savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers] Re: Using ssmtp in the chroot

From: Sylvain Beucler
Subject: Re: [Savannah-hackers] Re: Using ssmtp in the chroot
Date: Fri, 1 Oct 2004 02:04:48 +0200
User-agent: Mutt/1.4.2.1i 
On Thu, Sep 30, 2004 at 04:37:56PM -0400, James E. Blair wrote:
> Sylvain Beucler <address@hidden> writes:
> 
> > Hello,
> >
> > The change in the frontend to use SMTP instead of PHP mail() is not
> > welcome in Savane, and has some issues (like missing Date: field).
> >
> > It would be better to still use the PHP mail() function.
> >
> > I did not found documentation on why the SMTP code was used in the
> > first place; I assume it was meant to avoid installing exim in the
> > apache root.
> 
> Indeed.  The main requirement is to "keep the chroot simple".
> 
> There's not much point in making a chroot with as much software
> as the actual system.  Savannah's chroot has very little software (not
> much more than savannah and CVS).  We can keep a close watch on such a
> system.  
> 
> Normal MTAs do things like host lookups, and we intentionally didn't
> want to bring the system libraries into the chroot, so that's why we
> moved to SMTP.
> 
> Using the SMTP module we can just send all mail to 127.0.0.1 and then
> exim handles it from there.  In short -- it's the easiest and safest
> way out of the chroot.  No additional software needed.
> 
> > I suggest we instead install ssmtp (or a similar tool) in the apache
> > root, that will forward mail to localhost. It will ease the merge with
> > Savane and work like exim.
> >
> > Is anybody against this?
> 
> I'm not in against it in principle.  Certainly "/usr/lib/sendmail" has
> a history of being a widely compatible interface.  I think that a
> simple program that emulated that and sent mail on to 127.0.0.1 would
> be okay.  But I think we might run into problems:
> 
> When we tried to use an MTA to get mail out of chrooted savannah, it
> wanted to do a host lookup.  Even when statically compiled, programs
> that use gethostbyname invoke nss which insists on using dlopen for
> its libraries.  So suddenly this simple MTA needs a bunch of
> supporting system libraries to function.  I think ssmtp might have the
> same problem.
> 
> I like the simplicity of the SMTP method and would prefer to keep it.
> Can we fix the SMTP code and bring it up to standard?

Well, I also like the simplicity of not changing Savane or any other
PHP application to run in our chroot...

I tried to install ssmtp in my test install.

- The main problem comes from PHP, which seems to need 'sh' to launch
  'sendmail'. We could create a 'sh' that would only understand the
  '-c' option, or simply use bash (maybe you have some thoughs on
  putting a complete shell in the Apache root).

- ssmtp makes a call to getpwuid, which require nsswich.conf,
  /etc/passwd and some 'plugins'. The conf can be written to be as
  simple as possible and only require libnss_files.so. That getpwuid
  call is necessary for a feature I actually do not use (rev_aliases),
  so this should be fixed faster with some very basic editing of
  main.c.

No gethostbyname call apparently (note that I set the forwarding host
to 127.0.0.1).

I could send a mail to local and foreign host without problem, using
the original code relying on PHP mail().

That was some early results. I will experiment further tomorrow.

-- 
Sylvain
reply via email to
[Prev in Thread] Current Thread [Next in Thread]