sendmail update for suse 9.0 ?
Hi anyone in the list, I wonder if anyone knows a repository that still makes updates for suse 9.0 or even earlier available? For other distros there are som "addicts" that share their update-efforts with others für no longer officially supported Versions. Due to the severity of the latest sendmail race-condition problem I'd like to update my older mail servers but i really want to avoid a complete distrie-update just for sendmail. Has anyone a clue für such non-vendor-update-sites? Or does a person at novell/suse perhaps still provide some packages on some site ? Or would a package for SLES8 match with glibc of suse 9.0 (I tried the ackages of 9.1 but they don't fit)? any help is welcome. Thanks, Holger
On Thu, Mar 23, 2006 at 10:32:46AM +0100, iS-Fun Internet Services GmbH, Holger Diehm wrote:
Hi anyone in the list,
I wonder if anyone knows a repository that still makes updates for suse 9.0 or even earlier available? For other distros there are som "addicts" that share their update-efforts with others für no longer officially supported Versions.
Due to the severity of the latest sendmail race-condition problem I'd like to update my older mail servers but i really want to avoid a complete distrie-update just for sendmail.
Has anyone a clue für such non-vendor-update-sites? Or does a person at novell/suse perhaps still provide some packages on some site ? Or would a package for SLES8 match with glibc of suse 9.0 (I tried the ackages of 9.1 but they don't fit)?
You could just try the 9.1 RPMs, they might just work. We very strongly recommend upgrading to a supported product nethertheless. And if you plan to run servers longer than 2 years without OS upgrade to use our enterprise products. Ciao, Marcus
iS-Fun Internet Services GmbH, Holger Diehm wrote
Hi anyone in the list,
I wonder if anyone knows a repository that still makes updates for suse 9.0 or even earlier available? For other distros there are som "addicts" that share their update-efforts with others für no longer officially supported Versions.
Take the src.rpm for 9.1, remove the BuildRequires line in the spec file, rpmbuild -ba, and let it run on 9.0 cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
Frank Steiner wrote on Thu, 23 Mar 2006 11:26:56 +0100:
Take the src.rpm for 9.1, remove the BuildRequires line in the spec file, rpmbuild -ba, and let it run on 9.0
I've got the same problem as the original poster. Did you already try this approach or was it only a suggestion? I know that I can change the spec file, but if the somewhat older libraries on 9.0 have a different API this still won't work. I also still have two 8.2 machines which cannot be upgraded in a reasonable time frame. Might the 9.1 src.rpm also work on these or is it guaranteed that that there's too much changed regarding API between these library versions? Did anyone try it? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Kai Schaetzl wrote
Frank Steiner wrote on Thu, 23 Mar 2006 11:26:56 +0100:
Take the src.rpm for 9.1, remove the BuildRequires line in the spec file, rpmbuild -ba, and let it run on 9.0
I've got the same problem as the original poster. Did you already try this approach or was it only a suggestion? I know that I can change the spec
I did this on and for a 9.0 machine. -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
This may be of help to you: http://linux01.gwdg.de/~pbleser/allpackages.php Regards Keith In theory, theory and practice are the same; in practice they are not.
Frank Steiner wrote on Thu, 23 Mar 2006 14:01:30 +0100:
I did this on and for a 9.0 machine.
Great. Many thanks for the confirmation! Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Yes, thanks. I did it now on about 10 mailservers an it worked like a charm. I only had to rehash some dbs. I would share the built rpms - but i have zlib and other things upgraded manually, so they won't fin any other std-suse9.0-System. But the way to build sendmail from the srpm is a clean way to go for anyone. It even built an installed cleanly on some 8.2 machines. Thanks, Holger Am Donnerstag, 23. März 2006 14:01 schrieb Frank Steiner:
Kai Schaetzl wrote
Frank Steiner wrote on Thu, 23 Mar 2006 11:26:56 +0100:
Take the src.rpm for 9.1, remove the BuildRequires line in the spec file, rpmbuild -ba, and let it run on 9.0
I've got the same problem as the original poster. Did you already try this approach or was it only a suggestion? I know that I can change the spec
I did this on and for a 9.0 machine.
-- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
Holger Diehm iS-Fun Internet Services GmbH wrote on Fri, 24 Mar 2006 15:46:08 +0100:
I only had to rehash some dbs.
Yeah, why does it do this? I learned that the maps where missing when mail bound for our clients suddenly went to me ...
