Re: Many ports open by default
Steve == Steve Greenland [EMAIL PROTECTED] writes: *beep, wrong* :) update-rc.d -f exim remove Steve *beep*, *wrong* :) Steve The problem with update-rc.d -f exim remove is that it Steve removes *all* the links, not just the S*exim links. Yes. That's a bug in the tool, not a fault in the solution :) -- Turbo __ _ Debian GNU Unix _IS_ user friendly - it's just ^/ /(_)_ __ _ ___ __ selective about who its friends are / / | | '_ \| | | \ \/ / Debian Certified Linux Developer _ /// / /__| | | | | |_| |Turbo Fredriksson [EMAIL PROTECTED] \\\/ \/_|_| |_|\__,_/_/\_\ Stockholm/Sweden counter-intelligence kibo cracking Peking quiche munitions attack SDI radar Delta Force tritium toluene president Uzi Iran [See http://www.aclu.org/echelonwatch/index.html for more about this]
Re: Many ports open by default
Tom Lear [EMAIL PROTECTED] wrote: Sure, don't run the daemon at all. When you install exim, rm /etc/init.d/rc?.d/S*exim and it won't start. Local processes will be BTW, I think this is what ssh should do if you choose not to run the daemon on startup (rather than making /etc/init.d/ssh not work at all). I have ssh installed on my laptop, and I don't want it running by default, but I'd like to be able to start and stop it with the /etc/init.d script. Anyone else agree with this (should I file a bug)? Hello! I do. It could use update-rc.d ssh stop 20 0 1 2 3 4 5 6 . instead of update-rc.d ssh defaults, if I chose not to run the ssh-Daemon. cu andreas -- Uptime: 10 seconds load average: 0.00, 0.00, 0.00 vim:ls=2:stl=***\ Sing\ a\ song.\ ***
Re: Many ports open by default
On Fri, May 04, 2001 at 07:12:07PM -0700, Tom Lear wrote: BTW, I think this is what ssh should do if you choose not to run the daemon on startup (rather than making /etc/init.d/ssh not work at all). I have ssh installed on my laptop, and I don't want it running by default, but I'd like to be able to start and stop it with the /etc/init.d script. Anyone else agree with this (should I file a bug)? File a wishlist bug - it is a wish, isn't it? ;) cu Torsten pgpmRDg4OGeON.pgp Description: PGP signature
Re: Many ports open by default
Quoting [EMAIL PROTECTED]: On Mon, Apr 30, 2001 at 11:52:46PM +, Will Lowe wrote: I think it's safe to assume that your system MUST have a working MTA of some sort (even if it's local-only, which is supported by eximconfig). This is true, but does it need to be world-accessible? There should be a way to either have it listen on localhost only, or not listen on Sure, don't run the daemon at all. When you install exim, rm /etc/init.d/rc?.d/S*exim and it won't start. Local processes will be /etc/rc?.d/S*exim *beep, wrong* :) update-rc.d -f exim remove -- Turbo __ _ Debian GNU Unix _IS_ user friendly - it's just ^/ /(_)_ __ _ ___ __ selective about who its friends are / / | | '_ \| | | \ \/ / Debian Certified Linux Developer _ /// / /__| | | | | |_| |Turbo Fredriksson [EMAIL PROTECTED] \\\/ \/_|_| |_|\__,_/_/\_\ Stockholm/Sweden nuclear munitions AK-47 [Hello to all my fans in domestic surveillance] Clinton radar jihad Rule Psix Ft. Meade strategic Semtex FBI Nazi NSA Albanian [See http://www.aclu.org/echelonwatch/index.html for more about this]
Re: Many ports open by default
On 04-May-01, 07:49 (CDT), Turbo Fredriksson [EMAIL PROTECTED] wrote: Quoting [EMAIL PROTECTED]: On Mon, Apr 30, 2001 at 11:52:46PM +, Will Lowe wrote: I think it's safe to assume that your system MUST have a working MTA of some sort (even if it's local-only, which is supported by eximconfig). This is true, but does it need to be world-accessible? There should be a way to either have it listen on localhost only, or not listen on Sure, don't run the daemon at all. When you install exim, rm /etc/init.d/rc?.d/S*exim and it won't start. Local processes will be /etc/rc?.d/S*exim *beep, wrong* :) update-rc.d -f exim remove *beep*, *wrong* :) The problem with update-rc.d -f exim remove is that it removes *all* the links, not just the S*exim links. The next time exim is upgraded, it's postinst will re-install all the links. Just rm'ing the S*exim links will produce the desired affect. Steve -- Steve Greenland [EMAIL PROTECTED] (Please do not CC me on mail sent to this list; I subscribe to and read every list I post to.)
