[opensuse-factory] Boot speed and services
There's been talk about improving boot speed and stopping unnecessary services from running by default. I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thu, 8 Mar 2007, Martin Schlander wrote:
There's been talk about improving boot speed and stopping unnecessary services from running by default.
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
I definitely want postfix and sshd on all macines I install :-) With AppArmor, I'm not sure. -- Regards, Andreas Vetter --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thu, Mar 08, 2007 at 11:27:10AM +0100, Andreas Vetter wrote:
On Thu, 8 Mar 2007, Martin Schlander wrote:
There's been talk about improving boot speed and stopping unnecessary services from running by default.
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
I definitely want postfix and sshd on all macines I install :-)
With AppArmor, I'm not sure.
AppArmor has no running daemon (it uses auditd for logging), it is mostly a kernel module. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hello, on Donnerstag, 8. März 2007, Marcus Meissner wrote:
On Thu, Mar 08, 2007 at 11:27:10AM +0100, Andreas Vetter wrote: [...]
With AppArmor, I'm not sure.
AppArmor has no running daemon
It loads the profiles on boot. But: I prefer security over saving a second of boot time ;-)
(it uses auditd for logging), it is mostly a kernel module.
Just curious: What's the advantage of using auditd compared with logging to syslog-ng? (I see only a disadvantage right now: auditd doesn't have human-readable timestamps in the log :-/ ) Regards, Christian Boltz --
Meine Fonts füllen die komplette Wand, also könnte ich auch kein größeres Poster brauchen. :-) Ich verwende für die Wände immer Tapete ;-) [> Ratti und Christian Boltz]
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Den Thursday 08 March 2007 23:52:14 skrev Christian Boltz:
AppArmor has no running daemon
It loads the profiles on boot. But: I prefer security over saving a second of boot time ;-)
Maybe you should unplug your internet connection then ;-) It's overkill for home desktop users imo, which make up the majority of users I expect. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Fri, 2007-03-09 at 11:36 +0100, Martin Schlander wrote:
Den Thursday 08 March 2007 23:52:14 skrev Christian Boltz:
AppArmor has no running daemon
It loads the profiles on boot. But: I prefer security over saving a second of boot time ;-)
Maybe you should unplug your internet connection then ;-)
It's overkill for home desktop users imo, which make up the majority of users I expect.
It might be overkill at present time, but... See what's happening with windows... One of my colleges in the office installed a windows box less than a week ago, to try to reproduce an issue that his customers had. He then left it overnight (the machine is sitting behind a firewall and the only access to the internet will be NATed) and when he came back the next day, he had viruses all over the place. All he did was to install the box. He didn't use it at all. But viruses (worms, whatever) still manage to get in there... So, as a security measure, always take the necessary precautions. If we're not targeted today, we might be tomorrow! Cheers, Magnus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Magnus Boman wrote:
One of my colleges in the office installed a windows box less than a week ago, to try to reproduce an issue that his customers had. He then left it overnight (the machine is sitting behind a firewall and the only access to the internet will be NATed) and when he came back the next day, he had viruses all over the place. All he did was to install the box. He didn't use it at all. But viruses (worms, whatever) still manage to get in there... So, as a security measure, always take the necessary precautions. If we're not targeted today, we might be tomorrow!
may be somebody used it when it turned back... I have a windows box very often on 24/24 and never get a virus (never get one I don't dl myself) may be also what your friends see like a virus if the normal windows way of like (spyware are common on regular windows applications) jdd -- http://www.dodin.net Lucien Dodin, inventeur http://lucien.dodin.net/index.shtml --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Fri, 2007-03-09 at 12:21 +0100, jdd wrote:
Magnus Boman wrote:
One of my colleges in the office installed a windows box less than a week ago, to try to reproduce an issue that his customers had. He then left it overnight (the machine is sitting behind a firewall and the only access to the internet will be NATed) and when he came back the next day, he had viruses all over the place. All he did was to install the box. He didn't use it at all. But viruses (worms, whatever) still manage to get in there... So, as a security measure, always take the necessary precautions. If we're not targeted today, we might be tomorrow!
may be somebody used it when it turned back...
