How to Configure Qmail on Fedora Core 1 Server

Fritz Whittington f.whittington at att.net
Tue Jul 27 18:15:07 UTC 2004 

On or about 2004-07-27 11:42, Craig White whipped out a trusty #2 pencil 
and scribbled:

>On Tue, 2004-07-27 at 09:12, Fritz Whittington wrote:
>  
>
>>While it may be a "good and custom practice" under some situations, it 
>>seems like a work-around that I don't need.  I understand that the alias 
>>just moves root's mail to another user's mbox, so that it can be read by 
>>that user.  In the days of DEC VT-10x and -2xx "smart" terminals, there 
>>could well be good security reasons for root not to read his mail while 
>>logged in as himself.  In my situation, reading root's mail via pop3s 
>>over a *totally* secure LAN (I can see every cable with my naked eyes 
>>while sitting at the desk) and on a Windows machine, no less, seems even 
>>more secure than is required.  It's easier and simpler to keep root's 
>>inbox and mail segregated from my "regular" Linux user's inbox, as well 
>>as from my other email accounts.  Having options in the config file to 
>>define the available users, with the default starting at user 500 is a 
>>good protection for naive installers, but having root excluded by 
>>compilation from being configured by a non-naive installer just rubs me 
>>the wrong way.
>>
>>Secondly, if there are instructions for setting up postfix, sendmail, 
>>and dovecot that are as easy to use as the ones for qmail at 
>>qmailrocks.org, I have yet to find them.  While I enjoy using Linux, I 
>>don't wanna make a career out of it. I'm retired from a long career of 
>>computer systems engineering;  I'm tired of working *on* systems, would 
>>like to work *with* the systems for a change :-)
>>    
>>
>----
>It seems pretty clear that security stems from redundant methodology to
>ensure that if one thing goes wrong, another logical measure is
>adequately empowered. Sometimes, the desire to protect a system against
>inexperienced administrators that would cause the default configuration
>or compiled options to deny root access.
>
>All you need to do is to create another account 'foo' and alias root's
>mail to foo. The foo account need not even have a valid shell to
>send/receive email. You can set up an MUA to use foo as if it were root
>and it would make no difference at all - except that mail read as foo
>would not have root's privileges. 
>
*Mail read with Mozilla on a Windows machine from a POP3 server doesn't 
have root's privileges either!*
(And yes, you can do anything in vi that you might want to do in emacs, 
so let's just ship *one* editor with the system and force everyone to do 
it *that* way, just because!  OK with you?  I thought not.)  Of course, 
I guess I could set up the foo alias and then read foo's mail with 
Mozilla on a Windows machine from a POP3 server.  Can you prove that to 
be even a tiny bit more secure?

>Thus your argument about working
>'with' or 'on' really doesn't hold water.
>  
>
That refers to something of an additional topic:  qmail versus 
sendmail/postfix/dovecot and the ease of installing without having to 
read (first finding) bunches of docs and becoming something of a guru on 
the subject.

Also, be aware that (IMHO) once any security issues are removed, this 
becomes a "religious" (that is, personal preference) issue just like the 
choice of a text editor. 

-- 
Fritz Whittington
I can please only one person per day. Today is not your day. And tomorrow isn't looking good either.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3252 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040727/83e9f4f8/attachment-0001.bin>

More information about the fedora-list mailing list