Jeff Spaleta wrote:
On Thu, Dec 18, 2008 at 5:27 AM, Steve Grubb
<sgrubb(a)redhat.com> wrote:
> We ran into a problem doing the LSPP evaluation with regards to email. Of all
> the packages listed, the only one that really mattered for security was cron.
> So, what we did was patched cron to be able to take an argument, -m, to
> define the mail delivery agent. It could be a shell script, procmail, or
> anything you wanted to take the cron output and move it into the local spool
> dir. Would using this solve the problems being debated here? (And since cron
> can take a mail agent argument, it should not have a hard requirement for
> sendmail.)
How would you expose the option to use the argument for a local admin?
Having them edit the service file in init.d seems inappropriate. Would
you expose it in an etc/sysconfig/ file to be parsed at service
script start?
That just seems like the wrong place to short-circuit an existing good
general solution. If you want root's mail to go somewhere else, use
aliases or .procmailrc. If you want to splat text onto a screen on the
odd chance that someone who cares happens to be watching, add a program
that takes a message on a pipe and does that, and use the existing
mechanisms to run it. Or add one that alerts for mailbox deliveries.
But don't break the well-designed ability to send to multiple
destinations, including local and non-local for the people who actually
do want the messages.
--
Les Mikesell
lesmikesell(a)gmail.com