Results 1 to 7 of 7

Thread: Mail-agents in KDE and openSUSE12.2 - General info und function: can anybody get my ideas clearer?

  1. #1
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Question Mail-agents in KDE and openSUSE12.2 - General info und function: can anybody get my ideas clearer?

    I am using 12.2 64bit and KDE (default). My preferred mail program is Kontact/Kmail.

    Now, using apparmor and issuing the aa-unconfined I recall (my system is currently broken so I cannot access the logfiles etc easily):
    • I saw sendmail listening
    • there is postfix running (found a whole lot of records in /var/log/warn about postfix (which where "permitted" so apparently this is O.K.).

    I would have understood that sendmail is not a good choice to be used and postfix is safer. Maybe that info is outdated... So a few questions, if someone by chance is knowledgeable s(he) can enlighten me about these:
    • is currently sendmail still installed by default in openSUSE and if yes, why and what is it used for
    • if not, which program could have triggered its install?
    • as postfix is installed for sure, is it currently the default mail agent?
    • how does the structure work anyway? This is a very general question maybe, you may also point me to a document either in the documentation or web. What I actually do not understand is the relationship between the KDE mail program (Kmail) and the underlying postfix (sendmail?) program. I am just trying to understand that point. Of course I will read the "f-manual" but lets be conscious about the sad situation: I am currently still on.... which one has to be read?


    Thank you.
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Mail-agents in KDE and openSUSE12.2 - General info und function:can anybody get my ideas clearer?

    On 2013-01-18 11:36, stakanov wrote:

    > I would have understood that sendmail is not a good choice to be used
    > and postfix is safer. Maybe that info is outdated... So a few questions,
    > if someone by chance is knowledgeable s(he) can enlighten me about
    > these:


    No, postfix contains a minimal sendmail binary because some applications
    call directly sendmail in order to send mail. It is not sendmail from
    the sendmail project, it is different.


    > - how does the structure work anyway? This is a very general question
    > maybe, you may also point me to a document either in the documentation
    > or web. What I actually do not understand is the relationship between
    > the KDE mail program (Kmail) and the underlying postfix (sendmail?)
    > program.


    None, except that you can configure kmail (or any other) to use the
    local postfix for sending email. I do.

    Don't try to remove postfix even if you don't use it. It is required by
    some unix/linux traditional programs - for example, cron. There are
    talks about replacing it with a minimal daemon, but such doesn't exist
    or there has not being agreement on it yet.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4, with Evergreen, x86_64 "Celadon" (Minas Tirith))

  3. #3
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Question Re: Mail-agents in KDE and openSUSE12.2 - General info und function: can anybody get my ideas cleare

    Thank you very much. That is very kind to make me have this info. Effectively I had some Cron things running (e.g. rkhunter).
    O.K. that triggers the next question:

    A user has the possibility to receive mail from root. But this is generally not encouraged (at least I did read this) because it is considered a security risk. Now why would this be? Because this would require a suid to be set to do a kind of "cat /var/log/messages"?

    (I know I am terrible, but at least one by one I understand some of the issues). BTW this about the sendmail component is very interesting. So, if I confine with apparmor the postfix component, I still have to do a profile for the integrated sendmail one? What advantage would if have to use the local postfix component to send mail (with other words why did you chose to use postfix in Kmail?
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,394

    Default Re: Mail-agents in KDE and openSUSE12.2 - General info und function: can anybody get my ideas cleare

    Quote Originally Posted by stakanov View Post
    A user has the possibility to receive mail from root. But this is generally not encouraged (at least I did read this) because it is considered a security risk. Now why would this be? Because this would require a suid to be set to do a kind of "cat /var/log/messages"?
    Standard question back: where did you read this. We can not base things on urban legends. I personaly shouldn't know why this is a security risk. So I am intersted to know why.
    Henk van Velden

  5. #5
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Arrow Re: Mail-agents in KDE and openSUSE12.2 - General info und function: can anybody get my ideas cleare

    Quote Originally Posted by hcvv View Post
    Standard question back: where did you read this. We can not base things on urban legends. I personaly shouldn't know why this is a security risk. So I am intersted to know why.
    If I would be badly minded I could argue that it is not a good thing to begin to speak about "urban legends" because this would imply already a judgement and you belief I am keen to belief in urban legends. But you are right to ask for sources and one of the problems of the net is rightly the reliability of sources. Which is probably why I did ask: Where?....ouff, I did read this time ago, but I think it was a pdf. I will try to find the source. Fact is, the argument did not appear completely clear to me, to the contrary, but it seamed "evident" for the author. Actually I would like to receive even in a plasmoid messages coming in, but this never worked for me.
    I think the discussion has to do with permissions:
    [Chapter 22] 22.5 Permissions
    (look at the arguments in the ~/.forward file chapter). Now this is for sendmail and we said that the latter is not used in openSUSE but postfix.