I would share the built rpms - but i have zlib and other things upgraded manually, so they won't fin any other std-suse9.0-System. But the way to build sendmail from the srpm is a clean way to go for anyone. It even built an installed cleanly on some 8.2 machines.
Ah, good to know, thanks, I was just going to start on these. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
I've downloaded the sendmail-8.12.11-2.2.src.rpm, however, it's not immediately clear how to extract the contents so as to make the modification. A bit more help would be great! Thanks! dcb ----- Original Message ----- From: "Frank Steiner" <fsteiner-mail1@bio.ifi.lmu.de> To: <h.diehm@is-fun.de> Cc: <suse-security@suse.com> Sent: Thursday, March 23, 2006 2:26 AM Subject: Re: [suse-security] sendmail update for suse 9.0 ?
iS-Fun Internet Services GmbH, Holger Diehm wrote
Hi anyone in the list,
I wonder if anyone knows a repository that still makes updates for suse 9.0 or even earlier available? For other distros there are som "addicts" that share their update-efforts with others für no longer officially supported Versions.
Take the src.rpm for 9.1, remove the BuildRequires line in the spec file, rpmbuild -ba, and let it run on 9.0
cu, Frank
-- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
dcb@vcomcon.com wrote:
I've downloaded the sendmail-8.12.11-2.2.src.rpm, however, it's not immediately clear how to extract the contents so as to make the modification. A bit more help would be great!
wrote on Thu, 23 Mar 2006 15:38:28 -0800:
I've downloaded the sendmail-8.12.11-2.2.src.rpm, however, it's not immediately clear how to extract the contents so as to make the modification. A bit more help would be great!
src.rpms install their contents to /usr/src/packages when you do a rpm -i Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Ok, I just gotta say this. This is sus-security, and you want to run *sendmail*?! Huh? What was once the leading source of server vulnerabilities? Why not switch to Postfix right now? If you must run Sendmail, you likely want to protect it with something like AppArmor. SUSE Pro 9.1 and SLES9 are the oldest editions that will support AppArmor. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Crispin Cowan wrote:
Ok, I just gotta say this. This is sus-security, and you want to run *sendmail*?! Huh? What was once the leading source of server vulnerabilities? Why not switch to Postfix right now?
Or qmail? From what I've read, which may or may not be either accurate or unbiased, Postfix is good, but qmail is even better. What is the reason for SuSE's choice of Postfix over qmail? -- Chuck Linsley linsley@sonic.net cel@linsley-family.net
Am 31.03.2006 um 22:06 schrieb Chuck Linsley:
Crispin Cowan wrote:
Ok, I just gotta say this. This is sus-security, and you want to run *sendmail*?! Huh? What was once the leading source of server vulnerabilities? Why not switch to Postfix right now?
Or qmail? From what I've read, which may or may not be either accurate or unbiased, Postfix is good, but qmail is even better.
What is the reason for SuSE's choice of Postfix over qmail?
Licensing. Or the fact that DJB didn't provided any kind of license with Qmail. Also, redistribution in binary-format is not allowed. And Postfix may be better suited for stand-alone desktop usage. Plus it has got a more modular architecture. For hosting, there's still nothing coming close to all the integrated tools from Inter7. And these lists are still run by qmail (if you read the headers), though that may have to do with the fact that nobody wants to do the migration ;-) cheers, Rainer
Hello, Am Freitag, 31. März 2006 22:23 schrieb Rainer Duffner: [...]
And these lists are still run by qmail (if you read the headers), though that may have to do with the fact that nobody wants to do the migration ;-)
In the opensuse mailinglist, you could read [1] that the migration will be done soon (probably when 10.1 was released and people @SUSE have some more time ;-)). The new server will run postfix + mlmmj. See also: http://en.opensuse.org/Meetings/Status_Meeting_2006-01-24#Mailinglist_migrat... (the timeframe has changed, but the other items are still valid AFAIK) Regards, Christian Boltz [1] in january IIRC -- No need to use Windows -- it's easier to go through the door. [author unknown]
Rainer Duffner wrote:
Am 31.03.2006 um 22:06 schrieb Chuck Linsley:
What is the reason for SuSE's choice of Postfix over qmail? Licensing. Or the fact that DJB didn't provided any kind of license with Qmail. Also, redistribution in binary-format is not allowed. Indeed. The licensing of Qmail is very interesting, and frustrating for distributions like SUSE.