Re: Many ports open by default
On Fri, May 04, 2001 at 02:49:47PM +0200, Turbo Fredriksson wrote: Quoting [EMAIL PROTECTED]: On Mon, Apr 30, 2001 at 11:52:46PM +, Will Lowe wrote: I think it's safe to assume that your system MUST have a working MTA of some sort (even if it's local-only, which is supported by eximconfig). This is true, but does it need to be world-accessible? There should be a way to either have it listen on localhost only, or not listen on Sure, don't run the daemon at all. When you install exim, rm /etc/init.d/rc?.d/S*exim and it won't start. Local processes will be /etc/rc?.d/S*exim *beep, wrong* :) update-rc.d -f exim remove Er, *beep, wrong*. That will remove _all_ links, which means that your changes will be lost at the next upgrade. update-rc.d remove is meant to be called from postrm. It would be nice if update-rc.d included a convenience option to remove all S?? links, but it doesn't. -- - mdz
Re: Many ports open by default
On Mon, Apr 30, 2001 at 11:52:46PM +, Will Lowe wrote: Sure, don't run the daemon at all. When you install exim, rm /etc/init.d/rc?.d/S*exim and it won't start. Local processes will be BTW, I think this is what ssh should do if you choose not to run the daemon on startup (rather than making /etc/init.d/ssh not work at all). I have ssh installed on my laptop, and I don't want it running by default, but I'd like to be able to start and stop it with the /etc/init.d script. Anyone else agree with this (should I file a bug)? - Tom
Re: Many ports open by default
On 30 Apr 2001 15:30:48 -0400, Wolfgang Sourdeau wrote: As always, that would be true if they weren't installed by default. The current method requires too much prior knowledge. This could be put as a question whenever someone installs Debian GNU/Linux. Something like Do you want to enable the installed server software by default. Beware that this might cause security problems on your system since it is recommended to only run server programs if and only if needed. If you do not feel confident enough with system administration, you should answer No here. I like this idea a lot. Newbies simply don't know if they need a daemon or not (or even what a daemon is sometimes), so they could use a little hand holding. While I agree with Craig that if you don't want it run, then either don't install or edit by hand, but I think that this doesn't apply at all if it's installed by default. If you know enough to know you need the server, then you should be able to install it yourself, you don't need it installed by default for you. - David Nusinow [EMAIL PROTECTED]
Re: Many ports open by default
On Sun, Apr 29, 2001 at 10:29:58PM -0600, Dwayne C. Litzenberger wrote: Why does a server automatically get run just because it's installed? For instance, portmap is installed by default whether you're using NFS or not, and bnetd runs even if I just installed the package for bnchat. Shouldn't the default be to not run daemons unless they are explicitly enabled, like an exit at the beginning of all daemon-starting init scripts that must be commented out? The 'exit 0' line in the beginning of the init file is a bad idea. for so many times i've commented out the '### comment this line to really start the service' lines. and then after upgrade gotten in to the position where i have to diff bethween two maintainer scripts to add the changes or just replace the old script and recomment the exit line. the usual policy has been, (to my knowledge) if you can't set reasonable defaults for the daemon (yes, this is why debconf is there) you should add some method that won't allow it to start. Otherwise, if you can set reasonable defaults or better yet, configure it while installing, it should be enabled by default. the above schema allows upgrading of packages without always editing the init files, and almost always assures that you have working system after installing the packages. If you don't want the daemons to start, don't install it. there are no daemons that either cannot be easily disabled (with update-inetd or something) or removed. This is one of the most powerful features of Debian, why would we want to ruin that? -- - Sami Haahtinen - - 2209 3C53 D0FB 041C F7B1 F908 A9B6 F730 B83D 761C - pgp0kZN9Lqfen.pgp Description: PGP signature
Re: Many ports open by default
Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. If i install bind, it will assume i want it to run. If i install exim, it will first configure it for me (prompting me), and then assume i want to run it. Why should portmap be any different? The question you should be asking is, why is portmap installed by default? Similiarly, is there something that can be done during installation that asks the user if certain things (nfs) that require portmap should be installed. If there's nothing that depends on portmap, then default to not installing portmap. Having daemons shut off by default is not the way to go, however. On Sun, Apr 29, 2001 at 10:29:58PM -0600, Dwayne C. Litzenberger wrote: Why does a server automatically get run just because it's installed? For instance, portmap is installed by default whether you're using NFS or not, and bnetd runs even if I just installed the package for bnchat. Shouldn't the default be to not run daemons unless they are explicitly enabled, like an exit at the beginning of all daemon-starting init scripts that must be commented out? -- Dwayne C. Litzenberger - [EMAIL PROTECTED] -- ... being a Linux user is sort of like living in a house inhabited by a large family of carpenters and architects. Every morning when you wake up, the house is a little different. Maybe there is a new turret, or some walls have moved. Or perhaps someone has temporarily removed the floor under your bed. - Unix for Dummies, 2nd Edition -- found in the .sig of Rob Riggs, [EMAIL PROTECTED]
Re: Many ports open by default
On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. That's not true. inetd is depended on by the lame metapackage netbase, but I do not want to run inetd.
Re: Many ports open by default
On Sun, Apr 29, 2001 at 11:43:43PM -0700, Aaron Lehmann wrote: On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. That's not true. inetd is depended on by the lame metapackage netbase, but I do not want to run inetd. I completely agree; however, this is a bug in netbase. AJ obviously disagrees (bug #92465) w/ me. :P -- ... being a Linux user is sort of like living in a house inhabited by a large family of carpenters and architects. Every morning when you wake up, the house is a little different. Maybe there is a new turret, or some walls have moved. Or perhaps someone has temporarily removed the floor under your bed. - Unix for Dummies, 2nd Edition -- found in the .sig of Rob Riggs, [EMAIL PROTECTED]
Re: Many ports open by default
On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. If i install bind, it will assume i want it to run. Well, not everyone that installs ssh wants to run the server (some may just want to use the client to connect to other machines). This is just one example; I'm sure that there are many more. Warren -- Warren A. Layton http://www.netwinder.org/~zeevon GPG Fingerprint: F54C 019D 18BE 6ED8 678D 39D0 21FD D515 BFB8 80A3 pgpTWI8IbDA01.pgp Description: PGP signature
Re: Many ports open by default
On Mon, Apr 30, 2001 at 08:45:44AM +0300, Sami Haahtinen wrote: The 'exit 0' line in the beginning of the init file is a bad idea. for so many times i've commented out the '### comment this line to really start the service' lines. and then after upgrade gotten in to the position where i have to diff bethween two maintainer scripts to add the changes or just replace the old script and recomment the exit line. The strategy I'm taking for mars-nwe's init.d script is: case $1 in start) test -f /etc/mars-nwe/nwserv.conf || exit 0 if grep -q ^### NOT CONFIGURED YET ### /etc/mars-nwe/nwserv.conf then echo mars-nwe has not yet been configured. exit 0; fi echo -n Starting $DESC: However, this is a special case, as my idea of sensible defaults are very unlikely to appear sensible to most users. I'd rather the default to be no service, rather than insecure server. -- Paul Martin [EMAIL PROTECTED] pgpwo3GLOXXaf.pgp Description: PGP signature
Re: Many ports open by default
Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. If i install bind, it will assume i want it to run. I may want to look at the package's documentation, or use some tool that's not by packaged itself. If i install exim, it will first configure it for me (prompting me), and then assume i want to run it. Why should portmap be any different? The question you should be asking is, why is portmap installed by default? Similiarly, is there something that can be done during installation that asks the user if certain things (nfs) that require portmap should be installed. If there's nothing that depends on portmap, then default to not installing portmap. Having daemons shut off by default is not the way to go, however. Perhaps a configuration option that is checked at install time to decide whether or not to uncomment a #exit 0 #APT near the top of init scripts? -- Dwayne C. Litzenberger - [EMAIL PROTECTED] pgp35LA7n1FW1.pgp Description: PGP signature
Re: Many ports open by default
