[lsb-discuss] Inclusion of sendmail and patch

[Dan Kegel]

Lee W wrote:
> After considering this further I guess the easiest (from the users point of
> view) way of resolving the concerns on this requirement would be to
> configure a firewall that doesn't allow incoming connections on the SMTP
> port (of course others would need to be blocked as well).  I still believe
> this is akin to (how does the expression go) "Closing the barn door after
> the horse has bolted", why try to secure something that should not
> necessarily be available anyway.  There would of course be other options,
> such as the daemon only listens to requests from the localhost.

Yes.  Those two precautions together go a long way towards disallowing
abuse.

> The distro I am trying to create will be aimed at the corporate user, be it
> server or workstation. This requirement causes a similair problem to one
> that I have experienced at work with users running Windows 2000 Pro.  I have
> had to deal with numerous issues where customers have been used as open-mail
> relays simply because they choose to include IIS (with its associated SMTP
> Service). I would hate to see the LSB cause (by a compliancy requirement)
> the same mistakes as that made by Microsoft on this matter.

Given the safeguards above (which Red Hat follows now, by the way!),
there is little to no chance of being used as a relay.

- Dan

-- 
Dan Kegel
http://www.kegel.com
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=78045