[CentOS] sendmail substitute?
Hi all, i'm following online guides to secure my centos 5.4 it's advised to turn off sendmail service among others. but how can i forward my /var/log/mail to my webmail ? any help would be greatly appreciated.. thank you ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On 14/10/2010 08:44, Roland RoLaNd wrote: Hi all, i'm following online guides to secure my centos 5.4 it's advised to turn off sendmail service among others. but how can i forward my /var/log/mail to my webmail ? http://blog.zloether.com/2009/07/install-ssmtp-in-centos.html http://blog.zloether.com/2009/07/send-email-from-linux-shell.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
Hi all, i'm following online guides to secure my centos 5.4 it's advised to turn off sendmail service among others. but how can i forward my /var/log/mail to my webmail ? To update to CentOS 5.5 with current updates (especially the kernel!) would improve security much more than deactivating Sendmail. That said you are not bound to 5.4 by any specific usecase. any help would be greatly appreciated.. What is the rationale behind deactivating Sendmail. Just curious. Or is it the typical rant Sendmail is insecure, see its history? thank you Alexander ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On 14/10/2010 09:11, Alexander Dalloz wrote: Hi all, i'm following online guides to secure my centos 5.4 it's advised to turn off sendmail service among others. but how can i forward my /var/log/mail to my webmail ? To update to CentOS 5.5 with current updates (especially the kernel!) would improve security much more than deactivating Sendmail. That said you are not bound to 5.4 by any specific usecase. Agree with above. any help would be greatly appreciated.. What is the rationale behind deactivating Sendmail. Just curious. Or is it the typical rant Sendmail is insecure, see its history? If he just wants to send emails generated by internal programs on his system and doesn't need a full blown MTA then something smaller with SMTP capability would be a more fitting choice. I run sendmail myself, but then run a full blown mail system, want spam / anti-vrus checking and so on, but for ordinary systems (non-mailservers) something simpler with a smaller footprint and capability is probably better, not just from a security point of view. I commend anyone who choses not to run a full-blown MTA if they are technically uncertain about the security implications. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
From: Giles Coochey gi...@coochey.net On 14/10/2010 09:11, Alexander Dalloz wrote: i'm following online guides to secure my centos 5.4 it's advised to turn off sendmail service among others. but how can i forward my /var/log/mail to my webmail ? To update to CentOS 5.5 with current updates (especially the kernel!) would improve security much more than deactivating Sendmail. That said you are not bound to 5.4 by any specific usecase. Agree with above. any help would be greatly appreciated.. What is the rationale behind deactivating Sendmail. Just curious. Or is it the typical rant Sendmail is insecure, see its history? If he just wants to send emails generated by internal programs on his system and doesn't need a full blown MTA then something smaller with SMTP capability would be a more fitting choice. I run sendmail myself, but then run a full blown mail system, want spam / anti-vrus checking and so on, but for ordinary systems (non-mailservers) something simpler with a smaller footprint and capability is probably better, not just from a security point of view. I commend anyone who choses not to run a full-blown MTA if they are technically uncertain about the security implications. What could be so insecure about using sendmail localy? Don't start the daemon, so it is not listening... Or the firewall will block the port anyway... If the mail is sent to a trusted mail server, there is no risks. Am I missing something? JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
What could be so insecure about using sendmail localy? Don't start the daemon, so it is not listening... Or the firewall will block the port anyway... If the mail is sent to a trusted mail server, there is no risks. Am I missing something? On a hardened, production, well configured server that strategy would simply be a part of a Defence-in-Depth security strategy. What's the worst that could happen? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On Thu, Oct 14, 2010 at 08:47:28AM +0200, Giles Coochey wrote: On 14/10/2010 08:44, Roland RoLaNd wrote: Hi all, i'm following online guides to secure my centos 5.4 it's advised to turn off sendmail service among others. but how can i forward my /var/log/mail to my webmail ? http://blog.zloether.com/2009/07/install-ssmtp-in-centos.html The problem with ssmtp is that it only sends to an outside source. It's no longer maintained as far as I know, and I don't think there's a way to get it to just go local, without sending outside. (DISCLAIMER--haven't used it in a long while, and perhaps someone fixed that, or found out a way, but I remember on Fedora forums there was a thread about it, and I don't think anyone managed to get it to only send and deliver locally.) http://blog.zloether.com/2009/07/send-email-from-linux-shell.html This also, you will note, sends email through (in the example) through gmail, that is, going outside the machine. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Buffy: Ahh, it's okay. Gave Cord and I chance to spend some quality death time. Cordelia: And we got these free corsages. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On 14/10/2010 11:48, Scott Robbins wrote: http://blog.zloether.com/2009/07/send-email-from-linux-shell.html This also, you will note, sends email through (in the example) through gmail, that is, going outside the machine. I thought that was what the OP requested? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On Thu, Oct 14, 2010 at 11:50:51AM +0200, Giles Coochey wrote: On 14/10/2010 11:48, Scott Robbins wrote: http://blog.zloether.com/2009/07/send-email-from-linux-shell.html This also, you will note, sends email through (in the example) through gmail, that is, going outside the machine. I thought that was what the OP requested? I may have misunderstood--I was under the impression that the OP only wanted to send system messages locally, that is, the sort of things syslog sends to root. I have a rather dated page on it (that I host locally, so slow site and often down), at http://www.scottro.net/qnd/qnd-ssmtp.html -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Cordelia: Do you know what he's going to do to me when he finds out I let his car get stolen? I mean, what are the chances that a vampire has full insurance with a low deductible? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