The Qmail license says all sorts of interesting things. You can re-distribute the source code. You can modify the source code. You can compile and run the source code and host it yourself. *But* as Rainer points out, you are not permitted to distribute the binaries. More specifically, the only binary you are permitted to distribute is the one that DJB produced, bit for bit verbatim. no re-compiling of any kind. DJB justifies this by saying that he does not want to do support on hacked versions of his code, because he considers 3rd party modifications to be the most likely source of vulnerabilities, and he doesn't want to clean other peoples' messes. An arrogant position for most people, but for DJB he is likely correct. As a consequence, Qmail is formally *not* open source, even though the source code is available, because the source code is not *freely* (libre) available because of this restriction. Therefore it is basically not possible for SUSE to distribute Qmail. At most we could bundle the source code and give you instructions on how to compile it. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Therefore it is basically not possible for SUSE to distribute Qmail. At most we could bundle the source code and give you instructions on how to compile it.
Oh! That would be more than wellcome for newcommers to mail servers administrators... :-) -- Saludos, miguel
miguel gmail wrote:
Therefore it is basically not possible for SUSE to distribute Qmail. At most we could bundle the source code and give you instructions on how to compile it.
Oh! That would be more than wellcome for newcommers to mail servers administrators... :-)
IMHO, newcommers to mail server administration should not be messing with compiling the mail server, they have enough variables to worry about :) So these newcomers should just use Postfix. Advanced mail server administrators, on the other hand, are free to go download the source for Qmail and deploy it themselves. The Qmail license effectively prevents SUSE from adding significant value, so there is no point in bundling it. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Crispin Cowan wrote:
Oh! That would be more than wellcome for newcommers to mail servers administrators... :-) IMHO, newcommers to mail server administration should not be messing with compiling the mail server, they have enough variables to worry about :) So these newcomers should just use Postfix. Advanced mail server administrators, on the other hand, are free to go download the source for Qmail and deploy it themselves. The Qmail license effectively prevents SUSE from adding significant value, so there is no point in bundling it.
I absolutely agree with this position, but also have much less respect for DJBs position on his source code. Postfix is an example of great free software and performs very well in a full range of usage scenarios. Consequentially, it is also very secure and also no. 1 choice for a large majority of e-mail servers, for soho solutions and large clusters alike. Being actively developed, it also implements features Qmail is very likely never going to have, as DJB is only one man. I don't see how suse (the distribution) would benefit from bundling this software. I may like it, but I can't use it because of all the issues set forth in this thread.
On 4/4/06, Jure Koren <jure@aufbix.org> wrote:
Crispin Cowan wrote:
Oh! That would be more than wellcome for newcommers to mail servers administrators... :-) IMHO, newcommers to mail server administration should not be messing with compiling the mail server, they have enough variables to worry about :) So these newcomers should just use Postfix. Advanced mail server administrators, on the other hand, are free to go download the source for Qmail and deploy it themselves. The Qmail license effectively prevents SUSE from adding significant value, so there is no point in bundling it.
I absolutely agree with this position, but also have much less respect for DJBs position on his source code. Postfix is an example of great free software and performs very well in a full range of usage scenarios. Consequentially, it is also very secure and also no. 1 choice for a large majority of e-mail servers, for soho solutions and large clusters alike. Being actively developed, it also implements features Qmail is very likely never going to have, as DJB is only one man. I don't see how suse (the distribution) would benefit from bundling this software. I may like it, but I can't use it because of all the issues set forth in this thread.
I do agree with (all of) you. Nothing easier than using the bundled Postfix. It is quite easy to use, and there is as much information as I may ever need. And I did use it some time ago. But I am also looking to improve my knowledge, the possibilities I offer to my customers, say with qmail, exim or whatever. And including some detailed and specific instructions for installing qmail on SuSE... would be a definitive advantage for qmail and lazy administrators like me. Maybe, the word ´newcommers´ was not very accurarate in my case :-? -- Saludos, miguel
On Tue, Apr 04, 2006 at 10:53:38AM +0200, miguel gmail wrote:
On 4/4/06, Jure Koren <jure@aufbix.org> wrote:
Crispin Cowan wrote:
Oh! That would be more than wellcome for newcommers to mail servers administrators... :-) IMHO, newcommers to mail server administration should not be messing with compiling the mail server, they have enough variables to worry about :) So these newcomers should just use Postfix. Advanced mail server administrators, on the other hand, are free to go download the source for Qmail and deploy it themselves. The Qmail license effectively prevents SUSE from adding significant value, so there is no point in bundling it.
