savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers] Re: Using ssmtp in the chroot

From: Sylvain Beucler
Subject: Re: [Savannah-hackers] Re: Using ssmtp in the chroot
Date: Mon, 25 Oct 2004 21:10:27 +0200
User-agent: Mutt/1.4.2.1i 
Hi,

I got busy with the Savannah 'recuitment', 'teaching', and clearing
the pending projects queue, but I am now able to work on this issue
again:

On Fri, Oct 01, 2004 at 01:29:39PM +0200, Mathieu Roy wrote:
> Sylvain Beucler <address@hidden> tapota :
> 
> > On Thu, Sep 30, 2004 at 04:37:56PM -0400, James E. Blair wrote:
> >> Sylvain Beucler <address@hidden> writes:
> >> 
> >> > Hello,
> >> >
> >> > The change in the frontend to use SMTP instead of PHP mail() is not
> >> > welcome in Savane, and has some issues (like missing Date: field).
> >> >
> >> > It would be better to still use the PHP mail() function.
> >> >
> >> > I did not found documentation on why the SMTP code was used in the
> >> > first place; I assume it was meant to avoid installing exim in the
> >> > apache root.
> >> 
> >> Indeed.  The main requirement is to "keep the chroot simple".
> >> 
> >> There's not much point in making a chroot with as much software
> >> as the actual system.  Savannah's chroot has very little software (not
> >> much more than savannah and CVS).  We can keep a close watch on such a
> >> system.  
> >> 
> >> Normal MTAs do things like host lookups, and we intentionally didn't
> >> want to bring the system libraries into the chroot, so that's why we
> >> moved to SMTP.
> >> 
> >> Using the SMTP module we can just send all mail to 127.0.0.1 and then
> >> exim handles it from there.  In short -- it's the easiest and safest
> >> way out of the chroot.  No additional software needed.
> >> 
> >> > I suggest we instead install ssmtp (or a similar tool) in the apache
> >> > root, that will forward mail to localhost. It will ease the merge with
> >> > Savane and work like exim.
> >> >
> >> > Is anybody against this?
> >> 
> >> I'm not in against it in principle.  Certainly "/usr/lib/sendmail" has
> >> a history of being a widely compatible interface.  I think that a
> >> simple program that emulated that and sent mail on to 127.0.0.1 would
> >> be okay.  But I think we might run into problems:
> >> 
> >> When we tried to use an MTA to get mail out of chrooted savannah, it
> >> wanted to do a host lookup.  Even when statically compiled, programs
> >> that use gethostbyname invoke nss which insists on using dlopen for
> >> its libraries.  So suddenly this simple MTA needs a bunch of
> >> supporting system libraries to function.  I think ssmtp might have the
> >> same problem.
> >> 
> >> I like the simplicity of the SMTP method and would prefer to keep it.
> >> Can we fix the SMTP code and bring it up to standard?
> 
> PHP allows SMTP distant host configuration when running on Windows:
>     http://fr2.php.net/manual/en/ref.mail.php
> 
> Cannot you compile PHP to behave in regard of SMTP just like if it was
> running on Windows?

As far as I am concerned, I still prefer the ssmtp method.

Even if it does requires some libraries for NSS, I do not think of it
as a security issue. If during the discussion it appears it is, it can
be slightly modified to avoid this dependency.

It is simpler than Exim, and I am able to statically compile it (Exim
has non-autotools-driven build system, and in addition I cannot get to
statically compile it) - by the way, I would like to discuss why it is
important to statically build our chroot'd applications.

Above all, it is completely independant, so we needn't maintain our
own install of PHP, or of Savane.

Any comment?

-- 
Sylvain
reply via email to
[Prev in Thread] Current Thread [Next in Thread]