Subject: Re: pkg/33221: default exim configuration file
To: None <,,,>
From: None <>
List: pkgsrc-bugs
Date: 04/09/2006 15:50:02
The following reply was made to PR pkg/33221; it has been noted by GNATS.

Subject: Re: pkg/33221: default exim configuration file
Date: Sun, 9 Apr 2006 17:48:08 +0200

 On Sun, Apr 09, 2006 at 03:30:02PM +0000, Aleksey Cheusov wrote:
 >   >>   >> IMHO it is better for daemons to listen to loopback interface
 >   >>   >> only by default. A patch for exim is below.
 >   >>  >  
 >   >>  >  This has been discussed before and rejected.
 >   >>  
 >   >>  Rejected?  from pkgsrc-users mailing list:
 >  >  
 >  >  I was refering to a different debatte than :-)
 >  You didn't include me to Cc :)
 Hugh? GNATS should include you automatically as originator.
 >   >>  ////////////////////////////////////////////
 >   >>  > Why not to change exim's default configuration file like this,
 >   >>  > i.e. to use it for local delivery only BY DEFAULT?
 >   >>  
 >   >>  David Brownlee <>
 >   >>   	I'm not adverse to this change, providing the MESSAGE
 >   >>   	documents it. For reference, do sendmail and postfix install
 >   >>   	from pkgsrc setup like this?
 >  >  
 >  >  The point is that sendmail and postfix should not have such a
 >  >  default config at all.
 >  "should not" or "hasn't not"? ;)
 have no such, sorry.
 >  IMO all they should be configured for local
 >  delivery only with no listening to external network interfaces by
 >  default.
 Again, why? Almost any real OS comes with a default MTA configured for
 local listening only. Heck, NetBSD even has two to choose from. The
 recent discuss was about itojun complaining the way this was achieved
 for postfix in base.
 So when someone goes and install exim/postfix/sendmail from pkgsrc she
 wants something the base system doesn't give her. Now we are in a
 different game, she wants pkgsrc $MTA and installs it. My reasoning is
 (a) the normal expectations is to get a basic out-of-the-box
 configuration for $MTA.
 (b) the default configuration as suggested by $vendor($MTA) in all three
 cases is either choose your config (sendmail, I guess) or
 listen-to-network (exim, postfix).
 A different question is whether or not to select a default configuration
 at all, but just provide multiple profiles. That's going too far off
 topic though.
 Please don't get me wrong, I like secure default configurations. But in
 this case the "security" card conflicts both with user expectation and
 usuability, without providing much protection.