Bug 24011
Summary: | Sendmail listens by default, should it really? | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Chris Evans <chris> |
Component: | sendmail | Assignee: | Florian La Roche <laroche> |
Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.1 | CC: | herrold, notting |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-01-21 16:30:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Evans
2001-01-15 01:06:02 UTC
In fact if we fix this, we'd be heading towards OpenBSD levels of security on a default install... I was a proponent too last time around -- the counter-argument was pathological programs which talk to localhost:25, rather than handing content off through a "| mailx" If this is closed with a DEFER or WONT in the 7.x series, can we at least give 'fair warning' that it is depreicated contduct, and likely to break in future major releases? That way, we can fairly disable in th 8.0 and see what else breaks, and catch them early enough in the release and design phase to avoid major wailing. We only listen on the loopback device at the moment and only on the smtp port. Please send in problem reports if this is not the way to go. |