I absolutely agree with this position, but also have much less respect for DJBs position on his source code. Postfix is an example of great free software and performs very well in a full range of usage scenarios. Consequentially, it is also very secure and also no. 1 choice for a large majority of e-mail servers, for soho solutions and large clusters alike. Being actively developed, it also implements features Qmail is very likely never going to have, as DJB is only one man. I don't see how suse (the distribution) would benefit from bundling this software. I may like it, but I can't use it because of all the issues set forth in this thread.
I do agree with (all of) you. Nothing easier than using the bundled Postfix. It is quite easy to use, and there is as much information as I may ever need. And I did use it some time ago.
But I am also looking to improve my knowledge, the possibilities I offer to my customers, say with qmail, exim or whatever. And including some detailed and specific instructions for installing qmail on SuSE... would be a definitive advantage for qmail and lazy administrators like me.
http://opensuse.org/Qmail is all yours to edit. :) Ciao, Marcus
miguel gmail wrote:
I do agree with (all of) you. Nothing easier than using the bundled Postfix. It is quite easy to use, and there is as much information as I may ever need. And I did use it some time ago.
But I am also looking to improve my knowledge, the possibilities I offer to my customers, say with qmail, exim or whatever. And including some detailed and specific instructions for installing qmail on SuSE... would be a definitive advantage for qmail and lazy administrators like me.
The problem is: you need a lot of patches to make it work the way you want. The patches may be incompatible, and thus several different fearless code-warriors merged some of their favourite patches. People have actually created businesses by providing patches, tutorials and scripts to ease the installation of qmail and related tools. I prefer Matt Simerson's toaster-setup: http://www.tnpi.biz/internet/mail/toaster.shtml But there are more: http://www.qmailrocks.org/ http://www.shupp.org/toaster/ http://www.qmailtoaster.com/ The problem is: you still have to have a good idea what the scripts will be doing in the background, or you're really lost in case things don't work anymore (but you can then hire the guy who wrote the tutorial - as I said, most have created a business out of it...) cheers, Rainer
Rainer Duffner schrieb:
I prefer Matt Simerson's toaster-setup: http://www.tnpi.biz/internet/mail/toaster.shtml
But there are more: http://www.qmailrocks.org/ http://www.shupp.org/toaster/ http://www.qmailtoaster.com/
The problem is: you still have to have a good idea what the scripts will be doing in the background, or you're really lost in case things don't work anymore (but you can then hire the guy who wrote the tutorial - as I said, most have created a business out of it...)
but with a little effort, you can find out a lot about SMTP, qmail and so on, even if you don't understand everything right away. Gentoo portage is a very nice way, to get around the DJB restrictions for the qmail sourcecode. If you have the right ebuild (my brother worked a lot on the official qmail ebuild), it will do all the patching and compiling for you. For these "rare" cases, the portage system would be of use in a suse environment. However doing the QA for this will be a PITA for the SuSE team. Mit freundlichen Grüßen Jörn Ott -- ------------------------------------------------------------ Jörn Ott Telefon: (0 22 24) 94 08 - 73 EDV Service & Beratung Telefax: (0 22 24) 94 08 -74 Lohfelder Str. 33 E-Mail: mailto:white@ott-service.de 53604 Bad Honnef WWW: http://www.ott-service.de/
<...>
I do agree with (all of) you. Nothing easier than using the bundled Postfix. It is quite easy to use, and there is as much information as I may ever need. And I did use it some time ago.
But I am also looking to improve my knowledge, the possibilities I offer to my customers, say with qmail, exim or whatever. And including some detailed and specific instructions for installing qmail on SuSE... would be a definitive advantage for qmail and lazy administrators like me.
I strongly suggest to read life with qmail (http://www.lifewithqmail.org/) written by Dave Sill, it gives you all the information needed to install, configure and maintain a qmail server. If you don't go with stock qmail but rather with netqmail (as suggested in life with qmail), you will have a handful of the most useful patches at hand. If you follow the instructions to the point you will get a solid installation of qmail. In case of any problem you may ask for help on the qmail list. But be warned, don't ask FAQs on the qmail list and read the archives before asking - otherwise wear your asbestos suit ;-) But if you like a packaged MTA with whistles and bells that runs great just out of the rpm, postfix is the way to go. Best regards Reto
Crispin Cowan wrote:
miguel gmail wrote:
Therefore it is basically not possible for SUSE to distribute Qmail. At most we could bundle the source code and give you instructions on how to compile it.