No, this was in his own vmware session and nobody would have used that machine.
I have a windows box very often on 24/24 and never get a virus (never get one I don't dl myself)
I hope you have the latest anti-virus stuff and all the latest patches installed on there.
may be also what your friends see like a virus if the normal windows way of like (spyware are common on regular windows applications)
No, this was a virus. I can find out exactly which virus it was if you want to. The point is, sad but true, that if you install a windows box and don't apply the latest patches straight away, together with an anti-virus program, you will get viruses on there without even browsing the internet!
jdd
/Magnus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Magnus Boman wrote:
I hope you have the latest anti-virus stuff and all the latest patches installed on there.
I have (AVG) but it never complain (safe for some emule stuff I wont speak of more here :-) It scans each start. I have also adaware stuff and this one warns frequently
The point is, sad but true, that if you install a windows box and don't apply the latest patches straight away
I have no patch beyond service pack 2 I think there is somewhere a misconception of what a virus is. _no virus can come on if nothing infected is executed_. may be you got a false alert... or the cd you installed from was already infected Win have many drwbacks, and mail attachments can execute without notice with outlook - I never use mail on my window box :-) jdd -- http://www.dodin.net Lucien Dodin, inventeur http://lucien.dodin.net/index.shtml --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Fri, 2007-03-09 at 12:51 +0100, jdd wrote:
Magnus Boman wrote:
I hope you have the latest anti-virus stuff and all the latest patches installed on there.
I have (AVG) but it never complain (safe for some emule stuff I wont speak of more here :-)
It scans each start. I have also adaware stuff and this one warns frequently
The point is, sad but true, that if you install a windows box and don't apply the latest patches straight away
I have no patch beyond service pack 2
I think there is somewhere a misconception of what a virus is. _no virus can come on if nothing infected is executed_.
Hmm... Sorry, I am no expert in the window world. The fact was that he had SOMETHING nasty on his computer.
may be you got a false alert...
Nope.
or the cd you installed from was already infected
Nope, original CD with SP2.
Win have many drwbacks, and mail attachments can execute without notice with outlook - I never use mail on my window box :-)
Agreed :-)
jdd
Cheers, Magnus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Friday 2007-03-09 at 23:01 +1100, Magnus Boman wrote:
I think there is somewhere a misconception of what a virus is. _no virus can come on if nothing infected is executed_.
Hmm... Sorry, I am no expert in the window world. The fact was that he had SOMETHING nasty on his computer.
That might be. A worm, for instance. If there are other machines infected in the same intranet, he could easily be exposed. I think xp has some kind of firewall, maybe it was not active.
Win have many drwbacks, and mail attachments can execute without notice with outlook - I never use mail on my window box :-)
Agreed :-)
With certain mail clients, I assume that not all of them do so. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF8bDDtTMYHG2NR9URAlmdAJ9FRIStsyXZcbg43q1Mr0+Txnt/ZwCff+sD qASnrdgxb+DLSAnbsu5t2iw= =vP7k -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. wrote:
Win have many drwbacks, and mail attachments can execute without notice with outlook - I never use mail on my window box :-) Agreed :-)
With certain mail clients, I assume that not all of them do so.
Thunderbird have certainly not this kind of problem. anyway, e-mail can be dangerous (attachements can be executed by the user and affect the hole computer) jdd -- http://www.dodin.net Lucien Dodin, inventeur http://lucien.dodin.net/index.shtml --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Andreas Vetter wrote:
On Thu, 8 Mar 2007, Martin Schlander wrote:
There's been talk about improving boot speed and stopping unnecessary services from running by default.
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
I definitely want postfix and sshd on all macines I install :-)
With AppArmor, I'm not sure.
That goes for me also. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Il giorno gio, 08/03/2007 alle 11.19 +0100, Martin Schlander ha scritto:
There's been talk about improving boot speed and stopping unnecessary services from running by default.
