Changes/NoDefaultSendmail

From FedoraProject

< Changes(Difference between revisions)
Jump to: navigation, search
(User Experience)
(998571 has been closed)
 
(22 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= No More Sendmail =
+
= No Default Sendmail =
  
 
== Summary ==
 
== Summary ==
Change "comps" to no longer install an MTA by default, more specifically let's remove sendmail from the default install!
+
No longer install an MTA by default. (Specifically let's remove sendmail from @core and @standard comps groups.)
  
 
== Owner ==
 
== Owner ==
* Name: [[User:lennart|Lennart Poettering]]
+
* Name: [[User:mattdm|Matthew Miller]]
* Email: lennart at poettering net
+
* Email: mattdm at fedoraproject org
 
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> -->
 
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> -->
 
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
 
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
Line 14: Line 14:
 
== Current status ==
 
== Current status ==
 
* Targeted release: [[Releases/20 | Fedora 20 ]]  
 
* Targeted release: [[Releases/20 | Fedora 20 ]]  
* Last updated: 2013-07-08
+
* Last updated: 2013-07-11
* Tracker bug: <will be assigned by the Wrangler>
+
* Tracker bug: <s>[https://bugzilla.redhat.com/show_bug.cgi?id=998571 #998571]</s>
  
 
== Detailed Description ==
 
== Detailed Description ==
Let's change the default install to no longer install an MTA by default, let's remove sendmail from the "comps" default.
+
Let's change the default install to no longer install an MTA by default. Specifically, let's remove sendmail from the @standard and @core group.
  
On today's Internet most SMTP hosts do not accept mail unrestricted anyway, hence the default configuration of sendmail is seldom useful. Something that doesn't work without manual configuration should not be in the default install however.
+
On today's Internet most SMTP hosts do not accept mail from a server which is not configured as a mail exchange for a real domain, hence the default configuration of sendmail is seldom useful. Even if the server is not tied to a real mail domain, it can be configured to authenticate as a user on the target server, but again, this requires explicit configuration on both ends and is fairly awkward. Something that doesn't work without manual configuration should not be in the default install.
  
The MUAs we ship (especially those we install by default) do not deliver to a local MTA anyway but rather include an SMTP client.
+
Most MUAs we ship (especially those we install by default) do not deliver to a local MTA anyway but rather include an SMTP client. Usually, they will not pick up mail delivered to local users. This means that unless the user knows about local mail and takes steps to receive local mail addressed to root, such messages are likely to be ignored. Our current setup in many ways hence currently operates as reliable /dev/null for important messages intended for root. Even worse, there is no rotation for this mail spool, meaning that this mailbox if it is unchecked will slowly eat up disk space in /var until disk space is entirely unavailable.
  
On top of that, sendmail has always been a quite surprising choice for an MTA, as most administrators tend to prefer mail systems such as Postfix or Exim these days, and Sendmail appears to be a quite arcane choice to most.
+
On top of that, sendmail has always been a quite surprising choice for an MTA, as most administrators tend to prefer mail systems such as Postfix or Exim these days, and Sendmail appears to be quite arcane to most.
  
Administrators should install the MTA of their choice after installation (or via kickstart) however sendmail should not be the default anymore.
+
Administrators should install the MTA of their choice after installation (or via kickstart) and sendmail should not be the default anymore.
  
Many other distributions do not install an MTA by default anymore, and so should we. Running systess without MTA is already widely tested.
+
Many other distributions do not install an MTA by default anymore (Including Ubuntu since 2007), and so should we. Running systems without MTA is already widely tested.
  
 
The various tools (such as cron) which previously required a local MTA for operation have been updated already to deliver their job output to syslog rather than sendmail, which is a good default.
 
The various tools (such as cron) which previously required a local MTA for operation have been updated already to deliver their job output to syslog rather than sendmail, which is a good default.
 +
 +
Also see the previous attempt: [[Features/NoDefaultMTA]]
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
Line 38: Line 40:
 
Simply remove "sendmail" from all default install groups in "comps".
 
Simply remove "sendmail" from all default install groups in "comps".
  
Packages which strictly require a MTA to run might need updating to gain dependencies on some kind of MTA (but they needed that before too, so this is mostly just bugfixing that's useful anyway). If any of the packages in the default install is one of those, we need to look at it in detail, and find a solution. However, currently no package of the default install is requiring an MTA.
+
Packages which strictly require a MTA to run might need updating to gain dependencies on "server(smtp)" (but they needed that before too, so this is mostly just bugfixing that's useful anyway). If any of the packages in the default install is one of those, we need to look at it in detail, and find a solution. However, currently no package of the default install is requiring an MTA.
  
 
* Proposal owners: Commit a change to "comps" to remove "sendmail" from it.
 
* Proposal owners: Commit a change to "comps" to remove "sendmail" from it.
  
* Other developers: not much, just test F20 regularly.
+
* Other developers: logwatch/logcheck might need updating to not require an MTA for delivering log changes. Some packages might need a dependency on "server(smtp)" added.
  
 
* Release engineering: nothing really.
 
* Release engineering: nothing really.
Line 61: Line 63:
  
 
== Contingency Plan ==
 
== Contingency Plan ==
* Contingency mechanism: Readd "sendmail" to comps.
+
 
 +
The full contingency plan is simply to put sendmail back in @core. Alternately, we could fall back to the smaller change of removing sendmail from @core (the smallest possible install) but leaving it in @standard (the default install). That way, minimal installations (including the Fedora cloud image) could benefit now while also serving as an incremental proving ground until whatever issues are resolved.
 +
 
 +
* Contingency mechanism: Re-add "sendmail" to comps, either in @core or in just in @standard.
 
* Contingency deadline: beta release
 
* Contingency deadline: beta release
* Blocks release? not really, it's trivial to revert and has no dependency in other packages.
+
* Blocks release? probably
  
 
== Documentation ==
 
== Documentation ==
Line 76: Line 81:
 
$ yum install postfix"
 
$ yum install postfix"
  
[[Category:ChangePageIncomplete]]
+
[[Category:ChangeAcceptedF20]]
 
<!-- When your change proposal page is completed and ready for review and announcement -->
 
<!-- When your change proposal page is completed and ready for review and announcement -->
 
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
 
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Latest revision as of 00:37, 29 December 2013

Contents

[edit] No Default Sendmail

[edit] Summary

No longer install an MTA by default. (Specifically let's remove sendmail from @core and @standard comps groups.)

[edit] Owner

  • Name: Matthew Miller
  • Email: mattdm at fedoraproject org
  • Release notes owner:

[edit] Current status

[edit] Detailed Description

Let's change the default install to no longer install an MTA by default. Specifically, let's remove sendmail from the @standard and @core group.

On today's Internet most SMTP hosts do not accept mail from a server which is not configured as a mail exchange for a real domain, hence the default configuration of sendmail is seldom useful. Even if the server is not tied to a real mail domain, it can be configured to authenticate as a user on the target server, but again, this requires explicit configuration on both ends and is fairly awkward. Something that doesn't work without manual configuration should not be in the default install.

Most MUAs we ship (especially those we install by default) do not deliver to a local MTA anyway but rather include an SMTP client. Usually, they will not pick up mail delivered to local users. This means that unless the user knows about local mail and takes steps to receive local mail addressed to root, such messages are likely to be ignored. Our current setup in many ways hence currently operates as reliable /dev/null for important messages intended for root. Even worse, there is no rotation for this mail spool, meaning that this mailbox if it is unchecked will slowly eat up disk space in /var until disk space is entirely unavailable.

On top of that, sendmail has always been a quite surprising choice for an MTA, as most administrators tend to prefer mail systems such as Postfix or Exim these days, and Sendmail appears to be quite arcane to most.

Administrators should install the MTA of their choice after installation (or via kickstart) and sendmail should not be the default anymore.

Many other distributions do not install an MTA by default anymore (Including Ubuntu since 2007), and so should we. Running systems without MTA is already widely tested.

The various tools (such as cron) which previously required a local MTA for operation have been updated already to deliver their job output to syslog rather than sendmail, which is a good default.

Also see the previous attempt: Features/NoDefaultMTA

[edit] Benefit to Fedora

Our default install will need less footprint on disk and at runtime. We'll boot a bit faster. Our attack surface is slightly smaller, as we'll have one less daemon running by default that communicates via IP.

[edit] Scope

Simply remove "sendmail" from all default install groups in "comps".

Packages which strictly require a MTA to run might need updating to gain dependencies on "server(smtp)" (but they needed that before too, so this is mostly just bugfixing that's useful anyway). If any of the packages in the default install is one of those, we need to look at it in detail, and find a solution. However, currently no package of the default install is requiring an MTA.

  • Proposal owners: Commit a change to "comps" to remove "sendmail" from it.
  • Other developers: logwatch/logcheck might need updating to not require an MTA for delivering log changes. Some packages might need a dependency on "server(smtp)" added.
  • Release engineering: nothing really.
  • Policies and guidelines: nothing really. Maybe the guidelines should clarify that /usr/bin/sendmail doesn't exist on many systems, but that was already the case before -- so little changes.

[edit] Upgrade/compatibility impact

Old installs will continue to have sendmail installed, nothing changes for them.

[edit] How To Test

Just make sure that everything works correctly, and that cronjob output ends up in the system logs.

[edit] User Experience

Few people should notice. Administrators might need to install an MTA first before they can configure it.

[edit] Dependencies

Nothing really.

[edit] Contingency Plan

The full contingency plan is simply to put sendmail back in @core. Alternately, we could fall back to the smaller change of removing sendmail from @core (the smallest possible install) but leaving it in @standard (the default install). That way, minimal installations (including the Fedora cloud image) could benefit now while also serving as an incremental proving ground until whatever issues are resolved.

  • Contingency mechanism: Re-add "sendmail" to comps, either in @core or in just in @standard.
  • Contingency deadline: beta release
  • Blocks release? probably

[edit] Documentation

Nothing really. This is a relatively simple change.

[edit] Release Notes

Maybe something like this should be added to the release notes:

"Note that F20 does not install a Mail Transfer Agent by default anymore. If the administrator needs local mail delivery or wants to set up a mail server we recommend installing an MTA such as Postfix, Sendmail or exim with a command like like the following:

$ yum install postfix"