None of the Above (was Re: Sendmail still default?)
Bill Nottingham
notting at redhat.com
Tue Oct 21 15:44:01 UTC 2008
Les Mikesell (lesmikesell at gmail.com) said:
> Bill Nottingham wrote:
>> Les Mikesell (lesmikesell at gmail.com) said:
>>> Which is why mail is a sensible delivery mechanism. It already knows
>>> how to deliver elsewhere if you want.
>>
>> With built-in mechanisms to allow for easy spoofing of critical events
>> to the user from anyone on the internet, no less!
>
> I'm surprised you are able to do that with fedora's default mail
> configuration that only accepts from localhost... Perhaps you should
> let us in on the secret.
????
We're talking about arbitrary mail delivery. It could be forwarded
to any e-mail account, anywhere. (After all, that's what you're asking
for with redirection of root e-mail.) Ergo, anyone with knowledge of
1) your e-mail address 2) your machine could send you a spoof/phishing/etc.
>> Should the information be sent via e-mail to an adminstrator, and
>> stored for later viewing in general? Yes. Does that mean e-mail is
>> the best mechanism for presenting it? No.
>
> If you have a bad email mechanism, fix that problem.
I think attempting to have all cron/alert/whatever mail gpg-signed
with a host-specific key would be waaaaaaaaaaaay overkill.
Bill
More information about the fedora-devel-list
mailing list