[linux-elitists] [anton.aylward@rogers.com: Re: [opensuse] Getting Rid of postfix and exim on my laptop]

Ruben Safir ruben@mrbrklyn.com
Thu Oct 23 16:42:43 PDT 2008


----- Forwarded message from Anton Aylward <anton.aylward@rogers.com> -----

X-Original-To: opensuse@lists4.opensuse.org
Delivered-To: opensuse@lists4.opensuse.org
X-Virus-Scanned: by amavisd-new at relay2.suse.de
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-20 required=5
	tests=[BAYES_50=0.001, DNS_FROM_SECURITYSAGE=0.001, MY_LINUX=-1,
	MY_SUSE=-1]
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=rogers.com;
  h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Received:Message-ID:Date:From:Reply-To:Organization:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
  b=y11UKb+w4LP1xorYXzj69w7RAaYNEzjBrPNmtBZuKn9lDMIzRlLHgO1UaFd8qLiEsIgiI65SRvKYULM+cfSbGzHGOD3if0JeLqagZcudZt1s5w6RUrZWqAkwdkBLgPuQOnvx9gEc9lDR3oD+iHrnur/EMIam9daOcdZZ5RBbSSE=  ;
X-YMail-OSG: 3xe69GYVM1nPnjcXOOnHFz1Js9.8PrDH1e3xmxBf31U4gKb4YcAd1dltJ8KF8MN7cg--
X-Yahoo-Newman-Property: ymail-3
Date: Thu, 23 Oct 2008 03:12:27 -0400
From: Anton Aylward <anton.aylward@rogers.com>
Reply-To: anton.aylward@rogers.com
Organization: System Integrity - Information Security & Assurance Assesment
 and Consulting
User-Agent: Thunderbird 2.0.0.17 (X11/20080922)
Precedence: bulk
Mailing-List: contact opensuse+help@opensuse.org; run by mlmmj
X-Mailinglist: opensuse
List-Post: <mailto:opensuse@opensuse.org>
List-Help: <mailto:opensuse+help@opensuse.org>
List-Subscribe:  <mailto:opensuse+subscribe@opensuse.org>
List-Unsubscribe:  <mailto:opensuse+unsubscribe@opensuse.org>
List-Owner: <mailto:opensuse+owner@opensuse.org>
X-MIME-Notice: attachments may have been removed from this message
To: OS-en <opensuse@opensuse.org>
Subject: Re: [opensuse] Getting Rid of postfix and exim on my laptop
In-Reply-To: <alpine.LSU.2.00.0810230328250.9764@nimrodel.valinor>

Carlos E. R. said the following on 10/22/2008 10:00 PM:
> 

> 
> But openSUSE is not a big enterprise distro, it is a "user" distro.

So you re saying that this should not be used as a desktop Linux in an
enterprise?

Can I quote you on that?

> 
> But you see, if you "decouple" the requirement or dependency of an smtp 
> server by services such as cron, I could not have my preferred method of 
> having cron mail me.

Why do you conclude that?
You statement is only accurate in that cron would not be DIRECTLY
mailing you.

If you use a tool such as SWATCH or SEC then any syslog event can mail you.

Both those tools are smart enough to condense multiple lines down to one
'event'.

As it stands, cron can _only_ mail me.  It will _always_ mail me.
Most of the time I'm not interested.  I only want to know if something
is wrong.

Marcus Ranum, talking about firewalls and IDS, makes the analogy with an
umbrella that notifies you about every raindrop that hits it.

Having tools like cron mail me when everything is OK is like that.
Using tools like SWATCH or SEC lets _me_ decide what I need to be
notified of and how I will be notified (mail, sms, pager, phone, popup,
whatever ...)

Nothing is stopping you from having cron notify you by mail - via syslog.

http://www.estpak.ee/~risto/sec/

This thread began about a dependency.  There are other dependencies in
other threads - bluetooth for example.

These is also the issue of the context of the installation.  laptops
have been cited.

Finally there is the situation that is very common where the "user" (you
said this was a "user" installation) does not make use of the stem mail
facilities but rather reads mail using a web interface such as gmail, or
uses something like Thunderbird to read the mail at their ISP via POP or
IMAP and uses Thunderbird's own SMTP service to send directly to the
ISP.  I would imagine this would be quite common with "home" "users" and
laptop "users".  After all, Postfix is an "enterprise" level MTA.
Wietse Venema, its designer and author, intended it as such.  While its
easier to set up than sendmail, it is a very powerful and capable tool.
It is most definitely intended for a enterprise level mail hub (I have
been using it for many years as such on my dedicated mail host) and
needs a fair bit of consideration to set up correctly.

But CRON isn't the only wacky dependency.
Have a look at the ldap software you are _required_ to have loaded.
Try uninstalling the openldap client or ldap_pam.
LDAP is bolted in to a whole pile of things like your printer
management, inetd management and http server management.  You have to
have this even if you don't use LDAP.

Now LDAP should be an option, like NIS/YP,that controlled by something
like the nsswitch.  The whole point of PAM is that its _pluggable_.  If
you don't plug that module in its never used.

Once again I point to other implementations that have figured this out
and not been faced with this crazy situation.

Failing to install LDAP shouldn't mean that I can't use YAST to
configure printers, add users or point my laptop and samba server.

Try for yourself.  In the software installer do a SEARCH for "ldap" with
only "RPM REQUIRES".  We get such things as Thunderbird, Adobe reader,
cURL, and Kgpg.  Try some other values to search for and see what other
wacky dependencies you can find.

I mention this because LDAP is most certainly an _enterprise_ tool, not
one would normally install on a laptop.  A single user system, a
non-enterprise "user" can get by with the /etc/passwd (&family) file(s).
That's what nsswitch is for.  If you comment out the "nis" and "ldap"
from there, then those facilities never get used.

Once again, PAM is pluggable.  The SYSLOG model allows you to select
whether you want to know about various events.  In a "user" setting many
of these *MANDATORY* things are pure overhead.  Simple "users" will read
their mail on the web - that's what the internet is for!   Simple users
won't set up Samba server but may connect to them.  Simple users won't
set up DNS servers but will connect to them.

Carlos, you seem to want it both ways.  You say openSUSE is a "user"
system not an enterprise one, but its set up to force the installation
of enterprise software that is not appropriate to the context a simple
"user".



-- 
We succeed only as we identify in life, or in war, or in anything else,
a single overriding objective, and make all other considerations bend to
that one objective.
    Dwight D. Eisenhower, speech, April 2, 1957
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org

----- End forwarded message -----

-- 
http://www.mrbrklyn.com - Interesting Stuff
http://www.nylxs.com - Leadership Development in Free Software

So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world  - RI Safir 1998

http://fairuse.nylxs.com  DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002

"Yeah - I write Free Software...so SUE ME"

"The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society."

"> I'm an engineer. I choose the best tool for the job, politics be damned.<
You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt.  I guess you missed that one."

© Copyright for the Digital Millennium


More information about the linux-elitists mailing list