Red Hat Bugzilla – Bug 39583
Default config makes sendmail useless
Last modified: 2007-04-18 12:33:07 EDT
Description of problem:
A default tricky configuration file makes Sendmail unoperative.
Average end user won't be able to fix it.
No warning is provided when upgrading from previous (7.0) version.
Steps to Reproduce:
1.Have a mail server running OK with RedHat 7.0
2.Blind upgrade it to 7.1
3.Reboot: Your mail server is down - Thank's RedHat!
Actual Results: I could fix it after a couple of hours searching what
could have happened, while thousands of people insulted me because they
could work nomore.
Expected Results: An upgrade should be an upgrade: Things are expected to
run as well as before. If not, at least, it should not have been done
Very bad idea from RH. Very same bad idea with rlogin rsh which have been
disabled in /etc/xindet.d without any warning on installation to set them
Some guy at RH thinks the best way to improve security is to deny every
service. Better unplug the computer!
>>> Fire him <<<
I would fire someone blindly upgrading critical production machines without
And where is your description of the actual culprit? I read only "it does not
And especially: where's the security problem?
Can you please have a look at the release-notes that we have prepared for our
Florian La Roche
7.1 is neither rawhide, nor wolverine. Since beginning (some 4.x), we upgraded
every computer (~50) in our dept (University) without a problem. They ran
perfectly and smoothly, and I used to say our students "Just choose RedHat
rather than X or Y, because it is easier to maintain, more up-to-date, etc. and
it is as good for home use (KDE) as for development or servers." Isn't it?
7.1 gave the lie to me, because they could not use mail for half a day, and put
me under high pressure - so I was very upset. And yes, I used rawhide,
wolverine, then 7.1 on my own computer without problem before upgrading this
server. I just can't have another 10k$ RAID5 server just for testing...
Anyway, I wouldn't have fired anybody for this - tho, he would have learned
some new words from me!
Now, the problem: Bug#28340 and 37720 says it all.
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA') prevents to get mail from
network. Contrarily as what was the default on 7.0. And I don't think that
browsing /etc/sendmail.cf, than "dnl"-ing the right line
in /etc/mail/sendmail.mc, then running m4 is within the reach of any end-user.
Previous bug reports strengthens me in my opinion.
So, this is obviously not a "bug" in 7.1, and there should be a better place
(tell me?) to discuss why RedHat did not draw our attention on this change
before upgrading to 7.1.
I wish I had some query, in upgrade process: "Are you willing to disable
network mail?" - (what's worth a no-network mail?) or at least: "Beware,
default configuration will disable... please check /etc/mail/sendmail.mc"
Sorry to be so long about this, I feel Linux is not to be used by Unix gurus
only. RedHat did a lot in this way. Keep on!
Why don't you just read RELEASE_NOTES? It's on CD #1 in the root directory:
System-Related Enhancements and Changes
o Sendmail -- By default, sendmail does not accept network connections
from any host other than the local computer. If you want to
configure sendmail as a server for other clients, please edit
/etc/mail/sendmail.mc and change DAEMON_OPTIONS to also listen on
network devices, or comment out this option all together. You will
need to regenerate /etc/sendmail.cf by running:
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
Note that you must have the sendmail-cf package installed for this to
Don't blame Red Hat. Blame yourself.
Shame on me! Anyway reading usenet news, I don't feel alone...
Just for fun: What's the aim for adding this line?
Security. Most people don't need any MTA listening for incoming connections.
Less exposure - less risk. And sendmail has a long history of being a risk.