    But I am currently not able to give you THE exact reference where I did read it. Will continue to look for it (if hopefully I am able to fix my system, still on a life CD....
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

  6. #6
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,394

    Default Re: Mail-agents in KDE and openSUSE12.2 - General info und function: can anybody get my ideas cleare

    Quote Originally Posted by stakanov View Post
    If I would be badly minded I could argue that it is not a good thing to begin to speak about "urban legends" because this would imply already a judgement and you belief I am keen to belief in urban legends. But you are right to ask for sources and one of the problems of the net is rightly the reliability of sources. Which is probably why I did ask: Where?....ouff, I did read this time ago, but I think it was a pdf. I will try to find the source. Fact is, the argument did not appear completely clear to me, to the contrary, but it seamed "evident" for the author. Actually I would like to receive even in a plasmoid messages coming in, but this never worked for me.
    I think the discussion has to do with permissions:
    [Chapter 22] 22.5 Permissions
    (look at the arguments in the ~/.forward file chapter). Now this is for sendmail and we said that the latter is not used in openSUSE but postfix.

    But I am currently not able to give you THE exact reference where I did read it. Will continue to look for it (if hopefully I am able to fix my system, still on a life CD....
    What you are pointing to now via that article is not what I understood from your original statment. This says:
    A user has the possibility to receive mail from root.
    Where I said yo myself: So what. Not understanding at all what comes behind. What I read here is simply a user on a system sending a mail to another user. This is almost the same as sending from one user on one system to another user on another system. We do this all a hundred times per day.

    But you are talking about Forewarding mail. Which is something different. And which you shouldn't do (or maybe do it, but I guess almost nobody here does).

    The article is very Unix and sendmail based. As you stated already, do not use sendmail (it allways was a headache, to complex and thus vulnarable to, unintended, misuse). And about those "semi priviliged" users, I see the user bin exists on openSUSE, but it owns no files at all.
    Last edited by hcvv; 18-Jan-2013 at 13:11.
    Henk van Velden

  7. #7
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Mail-agents in KDE and openSUSE12.2 - General info und function:can anybody get my ideas clearer?

    On 2013-01-18 18:56, stakanov wrote:
    >
    > Thank you very much. That is very kind to make me have this info.
    > Effectively I had some Cron things running (e.g. rkhunter).


    And other system tools that run by default.

    > O.K. that triggers the next question:
    >
    > A user has the possibility to receive mail from root. But this is
    > generally not encouraged (at least I did read this) because it is
    > considered a security risk. Now why would this be? Because this would
    > require a suid to be set to do a kind of "cat /var/log/messages"?


    Like Henk, I don't see why getting emails from root would be dangerous.
    You don't have to suid to get or read them.

    The only ting related to that is the contrary, root receiving emails,
    because then you have to be root to read and process them; for that
    reason there is an entry in /etc/aliases that sends all email going to
    root to another user. This is so important that yast asks for the name
    of that user when configuring email.

    > (I know I am terrible, but at least one by one I understand some of the
    > issues). BTW this about the sendmail component is very interesting. So,
    > if I confine with apparmor the postfix component, I still have to do a
    > profile for the integrated sendmail one?


    No.
    No, because postfix does not use (call) sendmail. It is other external
    applications that instead of using the smtp protocol call sendmail to
    send an email. If, for example, you use Pine as mail client, that one
    can call sendmail to send email, and thus you would consider sendmail in
    the Pine profile.

    > What advantage would if have to
    > use the local postfix component to send mail (with other words why did
    > you chose to use postfix in Kmail?


    Because that way kmail, or Pine, or thunderbird hands off the email to
    postfix and return fast, while postfix grinds along sending that post,
    and I get a nice log where I can see the process, and it fails I see why.

    And because it is simpler for use with Pine.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4, with Evergreen, x86_64 "Celadon" (Minas Tirith))

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •