please deactivate services by default!
Carl Byington
carl at five-ten-sg.com
Thu Sep 25 22:22:28 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Which is why we shouldn't be using local delivery for this stuff.
> Instead we should ask in firstboot where you'd want the mail
> delivered
> to.
If you don't do local delivery, but instead talk to some other server
over port 25/587, you then need to *also* ask for:
smtp authentication required (yes/no)
authentication style
pop before smtp (I wish that would go away)
smtp auth (login, plain, ntlm?)
tls (never, always, if available)
username/password for that authentication step - where will you keep
those credentials securely?
That is a rather large can of worms, rather than just doing local
delivery via a local sendmail. Then, only those who care need to worry
about the grungy details of getting that mail properly forwarded
elsewhere.
Consider the case of a laptop, booting up in a hotel that blocks
outgoing port 25, trying to send cron output. Consider the same hotel
blocking port 587 (yes, some are that silly). Suppose that at the time
this laptop was configured, it was on the same subnet as the corporate
mail server, so everything just seemed to work over port 25 with no
authentication (since relaying was allowed from that subnet). Now, when
the laptop is taken home, all the cron mail silently fails.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFI3A7lL6j7milTFsERAjk3AJ95KbqWuqRZNO9uC53C3Jyu71Ab4QCcCYkc
MTEYrw2O+mH3Ip+H80v/Nac=
=4BY8
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list