On Mon, Apr 30, 2001 at 07:37:21AM -0500, Warren A. Layton wrote: On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. If i install bind, it will assume i want it to run. Well, not everyone that installs ssh wants to run the server (some may just want to use the client to connect to other machines). This is just one example; I'm sure that there are many more. And, indeed, there's a debconf question for this very reason. OTOH, anyone who wants to use telnet, but not telnetd, can just install the telnet.deb, but not the telnetd.deb. In general, services get their own package, and when they do, if you don't want them running: don't install them. Cheers, aj -- Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/ I don't speak for anyone save myself. GPG signed mail preferred. ``_Any_ increase in interface difficulty, in exchange for a benefit you do not understand, cannot perceive, or don't care about, is too much.'' -- John S. Novak, III (The Humblest Man on the Net)
Re: Many ports open by default
I'm not suggesting we ruin anything. exit 0 isn't the only way to disable something by default. My main concern is of security. I know a newbie who installed Debian recently, and he has something like 15 open ports, which wouldn't be a problem except for the history of these daemons to have root exploits. I just don't think I should have to lock down a Debian machine that is going to be used for nothing but web browsing, nor should a newbie have to. I like OpenBSD's security level option that you can set at install time. -- Dwayne C. Litzenberger - [EMAIL PROTECTED] pgpL1gEEk2SfL.pgp Description: PGP signature
Re: Many ports open by default
On Mon, Apr 30, 2001 at 07:37:21AM -0500, Warren A. Layton wrote: Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. If i install bind, it will assume i want it to run. Well, not everyone that installs ssh wants to run the server (some may just want to use the client to connect to other machines). This is just one example; I'm sure that there are many more. ssh asks you if you want to run sshd. -- Digital Electronic Being Intended for Assassination and Nullification
Re: Many ports open by default
On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: The question you should be asking is, why is portmap installed by default? Fortunately, nowadays it can be removed since it's no longer part of netbase. -- Digital Electronic Being Intended for Assassination and Nullification
Re: Many ports open by default
On Sun, Apr 29, 2001 at 10:29:58PM -0600, Dwayne C. Litzenberger wrote: I suspect it's already been discussed before, so I'll ask instead of flaming. (See! I can learn!) many times before. Why does a server automatically get run just because it's installed? because if you didn't want it to run, you wouldn't have installed it. if you want to install it but not run it, then edit the startup script. simple. Shouldn't the default be to not run daemons unless they are explicitly enabled, [...] no, users shouldn't install daemon packages if they don't want the daemon to run - or they should learn how to edit the startup scripts (or inetd.conf) if they want non-standard behaviour. craig -- craig sanders [EMAIL PROTECTED] GnuPG Key: 1024D/CD5626F0 Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0
Re: Many ports open by default
On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: If there's nothing that depends on portmap, then default to not installing portmap. speaking of portmap, debian's portmap is not an insecure thing to run by default because it is compiled with tcp-wrappers support and rejects all non-localhost connections that aren't explicitly allowed (by ip address) in /etc/hosts.allow Having daemons shut off by default is not the way to go, however. yep. craig -- craig sanders [EMAIL PROTECTED] GnuPG Key: 1024D/CD5626F0 Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0
Re: Many ports open by default
On Mon, Apr 30, 2001 at 07:37:21AM -0500, Warren A. Layton wrote: Well, not everyone that installs ssh wants to run the server (some may just want to use the client to connect to other machines). This is just one example; I'm sure that there are many more. that means either: 1. ssh and sshd should be split into separate packages. if it bothers you enough, file a bug report. i'm happy with the way it is. or 2. the handful of people who want the ssh client but not the ssh daemon can learn how to edit /etc/init.d/ssh craig -- craig sanders [EMAIL PROTECTED] GnuPG Key: 1024D/CD5626F0 Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0
Re: Many ports open by default
Warren A. Layton wrote: On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. If i install bind, it will assume i want it to run. Well, not everyone that installs ssh wants to run the server (some may just want to use the client to connect to other machines). This is just one example; I'm sure that there are many more. There could be, but in the specific case of ssh, and IIRC, debiconf asks if you wan't to run the server or not; I even think that the default field selected is 'No'. Of course, if you say 'Yes' then the server will run and the port will open. My 2 cents, Regards, fsm -- Frederico Muñoz [EMAIL PROTECTED]