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
Maybe an idea is to add a list of not essential services at install time, where the user can decide to disable them. Something like: Services started at boot AppArmor Security Tool - Disable AppArmor Mail server - Disable postfix SSH Daemon (remote connection) - Disable sshd and so on. Regards, Alberto --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thursday 08 March 2007 05:29, Alberto Passalacqua wrote:
Il giorno gio, 08/03/2007 alle 11.19 +0100, Martin Schlander ha scritto:
There's been talk about improving boot speed and stopping unnecessary services from running by default.
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
Maybe an idea is to add a list of not essential services at install time, where the user can decide to disable them.
Something like:
Services started at boot
AppArmor Security Tool - Disable AppArmor Mail server - Disable postfix SSH Daemon (remote connection) - Disable sshd
and so on.
Regards, Alberto
I have said many times in many forums that I thought that there needs to be an effort to reduce the "kitchen sink" approach of SuSE\OpenSuSE , it is starting to appear with build patterns but needs more work .i.e. detailed view in the installer for advanced\expert users to add those "services" they expressly need. I hope that the Devs see this as a good thing too! OpenSuse is the best , but it doesn't need to keep installing multiples of everything, i.e. Krita and Gimp , for someone who wants just to check e-mail. lighter, faster and less complicated has been my chant for three years. I am still waiting for http://en.opensuse.org/SLICK to come into being. I too have a box of P 1 laptops going into the trash bin. they make great thin clients so i still use them but time is running out because they need a wire for that job. If the education environments of the world are to have cheap computers they are going to have small HD's and limited ram so working to reduce the installation minimum is of high priority. FXRSLiberty JT --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
James Tremblay wrote:
If the education environments of the world are to have cheap computers they are going to have small HD's and limited ram so working
Small HDs ? Are there any manufacturers that make harddrives with less than 20Gb?
to reduce the installation minimum is of high priority.
Yast needs at last 128Mb+swap to run anyway. /Per Jessen, Zürich -- ENIDAN Technologies GmbH - managed email-security. Is _your_ business under attack? http://www.spamchek.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thu, 2007-03-08 at 18:07 +0100, Per Jessen wrote:
James Tremblay wrote:
If the education environments of the world are to have cheap computers they are going to have small HD's and limited ram so working
Small HDs ? Are there any manufacturers that make harddrives with less than 20Gb?
to reduce the installation minimum is of high priority.
Yast needs at last 128Mb+swap to run anyway.
Forget about harddisks. Still trying installing SuSE on an usb-pendrive, and also have some storage-space left. Hopes that slick-project would fit on a Kobil-mIDentity stick or an Etoken-flash.... (only 1GB available) hw -- pgp-id: 926EBB12 pgp-fingerprint: BE97 1CBF FAC4 236C 4A73 F76E EDFC D032 926E BB12 Registered linux user: 75761 (http://counter.li.org) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thursday 08 March 2007 12:07, Per Jessen wrote:
James Tremblay wrote:
If the education environments of the world are to have cheap computers they are going to have small HD's and limited ram so working
Small HDs ? Are there any manufacturers that make harddrives with less than 20Gb?
to reduce the installation minimum is of high priority.
Yast needs at last 128Mb+swap to run anyway.
