redhat-config-securitylevel vs redhat-config-firewall?
Andy Green
fedora at warmcat.com
Wed Oct 8 07:49:03 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 08 October 2003 01:36, Michal Jaegermann wrote:
> On Tue, Oct 07, 2003 at 08:23:20PM -0400, James Drabb wrote:
> > I totally agree, there is not a real need for sendmail on a
> > desktop PC.
>
> This carping on sendmail from different quarters is getting really
> boring. Did you ever bother to check _how_ sendmail is configured
> by default, for a very long time now, and why?
>
> > Most desktop users will use Evolution, Mozilla Mail, KMail,
>
> I can assure that you will not catch me using any of these
> stinkers. But what _this_ has to do with the issue?
I think he meant to imply they will be using POP3.
>User-Agent: Mutt/1.2.5.1i
Hm. Let he who is without stink cast the first aspersion. Kmail is
pretty neat, maybe you should check it out if you didn't look at it
lately.
> > so there is no reason for a MTA.
>
> There are reasons.
Specifically, several things want to send email inside a system, for
example cron. I didn't know this for a long time and was surprised
how nice it is to get mail from logwatch every morning allowing me to
see free disc space, etc. You can configure cron on other machines
to send email (look in /etc/crontab) to your main workstation too,
its like a daily heartbeat check.
This requires a working MTA, I remove sendmail (rpm -e sendmail) and
install postfix on my machines, on the basis there has been a steady
trickle of security advisories for sendmail and much less with
postfix. I'm not experienced enough to make a judgement between them
other than that.
One other tip, you can improve security by using iptables to only let
a given IP or range of IPs see your port 25 is open. Particularly if
you expect relay traffic from one specific server, everyone else in
the world sees nothing back from touching it.
- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/g8FvjKeDCxMJCTIRAu9wAKCCSqwiu26mY8q/7rN5C1wSUWwdYwCeNSnS
UrIU32fggTAI6e5qSzqFG/4=
=nkAH
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list