Mikkel L. Ellertson wrote:
Not really. Why should they be installed by default when most people are not going to be running a mail server?
It's not a matter of doing it by default, it is a matter of having to edit an obscure config file to do it, instead of the RedHat 'way' of enabling things. What's right for sendmail should be right for sshd, ftpd, named, httpd, samba, and all the other things where security flaws have been known to exist and be exploited.
You keep insisting that EVERY machine needs to be able to accept Internet delivery of mail, but you have yet to give a valid reason for this.
No, I'm saying that SOME machines need to be able to accept mail and thus the distribution should provide a reasonable means. I don't believe that everyone's machine would be safer if it were shipped with a non-working sshd config file and every user that needed it had to figure out for themselves what might be good options to put in there, and I don't believe that for sendmail either.
I have given you examples of classes of machines that have no need for it, but you keep deleting that part of the message in your replies, instead of addressing it.
I keep deleting it because it is not relevant to sendmail being treated differently than every other RH/fedora package. You probably don't need a web server on your laptop either, but where you do need it, the package comes up working on the network with the expected RH/fedora commands.
Isn't it part of basic security to not run services you do not need, and limit connections to the services you are running to machines that need to connect?
Again, not relevant. The part that is relevant is following well known best practices by using expertly developed configurations changed only where necessary for local differences. The people who need sshd listening on their network connections can do that because RH/fedora ships a usable setup. The people who need to receive email via smtp can't because they don't. And again, I don't believe the world is a safer place because every person who needs to activate their network email service has to muddle through sendmail.mc trying whatever changes look likely to make it work.
-- Les Mikesell lesmikesell@xxxxxxxxx