Re: Many ports open by default
On Tue, May 01, 2001 at 12:22:47AM +1000, Craig Sanders wrote: On Sun, Apr 29, 2001 at 10:29:58PM -0600, Dwayne C. Litzenberger wrote: Why does a server automatically get run just because it's installed? because if you didn't want it to run, you wouldn't have installed it. As always, that would be true if they weren't installed by default. The current method requires too much prior knowledge. -- Mike Stone
Re: Many ports open by default
On Tue, May 01, 2001 at 12:28:49AM +1000, Craig Sanders wrote: 1. ssh and sshd should be split into separate packages. if it bothers you enough, file a bug report. i'm happy with the way it is. or 2. the handful of people who want the ssh client but not the ssh daemon can learn how to edit /etc/init.d/ssh It has been pointed out that ssh actually handles this correctly with debconf, giving users the choice. I was just trying to use it as an example but it seems that everything has already been taken care of. Warren -- Warren A. Layton http://www.netwinder.org/~zeevon GPG Fingerprint: F54C 019D 18BE 6ED8 678D 39D0 21FD D515 BFB8 80A3 pgp8YNaRYZODm.pgp Description: PGP signature
Re: Many ports open by default
As always, that would be true if they weren't installed by default. The current method requires too much prior knowledge. This could be put as a question whenever someone installs Debian GNU/Linux. Something like Do you want to enable the installed server software by default. Beware that this might cause security problems on your system since it is recommended to only run server programs if and only if needed. If you do not feel confident enough with system administration, you should answer No here. This seems to be a reasonable thing to me. W.
Re: Many ports open by default
On Mon, Apr 30, 2001 at 02:25:34AM -0400, Andres Salomon wrote: Why would you keep something around if you don't want to run it? Debian makes the (correct) assumption that if you've installed something, you want to run it. If i install bind, it will assume i want it to run. If i install exim, it will first configure it for me (prompting me), and then assume i want to run it. Why should portmap be any different? The question you should be asking is, why is portmap installed by default? Similiarly, is there something that can be done during installation that asks the user if certain things (nfs) that require portmap should be installed. If there's nothing that depends on portmap, then default to not installing portmap. Having daemons shut off by default is not the way to go, however. Actually there are some packages that depend on a mail-transport-agent, (such as lilo-logrotate-mailx), yet one may not want to have an MTA running on certain systems. I suppose a dummy or minimal MTA may be used (and may exist, I'm not aware), but this certainly highlights the need to be able to disable daemons but still have them installed; especially since most MTA's still have certain functionality even when not listening on port 25. Another common one is xdm (even though it's more than just a network daemon), which task-x-window-system depends on, and to remove xdm one must remove task-x-window-system. On Sun, Apr 29, 2001 at 10:29:58PM -0600, Dwayne C. Litzenberger wrote: Why does a server automatically get run just because it's installed? For instance, portmap is installed by default whether you're using NFS or not, and bnetd runs even if I just installed the package for bnchat. Shouldn't the default be to not run daemons unless they are explicitly enabled, like an exit at the beginning of all daemon-starting init scripts that must be commented out? -- Dwayne C. Litzenberger - [EMAIL PROTECTED] -- ... being a Linux user is sort of like living in a house inhabited by a large family of carpenters and architects. Every morning when you wake up, the house is a little different. Maybe there is a new turret, or some walls have moved. Or perhaps someone has temporarily removed the floor under your bed. - Unix for Dummies, 2nd Edition -- found in the .sig of Rob Riggs, [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- ;; ;; Matthew Danish email: [EMAIL PROTECTED] ;; ;; GPG public key available from:'finger [EMAIL PROTECTED]' ;; ;; pgpKIPOOicAnS.pgp Description: PGP signature
Re: Many ports open by default
