(998571 has been closed) |
|||
(26 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
= No | = No Default Sendmail = | ||
== Summary == | == Summary == | ||
No longer install an MTA by default. (Specifically let's remove sendmail from @core and @standard comps groups.) | |||
== Owner == | == Owner == | ||
* Name: [[User: | * Name: [[User:mattdm|Matthew Miller]] | ||
* Email: | * Email: mattdm at fedoraproject org | ||
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | * Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | ||
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | ||
Line 14: | Line 14: | ||
== Current status == | == Current status == | ||
* Targeted release: [[Releases/20 | Fedora 20 ]] | * Targeted release: [[Releases/20 | Fedora 20 ]] | ||
* Last updated: 2013-07- | * Last updated: 2013-07-11 | ||
* Tracker bug: < | * Tracker bug: <s>[https://bugzilla.redhat.com/show_bug.cgi?id=998571 #998571]</s> | ||
== Detailed Description == | == Detailed Description == | ||
Let's change the default install to no longer install an MTA by default, let's remove sendmail from the | Let's change the default install to no longer install an MTA by default. Specifically, let's remove sendmail from the @standard and @core group. | ||
On today's Internet most SMTP hosts do not accept mail | On today's Internet most SMTP hosts do not accept mail from a server which is not configured as a mail exchange for a real domain, hence the default configuration of sendmail is seldom useful. Even if the server is not tied to a real mail domain, it can be configured to authenticate as a user on the target server, but again, this requires explicit configuration on both ends and is fairly awkward. Something that doesn't work without manual configuration should not be in the default install. | ||
Most MUAs we ship (especially those we install by default) do not deliver to a local MTA anyway but rather include an SMTP client. Usually, they will not pick up mail delivered to local users. This means that unless the user knows about local mail and takes steps to receive local mail addressed to root, such messages are likely to be ignored. Our current setup in many ways hence currently operates as reliable /dev/null for important messages intended for root. Even worse, there is no rotation for this mail spool, meaning that this mailbox if it is unchecked will slowly eat up disk space in /var until disk space is entirely unavailable. | |||
On top of that, sendmail has always been a quite surprising choice for an MTA, as most administrators tend to prefer mail systems such as Postfix or Exim these days, and Sendmail appears to be | On top of that, sendmail has always been a quite surprising choice for an MTA, as most administrators tend to prefer mail systems such as Postfix or Exim these days, and Sendmail appears to be quite arcane to most. | ||
Administrators should install the MTA of their choice after installation (or via kickstart) | Administrators should install the MTA of their choice after installation (or via kickstart) and sendmail should not be the default anymore. | ||
Many other distributions do not install an MTA by default anymore, and so should we. | Many other distributions do not install an MTA by default anymore (Including Ubuntu since 2007), and so should we. Running systems without MTA is already widely tested. | ||
The various tools (such as cron) which previously required a local MTA for operation have been updated already to deliver their job output to syslog rather than sendmail, which is a good default. | The various tools (such as cron) which previously required a local MTA for operation have been updated already to deliver their job output to syslog rather than sendmail, which is a good default. | ||
Also see the previous attempt: [[Features/NoDefaultMTA]] | |||
== Benefit to Fedora == | == Benefit to Fedora == | ||
Line 36: | Line 38: | ||
== Scope == | == Scope == | ||
Simply remove "sendmail" from all default | Simply remove "sendmail" from all default install groups in "comps". | ||
Packages which strictly require a MTA to run might need updating to gain dependencies on | Packages which strictly require a MTA to run might need updating to gain dependencies on "server(smtp)" (but they needed that before too, so this is mostly just bugfixing that's useful anyway). If any of the packages in the default install is one of those, we need to look at it in detail, and find a solution. However, currently no package of the default install is requiring an MTA. | ||
* Proposal owners: | * Proposal owners: Commit a change to "comps" to remove "sendmail" from it. | ||
Commit a change to "comps" to remove "sendmail" from it. | |||
* Other developers: not | * Other developers: logwatch/logcheck might need updating to not require an MTA for delivering log changes. Some packages might need a dependency on "server(smtp)" added. | ||
* Release engineering: nothing really. | * Release engineering: nothing really. | ||
* Policies and guidelines: nothing really. Maybe the guidelines should clarify that /usr/bin/sendmail doesn't exist on many systems, but that was already the case before so little changes. | * Policies and guidelines: nothing really. Maybe the guidelines should clarify that /usr/bin/sendmail doesn't exist on many systems, but that was already the case before -- so little changes. | ||
== Upgrade/compatibility impact == | == Upgrade/compatibility impact == | ||
Line 56: | Line 57: | ||
== User Experience == | == User Experience == | ||
Few people should notice. | Few people should notice. Administrators might need to install an MTA first before they can configure it. | ||
== Dependencies == | == Dependencies == | ||
Line 62: | Line 63: | ||
== Contingency Plan == | == Contingency Plan == | ||
* Contingency mechanism: | |||
The full contingency plan is simply to put sendmail back in @core. Alternately, we could fall back to the smaller change of removing sendmail from @core (the smallest possible install) but leaving it in @standard (the default install). That way, minimal installations (including the Fedora cloud image) could benefit now while also serving as an incremental proving ground until whatever issues are resolved. | |||
* Contingency mechanism: Re-add "sendmail" to comps, either in @core or in just in @standard. | |||
* Contingency deadline: beta release | * Contingency deadline: beta release | ||
* Blocks release? | * Blocks release? probably | ||
== Documentation == | == Documentation == | ||
Line 77: | Line 81: | ||
$ yum install postfix" | $ yum install postfix" | ||
[[Category: | [[Category:ChangeAcceptedF20]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> |
Latest revision as of 00:37, 29 December 2013
No Default Sendmail
Summary
No longer install an MTA by default. (Specifically let's remove sendmail from @core and @standard comps groups.)