/Per Jessen, Zürich
My box of running P1 350MHZ laptops have as a max 128 mg and a 6 gig drive. I'm sure that it would be cheaper to build a HD with one platter that is a total of 10-20 gig than to build a 6 platter 120g HD. My laptop is a 2\3 year old Centrino 1.5ghz with 2 gig of ram(256 default), 40g HD and a 32mg video card. if IBM\Lenovo saw that this laptop were going to be viable for another 5-10 years they wouldn't need to push to discontinue this one, but with 512mg video requirements and operating systems that come on 5 cd's or a DVD on the market, my Motherboard is completely useless to them. But Lenovo could sell the Manufacturing tools and rights to this MB to some builder to sell as a Linux platform and still make LOADS of cash, unless Linux adopts those same requirements as a mandatory installation environment (which seems to be on it's way). How does Education get to keep up? What if those P1 tools still exist somewhere? or the PII's or etc.....why build a special 100.00 laptop when continuing to produce this system until its cost of manufacturing drive it down to 100$, unless there is no distro to run on it? Hell Novell could buy this MB from IBM\Lenovo and make a killing! it is fully SLED compatible! I'm on 10.2 now. JT --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thursday 08 March 2007, Martin Schlander wrote:
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
I don't know why postfix is needed on most machines, but sshd is useful to help remotely people that are beginners. But maybe its enough if its installed by default as it is relatively easy to turn it on in YaST. Andras -- Quanta Plus developer - http://quanta.kdewebdev.org K Desktop Environment - http://www.kde.org
Am Donnerstag 08 März 2007 schrieb Andras Mantia:
On Thursday 08 March 2007, Martin Schlander wrote:
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
I don't know why postfix is needed on most machines, but sshd is useful The official reason why postfix needs to run is cron - which runs by default and uses the local MTA to deliver its output.
to help remotely people that are beginners. But maybe its enough if its installed by default as it is relatively easy to turn it on in YaST.
Your argument is pretty weak as we default to firewall enabled, so it's pretty hard to get to the ssh port ;) Greetings, Stephan -- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Stephan Kulow wrote:
The official reason why postfix needs to run is cron - which runs by default and uses the local MTA to deliver its output.
who ever look at cron reports? jdd -- http://www.dodin.net Lucien Dodin, inventeur http://lucien.dodin.net/index.shtml --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
jdd wrote:
Stephan Kulow wrote:
The official reason why postfix needs to run is cron - which runs by default and uses the local MTA to deliver its output.
who ever look at cron reports?
Anyone whose operation is dependent on cron-jobs running and working. /Per Jessen, Zürich -- ENIDAN Technologies GmbH - managed email-security. Is _your_ business under attack? http://www.spamchek.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Per Jessen wrote:
jdd wrote:
Stephan Kulow wrote:
The official reason why postfix needs to run is cron - which runs by default and uses the local MTA to deliver its output. who ever look at cron reports?
Anyone whose operation is dependent on cron-jobs running and working.
/Per Jessen, Zürich
I think this whole discussion is greatly relative to the difference server/desktop. I couldn't image a server without sshd, but on a desktop? most users of thunderbird and seamonkey not even know there is an other mailbox :-) servers are not stopped, so the boot time is not very important :-) jdd -- http://www.dodin.net Lucien Dodin, inventeur http://lucien.dodin.net/index.shtml --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-03-08 at 20:20 +0100, jdd wrote:
The official reason why postfix needs to run is cron - which runs by default and uses the local MTA to deliver its output. who ever look at cron reports?
Anyone whose operation is dependent on cron-jobs running and working.
I think this whole discussion is greatly relative to the difference server/desktop.
I couldn't image a server without sshd, but on a desktop? most users of thunderbird and seamonkey not even know there is an other mailbox :-)
Some system services use email to notify root or the user of some things. For instance, smart monitoring, raid monitoring, rm installs - there was a time when Yast mailed the user of some install notices. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF8Gu4tTMYHG2NR9URArbQAKCLOJb4SjS+sFcIupu7MVgWs2CK7ACeNDV4 uUO3LcINX6URIf4KJl4fMnE= =xUcX -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Fri 09 Mar 2007 09:01:58 NZDT +1300, Carlos E. R. wrote:
Some system services use email to notify root or the user of some things. For instance, smart monitoring, raid monitoring, rm installs - there was a time when Yast mailed the user of some install notices.
Yes, having an MTA which can deliver local email is absolutely essential. cron, smartmontools, fetchmail(!), you name it. What would be a very good idea(TM) is if the MTA in its default configuration was prevented from delivering email to other than localhost or one of localhost's domain aliases. I tried this with postfix and found that it's not possible, though there are 2 drastic and not very nice workarounds for this problem. I believe Debian and a few other distros have had a default of "no mail is delivered externally" for a long time. SUSE should do likewise. Note I'm talking about the default config only here. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hi,
Some system services use email to notify root or the user of some things. For instance, smart monitoring, raid monitoring, rm installs - there was a time when Yast mailed the user of some install notices.