Oh! That would be more than wellcome for newcommers to mail servers administrators... :-)
IMHO, newcommers to mail server administration should not be messing with compiling the mail server, they have enough variables to worry about :) So these newcomers should just use Postfix.
Advanced mail server administrators, on the other hand, are free to go download the source for Qmail and deploy it themselves. The Qmail license effectively prevents SUSE from adding significant value, so there is no point in bundling it.
Crispin
I don't miss Qmail on SuSE (I usually run it on FreeBSD, where the ports-system and Matt Simerson's toaster-script does wonders - and stock Qmail is useless for anything but the simplest cases, where Postfix creates less headaches) - but what I really miss are RPMs (or .spec-files) for djbdns (and daemontools and ucspi-tcp). DJB's DNS-cache is one of those things that I end up installing on all hosts that need to do more than a handful of lookups - and it can boost performance several orders of magnitude compared to using a non-local DNS-resolver. So, as binaries are not allowed for all DJB-ware and the default install is really horrible, I'd appreciate if some kind of "clean" .spec file, that helps installing it in a SuSE-compliant way, was available. Because it does offer significant value ;-) cheers, Rainer
miguel gmail wrote:
Therefore it is basically not possible for SUSE to distribute Qmail. At most we could bundle the source code and give you instructions on how to compile it.
Oh! That would be more than wellcome for newcommers to mail servers administrators... :-)
But especially for newcomers I'd strongly suggest to go with Postfix. Qmail can be a very reliable, secure and capable mailserver. But to make it capable, you have to patch it to even get what nowadays is regarded as basic functionality. And unfortunately the patches don't always work together, and they can make qmail less reliable and secure. To get a working qmail up and running like it should, you really have to know what you do. And if you do that, you can already download the sourcecode yourself. I maintain a qmail mailserver myself and compared to my postfix servers, it's far more hassle to do any changes like integrating a virus scanner. Postfix on the other hand comes pre-packaged, has it's configuration in a central location, has a configuration one can easily understand (and there's enough comments to help you) and nice documentation. Regards, Stefan Seifert
Stefan Seifert wrote:
I maintain a qmail mailserver myself and compared to my postfix servers, it's far more hassle to do any changes like integrating a virus scanner.
Postfix on the other hand comes pre-packaged, has it's configuration in a central location, has a configuration one can easily understand (and there's enough comments to help you) and nice documentation.
Can postfix easily do virtual domains? -- Chuck Linsley linsley@sonic.net
On Tuesday 04 April 2006 20:13, Chuck Linsley wrote:
Stefan Seifert wrote:
Postfix on the other hand comes pre-packaged, has it's configuration in a central location, has a configuration one can easily understand (and there's enough comments to help you) and nice documentation. Can postfix easily do virtual domains?
Yes, this is basic functionality. The debate is not fit for a security list, but I can help with it off-list, or you can join postfix-users mailing list. Until then it is best if you read the docs: http://www.postfix.org/virtual.5.html and http://www.postfix.org/VIRTUAL_README.html -- Jure Koren, n.i.
Crispin Cowan wrote on Thu, 30 Mar 2006 12:36:26 -0800:
What was once the leading source of server vulnerabilities?
You say it: once. It's been a long time since the last security problem. I suppose you don't run Apache either on novell.com? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Frank Steiner wrote on Thu, 23 Mar 2006 11:26:56 +0100:
Take the src.rpm for 9.1, remove the BuildRequires line in the spec file, rpmbuild -ba, and let it run on 9.0
The build process fails in the last stages because of a missing submit.cf chown: failed to get attributes of `/var/tmp/sendmail-8.12.11-build/etc/mail/submit.cf': No such file or directory Anyone knows what's missing that it doesn't get put there? The tarball contains it in cf/cf. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Kai Schaetzl wrote on Fri, 24 Mar 2006 14:31:17 +0100:
chown: failed to get attributes of `/var/tmp/sendmail-8.12.11-build/etc/mail/submit.cf': No such file or directory
I missed tcpd when adding the packages necessary for bulding. All well now. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
participants (15)
-
Christian Boltz -
Chuck Linsley -
Crispin Cowan -
dcb@vcomcon.com -
Frank Steiner -
iS-Fun Internet Services GmbH, Holger Diehm -
Jure Koren -
Jörn Ott -
Kai Schaetzl -
Marcus Meissner -
miguel gmail -
Rainer Duffner -
Reto Inversini -
Stefan Seifert -
suse@karsites.net