Owner
- Name: Matthew Miller
- Email: mattdm at fedoraproject org
- Release notes owner:
Current status
Detailed Description
Let's change the default install to no longer install an MTA by default. Specifically, let's remove sendmail from the @standard and @core group.
On today's Internet most SMTP hosts do not accept mail from a server which is not configured as a mail exchange for a real domain, hence the default configuration of sendmail is seldom useful. Even if the server is not tied to a real mail domain, it can be configured to authenticate as a user on the target server, but again, this requires explicit configuration on both ends and is fairly awkward. Something that doesn't work without manual configuration should not be in the default install.
Most MUAs we ship (especially those we install by default) do not deliver to a local MTA anyway but rather include an SMTP client. Usually, they will not pick up mail delivered to local users. This means that unless the user knows about local mail and takes steps to receive local mail addressed to root, such messages are likely to be ignored. Our current setup in many ways hence currently operates as reliable /dev/null for important messages intended for root. Even worse, there is no rotation for this mail spool, meaning that this mailbox if it is unchecked will slowly eat up disk space in /var until disk space is entirely unavailable.
On top of that, sendmail has always been a quite surprising choice for an MTA, as most administrators tend to prefer mail systems such as Postfix or Exim these days, and Sendmail appears to be quite arcane to most.
Administrators should install the MTA of their choice after installation (or via kickstart) and sendmail should not be the default anymore.
Many other distributions do not install an MTA by default anymore (Including Ubuntu since 2007), and so should we. Running systems without MTA is already widely tested.
The various tools (such as cron) which previously required a local MTA for operation have been updated already to deliver their job output to syslog rather than sendmail, which is a good default.
Also see the previous attempt: Features/NoDefaultMTA
Benefit to Fedora
Our default install will need less footprint on disk and at runtime. We'll boot a bit faster. Our attack surface is slightly smaller, as we'll have one less daemon running by default that communicates via IP.
Scope
Simply remove "sendmail" from all default install groups in "comps".
Packages which strictly require a MTA to run might need updating to gain dependencies on "server(smtp)" (but they needed that before too, so this is mostly just bugfixing that's useful anyway). If any of the packages in the default install is one of those, we need to look at it in detail, and find a solution. However, currently no package of the default install is requiring an MTA.
- Proposal owners: Commit a change to "comps" to remove "sendmail" from it.
- Other developers: logwatch/logcheck might need updating to not require an MTA for delivering log changes. Some packages might need a dependency on "server(smtp)" added.
- Release engineering: nothing really.
- Policies and guidelines: nothing really. Maybe the guidelines should clarify that /usr/bin/sendmail doesn't exist on many systems, but that was already the case before -- so little changes.
Upgrade/compatibility impact
Old installs will continue to have sendmail installed, nothing changes for them.
How To Test
Just make sure that everything works correctly, and that cronjob output ends up in the system logs.
User Experience
Few people should notice. Administrators might need to install an MTA first before they can configure it.
Dependencies
Nothing really.
Contingency Plan
The full contingency plan is simply to put sendmail back in @core. Alternately, we could fall back to the smaller change of removing sendmail from @core (the smallest possible install) but leaving it in @standard (the default install). That way, minimal installations (including the Fedora cloud image) could benefit now while also serving as an incremental proving ground until whatever issues are resolved.
- Contingency mechanism: Re-add "sendmail" to comps, either in @core or in just in @standard.
- Contingency deadline: beta release
- Blocks release? probably
Documentation
Nothing really. This is a relatively simple change.
Release Notes
Maybe something like this should be added to the release notes:
"Note that F20 does not install a Mail Transfer Agent by default anymore. If the administrator needs local mail delivery or wants to set up a mail server we recommend installing an MTA such as Postfix, Sendmail or exim with a command like like the following:
$ yum install postfix"