Yes, having an MTA which can deliver local email is absolutely essential. cron, smartmontools, fetchmail(!), you name it. What would be a very good idea(TM) is if the MTA in its default configuration was prevented from delivering email to other than localhost or one of localhost's domain aliases. I tried this with postfix and found that it's not possible, though there are 2 drastic and not very nice workarounds for this problem. I believe Debian and a few other distros have had a default of "no mail is delivered externally" for a long time. SUSE should do likewise. Note I'm talking about the default config only here.
There used to be the following lines in /etc/sysconfig/mail: ## Type: yesno ## Default: no ## Config: postfix # # Set this to "yes" if mail from remote should be accepted # this is necessary for any mail server. # If set to "no" or empty then only mail from localhost # will be accepted. # SMTPD_LISTEN_REMOTE="no" Why have they been removed? Regards, Gaël
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Wednesday 2007-03-14 at 11:24 +0100, Gaël Lams wrote:
Yes, having an MTA which can deliver local email is absolutely essential. cron, smartmontools, fetchmail(!), you name it. What would be a very good idea(TM) is if the MTA in its default configuration was prevented from delivering email to other than localhost or one of localhost's domain aliases. I tried this with postfix and found that it's not possible, though there are 2 drastic and not very nice workarounds for this problem. I believe Debian and a few other distros have had a default of "no mail is delivered externally" for a long time. SUSE should do likewise. Note I'm talking about the default config only here.
There used to be the following lines in /etc/sysconfig/mail:
## Type: yesno ## Default: no ## Config: postfix # # Set this to "yes" if mail from remote should be accepted # this is necessary for any mail server. # If set to "no" or empty then only mail from localhost # will be accepted. # SMTPD_LISTEN_REMOTE="no"
Why have they been removed?
It hasn't been removed: I have it (10.2) However, notice that that line does not prevent mail from being _sent_ to outside. It just prevents mail from being sent to that system using smtp (ie, postfix or sendmail). - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF+DPjtTMYHG2NR9URAmviAJ9XXFBksQfnLDm+8B1/iR2VGkQRdwCeMVwT OvSAjHYI4x+ZPAdZtJSyA/w= =bFMN -----END PGP SIGNATURE-----
SGkKCj4gSXQgaGFzbid0IGJlZW4gcmVtb3ZlZDogSSBoYXZlIGl0ICgxMC4yKQo+Cj4gSG93ZXZlciwgbm90aWNlIHRoYXQgdGhhdCBsaW5lIGRvZXMgbm90IHByZXZlbnQgbWFpbCBmcm9tIGJlaW5nIF9zZW50XyB0bwo+IG91dHNpZGUuIEl0IGp1c3QgcHJldmVudHMgbWFpbCBmcm9tIGJlaW5nIHNlbnQgdG8gdGhhdCBzeXN0ZW0gdXNpbmcgc210cAo+IChpZSwgcG9zdGZpeCBvciBzZW5kbWFpbCkuCgpJIHRob3VnaHQgaXQgaGFkIGJlZW4gcmVtb3ZlZCBiZWNhdXNlIEkganVzdCBpbnN0YWxsZWQgYSBmZXcgZGF5cyBhZ28KYSB2aXJ0dWFsIG1hY2hpbmUgd2l0aCBvcGVuc3VzZSAxMC4zIGFuZCB0aGVzZSBsaW5lcyB3ZXJlIG5vdCBwcmVzZW50LgoKQnV0IHlvdSdyZSByaWdodCwgSSBkaWRuJ3QgcmVhZCB3ZWxsIHRoZSBtZXNzYWdlIGFuZCBpdCB3YXMgYWJvdXQKYmxvY2tpbmcgZGVsaXZlcnkgdG8gZXh0ZXJuYWwgaG9zdHMuCkkgY291bGQgYmUgd3JvbmcgYnV0IEkgdGhpbmsgdGhhdCwgdG8gY29uZmlndXJlIHRoZSBtYWNoaW5lIGZvciBsb2NhbApvbmx5IGRlbGl2ZXJ5IG9mIGxvY2FsIG1haWwsIGkuZSB0byByZWNlaXZlIGluIGEgbG9jYWwgYWNjb3VudCBvbiB0aGUKbG9jYWwgbWFjaGluZSB0aGUgbWFpbCBzZW50IGZyb20gdGhlIG1hY2hpbmUgaXRzZWxmLCB5b3Ugb25seSBoYXZlIHRvCm1vZGlmeSB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgaW4gL2V0Yy9wb3N0Zml4L21haW4uY2Y6CgpteWhvc3RuYW1lID0gbG9jYWxob3N0Cm15ZG9tYWluID0gbG9jYWxkb21haW4KaW5ldF9pbnRlcmZhY2VzID0gbG9jYWxob3N0Cm15ZGVzdGluYXRpb24gPSAkbXlob3N0bmFtZSwgbG9jYWxob3N0LiRteWRvbWFpbiwgbG9jYWxob3N0Cm15bmV0d29ya3Nfc3R5bGUgPSBob3N0CgpSZWdhcmRzLAoKR2HDq2wK---------------------------------------------------------------------To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.orgFor additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2007-03-15 at 09:08 +0100, Gaël Lams wrote:
I thought it had been removed because I just installed a few days ago a virtual machine with opensuse 10.3 and these lines were not present.
I don't know about 10.3. Somebody else can confirm this?
But you're right, I didn't read well the message and it was about blocking delivery to external hosts. I could be wrong but I think that, to configure the machine for local only delivery of local mail, i.e to receive in a local account on the local machine the mail sent from the machine itself, you only have to modify the following parameters in /etc/postfix/main.cf:
myhostname = localhost mydomain = localdomain inet_interfaces = localhost mydestination = $myhostname, localhost.$mydomain, localhost mynetworks_style = host
I have: mydestination = $myhostname, localhost.$mydomain, localhost mydomain = nimrodel.valinor myhostname = nimrodel.valinor mynetworks = 127.0.0.0/8 [::1/128] mynetworks_style = host inet_interfaces = $myhostname, localhost which is very similar and I can send - as you can check looking at this email header ;-) I'm not sure if the small diferences are that crucial :-? - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF+ZsltTMYHG2NR9URAjmPAKCZVBY0GfRNblVhOQeG1oQmRBI79gCfQAql oRKhg/kmdYXDoz3BF/OymZ4= =4eDI -----END PGP SIGNATURE-----
On Wed 14 Mar 2007 23:24:49 NZDT +1300, Gaël Lams wrote:
There used to be the following lines in /etc/sysconfig/mail:
## Type: yesno ## Default: no ## Config: postfix # # Set this to "yes" if mail from remote should be accepted # this is necessary for any mail server. # If set to "no" or empty then only mail from localhost # will be accepted. # SMTPD_LISTEN_REMOTE="no"
This prevents sendmail/postfix from accepting mail for delivery from interfaces other than localhost. Note that once mail has been accepted for delivery, there is no restriction as where this mail will be delivered to. This is a useless restriction for preventing any local users from sending mail to anywhere on the internet. Note also that mail can be given to sendmail/postfix for delivery by anyone calling /usr/sbin/sendmail.
Why have they been removed?
They haven't. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
jdd wrote:
I think this whole discussion is greatly relative to the difference server/desktop.
Yep, definitely.
