/214
     . . . message not sent.

This results in msec reports ending as /dead.letter and never being
sent to the user who was specified in msec configuraion or during
initial installation of Mageia.

So i added a require on sendmail to msec. But sendmail conflicts
with vacation, and more importantly with postfix.
So how to solve this mess? Do we want the reports to not be sent
to some local user account, we can leave it like it is and i'll
remove the require on sendmail.

But if we want security reports to be sent to local users if they
specify so, how to proceed further?


Hi,

IIRC mailx don't do local delivery alone. If we want to allow local
delivery but not require a full smtp server, we could use dma
(DragonFly Mail Agent [1]) which is a lightweight alternative.

It seems sendmail-command is a provide of most of smtp package so maybe
you can add a require on it.

regards
Julien

[1] https://gitorious.org/dma&;  http://svnweb.mageia.org/packages/cauldron/dma/


The main problem when adding sendmail-command (or another MTA) is
that at least every default installation of Mageia 1 will get an MTA installed.
The question is, do we really want to force this on our users?

As Luc Menut already mentioned, msec works fine without an MTA, and
that all reports should be available under /var/log/security.
Also his proposal to change default msec config to not send reports
by email sounds sensible. So if nobody objects, i'll remove the require
on sendmail-command and change default msec config.

Reply via email to