Am Di, den 03.01.2006 schrieb Philip Prindeville um 9:02: > I was wondering if there would be any point to doing some .noarch RPM's > that could be installed individually to enable additional functionality that > isn't turned on out-of-the-box. Typically such setup tasks are custom and from my point of view it does not make much sense to cover them in an RPM. > For instance, I wanted to use IMAP and SMTP with SSL (so that I can > connect to my mail server on the road, but not have to worry about leaving > it open to spam relaying)... And turn on milters as well (there are HELO You want to authenticate using a certificate or instead just protect the communication between the client and the server to not transmit the authentication data in plain text over a non secure line? I guess you have last in mind. Yes, I recommend to do either. Of course, if you just offer and use CRAM-MD5 or DIGEST-MD5 auth mechs, you then would not really need the TLS encryption for protecting the auth data. If you are after a GUI tool to manage SSL certificates (CA creation, server/client certificate creation, certificate revokation and requests), you may have a look at tinyCA2: http://tinyca.sm-zone.net/. I may provide it as an RPM if you like. > checks that sendmail doesn't do on it's own, but I'd like to add... either > through hacking the sources, or via milters). Be careful with HELO/EHLO checks. Of course a clever milter can do things very selective and in a way to not break RFCs and not causing false positives. The automatic enabling of a milter configuration within the Sendmail configuration is limited. While you can ship with milter as an RPM with some default values (like the clamav-milter from Fedora Extras), mail environments and thus mail systems differ. Generally speaking: there is no way around reading the documentation of the software you use, especially if it is software for server tasks; weather you 'click&run' or edit configuration files with a text editor. > I, like a lot of people, haven't ever enabled or configured either of these, > but I figure it shouldn't be too hard to capture the steps and then express > them in RPM's. Rather than building an RPM or several of them which would have to do some black magic the users never ever would take deeper notice of, I recommend to study the available documentation. If you then managed to understand and realize what you did, to help others you should write a good howto / tutorial explaining the steps in detail and in words you think others will understand it much better than from documentation available so far. If you google you will quickly find out that there are masses of documents about creating and handling SSL certificates. Even www.openssl.org itself has some papers. And the milter interface is explained within the Sendmail docs. Typically the milters itself have too documentation/readmes. A nice collection of information about Sendmail + a milter (clamav-milter) is for instance http://fedoranews.org/contributors/ron_goulard/clamav/ (of course it does not cover all aspects). > Alexander: can you work with me on this? I.e. provide some guidance and > reality checks? Not just only me, I am sure others as well will help you if you have specific questions you couldn't answer yourself after consulting the documentation. > -Philip Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 20:25:59 up 30 days, 1:03, load average: 0.25, 0.26, 0.18
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