Actually there are some packages that depend on a mail-transport-agent, (such as lilo-logrotate-mailx), yet one may not want to have an MTA running on certain systems. I suppose a dummy or minimal MTA may be I think it's safe to assume that your system MUST have a working MTA of some sort (even if it's local-only, which is supported by eximconfig). Running a Unix system without an MTA *at*all* means that you won't get notified of failing cron jobs, etc. ... used (and may exist, I'm not aware), but this certainly highlights the apt-get install ssmtp. Note that this has terrible behaviour on even transient failure -- it just drops messages into dead-letter. Exim (don't run the daemon, just the cronjob that cleans the queue) works better for me. The OTHER daemons (certainly xdm) are optional. But I think it's probably safe to say that running Debian without an MTA is unsupported. Will
Re: Many ports open by default
On Tue, May 01, 2001 at 12:22:47AM +1000, Craig Sanders wrote: On Sun, Apr 29, 2001 at 10:29:58PM -0600, Dwayne C. Litzenberger wrote: I suspect it's already been discussed before, so I'll ask instead of flaming. (See! I can learn!) many times before. Why does a server automatically get run just because it's installed? because if you didn't want it to run, you wouldn't have installed it. if you want to install it but not run it, then edit the startup script. simple. Or, rm /etc/rc?.d/S??package, and not have to worry about merging in future changes to the init script. -- - mdz
Re: Many ports open by default
On Mon, Apr 30, 2001 at 08:12:59PM +, Will Lowe wrote: Actually there are some packages that depend on a mail-transport-agent, (such as lilo-logrotate-mailx), yet one may not want to have an MTA running on certain systems. I suppose a dummy or minimal MTA may be I think it's safe to assume that your system MUST have a working MTA of some sort (even if it's local-only, which is supported by eximconfig). Running a Unix system without an MTA *at*all* means that you won't get notified of failing cron jobs, etc. ... This is true, but does it need to be world-accessible? There should be a way to either have it listen on localhost only, or not listen on TCP at all, and perhaps this should be the default (correct me if this is already the case, but I don't recall it being so). Would it be feasible to shoot for a base install with no daemons listening on INADDR_ANY? used (and may exist, I'm not aware), but this certainly highlights the apt-get install ssmtp. Note that this has terrible behaviour on even transient failure -- it just drops messages into dead-letter. Exim (don't run the daemon, just the cronjob that cleans the queue) works better for me. The OTHER daemons (certainly xdm) are optional. But I think it's probably safe to say that running Debian without an MTA is unsupported. Will -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- ;; ;; Matthew Danish email: [EMAIL PROTECTED] ;; ;; GPG public key available from:'finger [EMAIL PROTECTED]' ;; ;; pgpk7UZBqhFsa.pgp Description: PGP signature
Re: Many ports open by default
I think it's safe to assume that your system MUST have a working MTA of some sort (even if it's local-only, which is supported by eximconfig). This is true, but does it need to be world-accessible? There should be a way to either have it listen on localhost only, or not listen on Sure, don't run the daemon at all. When you install exim, rm /etc/init.d/rc?.d/S*exim and it won't start. Local processes will be able to send mail via the /usr/sbin/sendmail link, and there's a cronjob in /etc/cron.d/exim that'll try to clear the queue twice an hour. and perhaps this should be the default (correct me if this is already the case, but I don't recall it being so). Would it be feasible to There isn't a default, it just leaves the package unconfigured, IIRC.
Re: Many ports open by default
On Mon, Apr 30, 2001 at 11:52:46PM +, Will Lowe wrote: I think it's safe to assume that your system MUST have a working MTA of some sort (even if it's local-only, which is supported by eximconfig). This is true, but does it need to be world-accessible? There should be a way to either have it listen on localhost only, or not listen on Sure, don't run the daemon at all. When you install exim, rm /etc/init.d/rc?.d/S*exim and it won't start. Local processes will be /etc/rc?.d/S*exim able to send mail via the /usr/sbin/sendmail link, and there's a cronjob in /etc/cron.d/exim that'll try to clear the queue twice an hour. There was a discussion on this list earlier about creating a better way than just removing a link from /etc/rc?.d. Either it should work through update-rc.d or debconf. This is a lot neater than removing a link from the startup directories, which IMHO should not have to be touched directly by the administrator. and perhaps this should be the default (correct me if this is already the case, but I don't recall it being so). Would it be feasible to There isn't a default, it just leaves the package unconfigured, IIRC. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- ;; ;; Matthew Danish email: [EMAIL PROTECTED] ;; ;; GPG public key available from:'finger [EMAIL PROTECTED]' ;; ;; pgptIU8VUjFTI.pgp Description: PGP signature