Bug 39583 - Default config makes sendmail useless
Summary: Default config makes sendmail useless
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sendmail   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-05-08 09:09 UTC by Jean Berthomieu
Modified: 2007-04-18 16:33 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-05-08 17:25:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jean Berthomieu 2001-05-08 09:09:18 UTC
Description of problem:
A default tricky configuration file makes Sendmail unoperative.
Average end user won't be able to fix it.
No warning is provided when upgrading from previous (7.0) version.

How reproducible:

Steps to Reproduce:
1.Have a mail server running OK with RedHat 7.0
2.Blind upgrade it to 7.1
3.Reboot: Your mail server is down - Thank's RedHat!
Actual Results:  I could fix it after a couple of hours searching what 
could have happened, while thousands of people insulted me because they 
could work nomore.

Expected Results:  An upgrade should be an upgrade: Things are expected to 
run as well as before. If not, at least, it should not have been done 
purposely  :-(

Additional info:

Very bad idea from RH. Very same bad idea with rlogin rsh which have been 
disabled in /etc/xindet.d without any warning on installation to set them 
on again.
Some guy at RH thinks the best way to improve security is to deny every 
service. Better unplug the computer!

               >>> Fire him  <<<

Comment 1 Daniel Roesen 2001-05-08 17:25:53 UTC
I would fire someone blindly upgrading critical production machines without
testing beforehand.

And where is your description of the actual culprit? I read only "it does not

And especially: where's the security problem?

Comment 2 Florian La Roche 2001-05-08 20:05:00 UTC
Can you please have a look at the release-notes that we have prepared for our


Florian La Roche

Comment 3 Jean Berthomieu 2001-05-08 21:09:11 UTC
7.1 is neither rawhide, nor wolverine. Since beginning (some 4.x), we upgraded 
every computer (~50) in our dept (University) without a problem. They ran 
perfectly and smoothly, and I used to say our students "Just choose RedHat 
rather than X or Y, because it is easier to maintain, more up-to-date, etc. and 
it is as good for home use (KDE) as for development or servers." Isn't it?
7.1 gave the lie to me, because they could not use mail for half a day, and put 
me under high pressure - so I was very upset. And yes, I used rawhide, 
wolverine, then 7.1 on my own computer without problem before upgrading this 
server. I just can't have another 10k$ RAID5 server just for testing...
Anyway, I wouldn't have fired anybody for this - tho, he would have learned 
some new words from me!
Now, the problem: Bug#28340 and 37720 says it all. 
DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA') prevents to get mail from 
network. Contrarily as what was the default on 7.0. And I don't think that 
browsing /etc/sendmail.cf, than "dnl"-ing the right line 
in /etc/mail/sendmail.mc, then running m4 is within the reach of any end-user.
Previous bug reports strengthens me in my opinion.
So, this is obviously not a "bug" in 7.1, and there should be a better place 
(tell me?) to discuss why RedHat did not draw our attention on this change 
before upgrading to 7.1.
I wish I had some query, in upgrade process: "Are you willing to disable 
network mail?" - (what's worth a no-network mail?) or at least: "Beware, 
default configuration will disable... please check /etc/mail/sendmail.mc"

Sorry to be so long about this, I feel Linux is not to be used by Unix gurus 
only. RedHat did a lot in this way. Keep on!

Comment 4 Daniel Roesen 2001-05-08 21:35:23 UTC
Why don't you just read RELEASE_NOTES? It's on CD #1 in the root directory:

System-Related Enhancements and Changes
    o Sendmail -- By default, sendmail does not accept network connections
      from any host other than the local computer.  If you want to
      configure sendmail as a server for other clients, please edit
      /etc/mail/sendmail.mc and change DAEMON_OPTIONS to also listen on
      network devices, or comment out this option all together.  You will
      need to regenerate /etc/sendmail.cf by running:

            m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

      Note that you must have the sendmail-cf package installed for this to

Don't blame Red Hat. Blame yourself.

Comment 5 Jean Berthomieu 2001-05-09 07:57:41 UTC
Shame on me! Anyway reading usenet news, I don't feel alone...
Just for fun: What's the aim for adding this line?

Comment 6 Daniel Roesen 2001-05-31 07:50:07 UTC
Security. Most people don't need any MTA listening for incoming connections.
Less exposure - less risk. And sendmail has a long history of being a risk.

Note You need to log in before you can comment on or make changes to this bug.