- Original Message - | Hi all, | | i'm following online guides to secure my centos 5.4 | it's advised to turn off sendmail service among others. | but how can i forward my /var/log/mail to my webmail ? | | any help would be greatly appreciated.. | | thank you | | ___ | CentOS mailing list | CentOS@centos.org | http://lists.centos.org/mailman/listinfo/centos A local MTA is required to deliver mail. If you ensure that sendmail is only listening on localhost you should be okay. -- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_s...@hotmail.com Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On Thu, Oct 14, 2010 at 9:11 AM, Alexander Dalloz ad+li...@uni-x.org wrote: What is the rationale behind deactivating Sendmail. Just curious. Or is it the typical rant Sendmail is insecure, see its history? I don't understand why many people calling sendmail insecure. Sendmail is the default MTA in RHEL, Solaris, AIX, FreeBSD, OpenBSD ... Why should they use an insecure MTA? Sendmail is a very robust and reliable MTA. Best regards, Morten ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
Actually, as of RHEL6, the default MTA is now Postfix. Sendmail does indeed have a rather lengthy history of vulnerabilities. With that being said, in my opinion, Postfix is also a much more flexible MTA. Josh -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Morten P.D. Stevens Sent: Thursday, October 14, 2010 1:55 PM To: CentOS mailing list Subject: Re: [CentOS] sendmail substitute? On Thu, Oct 14, 2010 at 9:11 AM, Alexander Dalloz ad+li...@uni-x.org wrote: What is the rationale behind deactivating Sendmail. Just curious. Or is it the typical rant Sendmail is insecure, see its history? I don't understand why many people calling sendmail insecure. Sendmail is the default MTA in RHEL, Solaris, AIX, FreeBSD, OpenBSD ... Why should they use an insecure MTA? Sendmail is a very robust and reliable MTA. Best regards, Morten ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On 14/10/10 10:58 AM, Baird, Josh jba...@follett.com wrote: Actually, as of RHEL6, the default MTA is now Postfix. Sendmail does indeed have a rather lengthy history of vulnerabilities. With that being said, in my opinion, Postfix is also a much more flexible MTA. Josh Well, I'd call that a red herring as Sendmail is just as flexible. The main issues that people have with Sendmail regarding security or flexibility come from the fact that you need to understand the configuration language that Sendmail's configuration files use. If you don't, yes, you can easily eff up the the security of your mail infrastructure and can get lost quickly if you're trying to configure it for more functionality/mail routing/etc. Sure there have been vulnerabilities in the past, but so has postfix/exim/dbmail/etc I think the main reason upstream changed to Postfix is mostly a) most Linux distributions are using it as the default MTA now, and b) it is easier to configure and nothing more. -- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Office: (408) 240-1239 smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On 10/14/2010 4:19 PM, Gary Greene wrote: On 14/10/10 10:58 AM, Baird, Joshjba...@follett.com wrote: Actually, as of RHEL6, the default MTA is now Postfix. Sendmail does indeed have a rather lengthy history of vulnerabilities. With that being said, in my opinion, Postfix is also a much more flexible MTA. Josh Well, I'd call that a red herring as Sendmail is just as flexible. The main issues that people have with Sendmail regarding security or flexibility come from the fact that you need to understand the configuration language that Sendmail's configuration files use. If you don't, yes, you can easily eff up the the security of your mail infrastructure and can get lost quickly if you're trying to configure it for more functionality/mail routing/etc. Sure there have been vulnerabilities in the past, but so has postfix/exim/dbmail/etc I think the main reason upstream changed to Postfix is mostly a) most Linux distributions are using it as the default MTA now, and b) it is easier to configure and nothing more. What you really want with sendmail is a milter-multiplexer like MimeDefang where you can do anything you want without slowing down the faster native sendmail steps and handle the unusual configuration parts in a snipped of perl. Now that postfix has gotten milters right I think you could use MimeDefang with it too. But, sendmail these days is probably the most strictly audited piece of code on your server so I think the OP is just following bad advice. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail substitute?
On 10/14/2010 5:19 PM, Gary Greene wrote: On 14/10/10 10:58 AM, Baird, Joshjba...@follett.com wrote: Actually, as of RHEL6, the default MTA is now Postfix. Sendmail does indeed have a rather lengthy history of vulnerabilities. With that being said, in my opinion, Postfix is also a much more flexible MTA. Josh Well, I'd call that a red herring as Sendmail is just as flexible. The main issues that people have with Sendmail regarding security or flexibility come from the fact that you need to understand the configuration language that Sendmail's configuration files use. If you don't, yes, you can easily eff up the the security of your mail infrastructure and can get lost quickly if you're trying to configure it for more functionality/mail routing/etc. Sure there have been vulnerabilities in the past, but so has postfix/exim/dbmail/etc I think the main reason upstream changed to Postfix is mostly a) most Linux distributions are using it as the default MTA now, and b) it is easier to configure and nothing more. I think the key phrase above is 'lengthy history'. With that comes years of hack testing and some holes found. One could even argue that Sendmail has been more thoroughly 'tested', therefore more robust. I'm running both Sendmail servers and Postfix servers. I'm in the process of switching over to Postfix for other reasons, but I've gotten so good with Sendmail that I really hate making this change and find the Postfix configs foreign. Easier? Well, it's what you're used to. Most of this post is really about 'what I use so it is best'. That's not a bad thing, it just is. Any MTA will at some point in the future have security issues. The beauty of CentOS is they are dealt with in a timely manner and provided almost always, as a patch which breaks nothing else. So, it's really just easy. Choose the one you want and update your system. Sleep well. :) John Hinton ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
