Re: How to Configure Qmail on Fedora Core 1 Server

From: Fritz Whittington (f.whittington_at_att.net)
Date: 07/27/04

  • Next message: Preston: "no sound in FC2" 
    Date: Tue, 27 Jul 2004 13:15:07 -0500
To: For users of Fedora Core releases <fedora-list@redhat.com>

    On or about 2004-07-27 11:42, Craig White whipped out a trusty #2 pencil
    and scribbled:

    >On Tue, 2004-07-27 at 09:12, Fritz Whittington wrote:
    >
    >
    >>While it may be a "good and custom practice" under some situations, it
    >>seems like a work-around that I don't need. I understand that the alias
    >>just moves root's mail to another user's mbox, so that it can be read by
    >>that user. In the days of DEC VT-10x and -2xx "smart" terminals, there
    >>could well be good security reasons for root not to read his mail while
    >>logged in as himself. In my situation, reading root's mail via pop3s
    >>over a *totally* secure LAN (I can see every cable with my naked eyes
    >>while sitting at the desk) and on a Windows machine, no less, seems even
    >>more secure than is required. It's easier and simpler to keep root's
    >>inbox and mail segregated from my "regular" Linux user's inbox, as well
    >>as from my other email accounts. Having options in the config file to
    >>define the available users, with the default starting at user 500 is a
    >>good protection for naive installers, but having root excluded by
    >>compilation from being configured by a non-naive installer just rubs me
    >>the wrong way.
    >>
    >>Secondly, if there are instructions for setting up postfix, sendmail,
    >>and dovecot that are as easy to use as the ones for qmail at
    >>qmailrocks.org, I have yet to find them. While I enjoy using Linux, I
    >>don't wanna make a career out of it. I'm retired from a long career of
    >>computer systems engineering; I'm tired of working *on* systems, would
    >>like to work *with* the systems for a change :-)
    >>
    >>
    >----
    >It seems pretty clear that security stems from redundant methodology to
    >ensure that if one thing goes wrong, another logical measure is
    >adequately empowered. Sometimes, the desire to protect a system against
    >inexperienced administrators that would cause the default configuration
    >or compiled options to deny root access.
    >
    >All you need to do is to create another account 'foo' and alias root's
    >mail to foo. The foo account need not even have a valid shell to
    >send/receive email. You can set up an MUA to use foo as if it were root
    >and it would make no difference at all - except that mail read as foo
    >would not have root's privileges.
    >
    *Mail read with Mozilla on a Windows machine from a POP3 server doesn't
    have root's privileges either!*
    (And yes, you can do anything in vi that you might want to do in emacs,
    so let's just ship *one* editor with the system and force everyone to do
    it *that* way, just because! OK with you? I thought not.) Of course,
    I guess I could set up the foo alias and then read foo's mail with
    Mozilla on a Windows machine from a POP3 server. Can you prove that to
    be even a tiny bit more secure?

    >Thus your argument about working
    >'with' or 'on' really doesn't hold water.
    >
    >
    That refers to something of an additional topic: qmail versus
    sendmail/postfix/dovecot and the ease of installing without having to
    read (first finding) bunches of docs and becoming something of a guru on
    the subject.

    Also, be aware that (IMHO) once any security issues are removed, this
    becomes a "religious" (that is, personal preference) issue just like the
    choice of a text editor. 

    -- 
Fritz Whittington
I can please only one person per day. Today is not your day. And tomorrow isn't looking good either.



    


    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Preston: "no sound in FC2"

    Relevant Pages

    • Re: How to Configure Qmail on Fedora Core 1 Server
      ... since the user foo would not have root privledges. ... that account is cracked they still are restricted on privileges. ... The security issue with reading mail as root via pop3 or imap is the ...
      (Fedora)
    • Re: Re: Ruby/Tk: How to access surrounding class from Tk Callback?
      ... # Do something with @root and @foo ... puts @root.foo # DOES NOT WORK ... @root in your button's command is an instance variable ...
      (comp.lang.ruby)
    • Re: How to Configure Qmail on Fedora Core 1 Server
      ... > could well be good security reasons for root not to read his mail while ... Having options in the config file to ... All you need to do is to create another account 'foo' and alias root's ...
      (Fedora)
    • [Fwd: Re: No printing at all!]
      ... I tested them, as I'll write below, only on a single machine ... > login as root and you should get a reasonable idea of what is going on. ... that allows only users in group foo, on one machine with several users, ... machine will be able to to change these settings ... ...
      (Debian-User)
    • Re: Query with LIKE comparison questions
      ... > 1) VarChar Column that contains account numbers which have ... > have put varying numbers of leading zeros. ... insert into foo values ...
      (comp.databases.oracle.misc)