From Fedora Project Wiki

Revision as of 00:37, 29 December 2013 by Ckujau (talk | contribs) (998571 has been closed)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

No Default Sendmail

Summary

No longer install an MTA by default. (Specifically let's remove sendmail from @core and @standard comps groups.)

Owner

  • Name: Matthew Miller
  • Email: mattdm at fedoraproject org
  • Release notes owner:

Current status

Detailed Description

Let's change the default install to no longer install an MTA by default. Specifically, let's remove sendmail from the @standard and @core group.

On today's Internet most SMTP hosts do not accept mail from a server which is not configured as a mail exchange for a real domain, hence the default configuration of sendmail is seldom useful. Even if the server is not tied to a real mail domain, it can be configured to authenticate as a user on the target server, but again, this requires explicit configuration on both ends and is fairly awkward. Something that doesn't work without manual configuration should not be in the default install.

Most MUAs we ship (especially those we install by default) do not deliver to a local MTA anyway but rather include an SMTP client. Usually, they will not pick up mail delivered to local users. This means that unless the user knows about local mail and takes steps to receive local mail addressed to root, such messages are likely to be ignored. Our current setup in many ways hence currently operates as reliable /dev/null for important messages intended for root. Even worse, there is no rotation for this mail spool, meaning that this mailbox if it is unchecked will slowly eat up disk space in /var until disk space is entirely unavailable.

On top of that, sendmail has always been a quite surprising choice for an MTA, as most administrators tend to prefer mail systems such as Postfix or Exim these days, and Sendmail appears to be quite arcane to most.

Administrators should install the MTA of their choice after installation (or via kickstart) and sendmail should not be the default anymore.

Many other distributions do not install an MTA by default anymore (Including Ubuntu since 2007), and so should we. Running systems without MTA is already widely tested.

The various tools (such as cron) which previously required a local MTA for operation have been updated already to deliver their job output to syslog rather than sendmail, which is a good default.

Also see the previous attempt: Features/NoDefaultMTA

Benefit to Fedora

Our default install will need less footprint on disk and at runtime. We'll boot a bit faster. Our attack surface is slightly smaller, as we'll have one less daemon running by default that communicates via IP.

Scope

Simply remove "sendmail" from all default install groups in "comps".

Packages which strictly require a MTA to run might need updating to gain dependencies on "server(smtp)" (but they needed that before too, so this is mostly just bugfixing that's useful anyway). If any of the packages in the default install is one of those, we need to look at it in detail, and find a solution. However, currently no package of the default install is requiring an MTA.

  • Proposal owners: Commit a change to "comps" to remove "sendmail" from it.
  • Other developers: logwatch/logcheck might need updating to not require an MTA for delivering log changes. Some packages might need a dependency on "server(smtp)" added.
  • Release engineering: nothing really.
  • Policies and guidelines: nothing really. Maybe the guidelines should clarify that /usr/bin/sendmail doesn't exist on many systems, but that was already the case before -- so little changes.

Upgrade/compatibility impact

Old installs will continue to have sendmail installed, nothing changes for them.

How To Test

Just make sure that everything works correctly, and that cronjob output ends up in the system logs.

User Experience

Few people should notice. Administrators might need to install an MTA first before they can configure it.

Dependencies

Nothing really.

Contingency Plan

The full contingency plan is simply to put sendmail back in @core. Alternately, we could fall back to the smaller change of removing sendmail from @core (the smallest possible install) but leaving it in @standard (the default install). That way, minimal installations (including the Fedora cloud image) could benefit now while also serving as an incremental proving ground until whatever issues are resolved.

  • Contingency mechanism: Re-add "sendmail" to comps, either in @core or in just in @standard.
  • Contingency deadline: beta release
  • Blocks release? probably

Documentation

Nothing really. This is a relatively simple change.

Release Notes

Maybe something like this should be added to the release notes:

"Note that F20 does not install a Mail Transfer Agent by default anymore. If the administrator needs local mail delivery or wants to set up a mail server we recommend installing an MTA such as Postfix, Sendmail or exim with a command like like the following:

$ yum install postfix"