I couldn't image a server without sshd, but on a desktop? most users of thunderbird and seamonkey not even know there is an other mailbox :-)
I find it useful to use fish:// between two desktops - I have two office locations that I occasionally swap between.
servers are not stopped, so the boot time is not very important :-)
Also very true. /Per Jessen, Zürich -- ENIDAN Technologies GmbH - managed email-security. Is _your_ business under attack? http://www.spamchek.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Per Jessen wrote:
I find it useful to use fish://
I don't even know about this :-( do you have a link? googling for "fish" wont give me what I want :-) thanks jdd -- http://www.dodin.net Lucien Dodin, inventeur http://lucien.dodin.net/index.shtml --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Fri, 9 Mar 2007, jdd wrote:
Per Jessen wrote:
I find it useful to use fish://
I don't even know about this :-( do you have a link? googling for "fish" wont give me what I want :-)
type in in konqueror: fish://user@machine -- Mit freundlichen Gruessen, Andreas Vetter Fakultaet fuer Physik und Astronomie Tel: +49 (0)931 888-5890 Universitaet Wuerzburg Fax: +49 (0)931 888-5508 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Per Jessen wrote:
I find it useful to use fish://
I don't even know about this :-( do you have a link? googling for "fish" wont give me what I want :-)
It's a KDE KIOSLAVE. In almost all KDE applications you can access remote (file) systems which have sshd installed just by using the fish:// protocol. Very handy. ;-) Andras --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andras Mantia wrote:
Per Jessen wrote:
I find it useful to use fish:// I don't even know about this :-( do you have a link? googling for "fish" wont give me what I want :-)
It's a KDE KIOSLAVE. In almost all KDE applications you can access remote (file) systems which have sshd installed just by using the fish:// protocol. Very handy. ;-)
Or sftp:// for that purpose (why go through the fish hack if you can use sftp -- except when sftp is explicitly disabled on the ssh server) cheers - -- -o) Pascal Bleser http://linux01.gwdg.de/~pbleser/ /\\ <pascal.bleser@skynet.be> <guru@unixtech.be> _\_v The more things change, the more they stay insane. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFF8ViPr3NMWliFcXcRAg9cAJ42fylFcV8TIQKRNZyduZWOdEb+tQCfVf2S YSluTifUxZkn/G3Dm7xuY+I= =KThz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Pascal Bleser wrote:
It's a KDE KIOSLAVE. In almost all KDE applications you can access remote (file) systems which have sshd installed just by using the fish:// protocol. Very handy. ;-)
Or sftp:// for that purpose (why go through the fish hack if you can use sftp -- except when sftp is explicitly disabled on the ssh server)
There doesn't seem to be any difference in functionality? /Per Jessen, Zürich -- ENIDAN Technologies GmbH - managed email-security. Is _your_ business under attack? http://www.spamchek.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Andras Mantia wrote:
Per Jessen wrote:
I find it useful to use fish:// I don't even know about this :-( do you have a link? googling for "fish" wont give me what I want :-)
It's a KDE KIOSLAVE. In almost all KDE applications you can access remote (file) systems which have sshd installed just by using the fish:// protocol. Very handy. ;-)
oh! very nice. with these keywords (kde fish kioslave) I could even find the online doc! great thanks jdd
-- http://www.dodin.net Lucien Dodin, inventeur http://lucien.dodin.net/index.shtml --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Thursday 08 March 2007, Stephan Kulow wrote:
Your argument is pretty weak as we default to firewall enabled, so it's pretty hard to get to the ssh port ;)
Ok, I didn't remeber what is the default behavior of the firewall. But in that case (ssh port is closed) it is really not needed to run it at startup for every system. Andras -- Quanta Plus developer - http://quanta.kdewebdev.org K Desktop Environment - http://www.kde.org
Martin Schlander wrote:
I believe postfix, sshd and AppArmor are not necessary on most installations, I certainly always disable them.
I'm sure it varies a lot, but none of my systems would do very well without postfix and sshd. Using Apparmor or not is a security issue. /Per Jessen, Zürich -- ENIDAN Technologies GmbH - managed email-security. Is _your_ business under attack? http://www.spamchek.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (17)
-
Alberto Passalacqua -
Andras Mantia -
Andreas Vetter -
Carlos E. R. -
Christian Boltz -
Gaël Lams -
Hans Witvliet -
James Tremblay -
jdd -
Magnus Boman -
Marcus Meissner -
Martin Schlander -
Pascal Bleser -
Per Jessen -
Sid Boyce -
Stephan Kulow -
Volker Kuhlmann