Your message dated Wed, 16 Apr 2008 17:40:43 -0400
with message-id <[EMAIL PROTECTED]>
and subject line exim has been removed from Debian, closing #170451
has caused the Debian Bug report #170451,
regarding exim: Exim should not start listener in local delivery only mode
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
170451: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=170451
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: exim
Version: N/A
Severity: wishlist
Tags: security
The current exim version in stable will always start a listener in port 25
regardless of the current configuration. Since exim can be configured in a
"Local delivery only" mode it does not make much sense for exim to start
if configured thus.
I would propose, in order to limit the exposure due to exim's installation
(which is taken as the default MTA), to have exim either:
- listen only on loopback interface when configured in local delivery
mode and running as a daemon
or
- modify the init.d script os if local delivery mode is configured in the
exim.conf (checking though a 'grep ^....') do not start the daemon.
If exim is configured to run through inetd, I would advise against adding
the entry in the inetd.conf if local delivery mode is configured.
Please notice that the 'security' tag is added because I don't consider
this behaviour a "secure by default" mode. Unknowledgeable users might
configure local delivery mode only in order to have programs use the local
mail system to notify of actions (logchecker does this, cron too).
However, they will not be aware that their computer's port 25 is open and
available for remote intruders to tamper with.
Regards
Javi
-- System Information
Debian Release: 3.0
Kernel Version: Linux avalon 2.4.18 #1 SMP miƩ abr 3 12:47:49 CEST 2002 i686
unknown
--- End Message ---
--- Begin Message ---
Version: 3.36-18.2+rm
The exim package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.
For more information about this package's removal, read
http://bugs.debian.org/420191 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Barry deFreese
--- End Message ---
