Bug 39583
| Summary: | Default config makes sendmail useless | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Jean Berthomieu <berthoms> |
| Component: | sendmail | Assignee: | Florian La Roche <laroche> |
| Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | dr |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-05-08 17:25:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I would fire someone blindly upgrading critical production machines without testing beforehand. And where is your description of the actual culprit? I read only "it does not work". And especially: where's the security problem? Can you please have a look at the release-notes that we have prepared for our customers? Thanks, Florian La Roche 7.1 is neither rawhide, nor wolverine. Since beginning (some 4.x), we upgraded every computer (~50) in our dept (University) without a problem. They ran perfectly and smoothly, and I used to say our students "Just choose RedHat rather than X or Y, because it is easier to maintain, more up-to-date, etc. and it is as good for home use (KDE) as for development or servers." Isn't it? 7.1 gave the lie to me, because they could not use mail for half a day, and put me under high pressure - so I was very upset. And yes, I used rawhide, wolverine, then 7.1 on my own computer without problem before upgrading this server. I just can't have another 10k$ RAID5 server just for testing... Anyway, I wouldn't have fired anybody for this - tho, he would have learned some new words from me! Now, the problem: Bug#28340 and 37720 says it all. DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') prevents to get mail from network. Contrarily as what was the default on 7.0. And I don't think that browsing /etc/sendmail.cf, than "dnl"-ing the right line in /etc/mail/sendmail.mc, then running m4 is within the reach of any end-user. Previous bug reports strengthens me in my opinion. So, this is obviously not a "bug" in 7.1, and there should be a better place (tell me?) to discuss why RedHat did not draw our attention on this change before upgrading to 7.1. I wish I had some query, in upgrade process: "Are you willing to disable network mail?" - (what's worth a no-network mail?) or at least: "Beware, default configuration will disable... please check /etc/mail/sendmail.mc" Sorry to be so long about this, I feel Linux is not to be used by Unix gurus only. RedHat did a lot in this way. Keep on! Why don't you just read RELEASE_NOTES? It's on CD #1 in the root directory:
<cite>
System-Related Enhancements and Changes
---------------------------------------
[...]
o Sendmail -- By default, sendmail does not accept network connections
from any host other than the local computer. If you want to
configure sendmail as a server for other clients, please edit
/etc/mail/sendmail.mc and change DAEMON_OPTIONS to also listen on
network devices, or comment out this option all together. You will
need to regenerate /etc/sendmail.cf by running:
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
Note that you must have the sendmail-cf package installed for this to
work.
</cite>
Don't blame Red Hat. Blame yourself.
Shame on me! Anyway reading usenet news, I don't feel alone... Just for fun: What's the aim for adding this line? Security. Most people don't need any MTA listening for incoming connections. Less exposure - less risk. And sendmail has a long history of being a risk. |
Description of problem: A default tricky configuration file makes Sendmail unoperative. Average end user won't be able to fix it. No warning is provided when upgrading from previous (7.0) version. How reproducible: Always Steps to Reproduce: 1.Have a mail server running OK with RedHat 7.0 2.Blind upgrade it to 7.1 3.Reboot: Your mail server is down - Thank's RedHat! Actual Results: I could fix it after a couple of hours searching what could have happened, while thousands of people insulted me because they could work nomore. Expected Results: An upgrade should be an upgrade: Things are expected to run as well as before. If not, at least, it should not have been done purposely :-( Additional info: Very bad idea from RH. Very same bad idea with rlogin rsh which have been disabled in /etc/xindet.d without any warning on installation to set them on again. Some guy at RH thinks the best way to improve security is to deny every service. Better unplug the computer! >>> Fire him <<<