[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: postfix aliases file (in light of setup, sendmail, and exim)



On Thu, 2004-04-22 at 11:44, Tom Diehl wrote:
> On Wed, 21 Apr 2004, Matthew Miller wrote:
> 
> > Since January or so, /etc/aliases has belonged to the 'setup' package
> > instead of to sendmail, and it's nicely shared between sendmail and exim.
> > This seems good.
> 
> OK, I guess.
> 
> > Theoretically, the postfix file format is the same, too. However, the
> > contents of the current Fedora version are quite different. Perhaps most
> > importantly, it maps root's mail to user 'postfix', to keep it from
> > completely getting dropped on the floor (postfix doesn't like to deliver
> > mail to root directly, for security). But the postfix file also seems to be
> > missing a whole host of "standard" aliases that are defined in the
> > /etc/aliases version.
> 
> Whose standard?
> 
> Postfic CANNOT deliver mail to root. As is stated in the installation
> instructions you should point it to a real person. As far as what is in it
> that is totally up to you. Personally I make 1 change and 1 change only to
> that file. That change is to point the root mail to a real person. Any other
> aliases I need are put in a local.aliases file. Simply add that entry to
> your main.cf and all will be well. By default /etc/aliases does not exist
> with postfix. Unless you configure it otherwise it will look for 
> /etc/postfix/aliases.
> 
> > Should the postfix aliases file be merged with the main one (and removed
> > from the postfix package)? I'm inclined to think so.
> 
> Why would you do that? Just because someone that packaged sendmail thinks
> they are useful does not mean everyone needs them. Add the ones you need and
> forget about the rest.
> 
> > Perhaps the issue of "what to do with root's mail" could be solved with an
> > :include: for the MTA-specific entries? 
> 
> What is the issue? Send it to a real person of your choice. Postfix has never
> had the ability to run suid root. As a result it has never been able to
> deliver mail to root. It appears to me you have worked with sendmail for way
> too long. :-)
> 
> Regards,
> 
> Tom

How about having the installer create a postmaster account that cannot
log in by default (shell of "/sbin/nologin") but can get mail with
pop/imap? Also have the installer prompt for a password that is
different than root's (to prevent sniffing root's plain text pop
password).

-- 
Chris Kloiber




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]