On Mon, 22.07.13 18:50, Nicolas Mailhot (nicolas.mailhot@xxxxxxxxxxx) wrote: > > Le Lun 22 juillet 2013 18:29, Lennart Poettering a écrit : > > > If you want to centralize system configuration, rather then services, > > then go ahead and do, that, but actually centralize *the configuration*, > > not the service. In particular, because a centralized client-side SMTP > > service is a really questionnable thing on today's Internet where SMTP > > delivery connections are almost always authenticated by a *user* id. Due > > to that they are generally much better configured in the MUA which > > actually run in the user context instead of a system service which lacks > > all that and where no infrastructure exists for supplying user > > authentication information. > > Actually, with the various Fedora MUAs I've used, it ended up being easier > to configure them to use local MTA as relay than to try to convince them > individually to do anything more complex than 'non-encrypted smtp without > auth' (when the options existed they changed every few MUA versions and I > got tired of re-parametring them all the time). Bonus point is that > changing the relay options fixes all MUAs in one go, I got free logging of > the MUA activity, and a send queue that does not depend on running the MUA > when the network comes back. I find it quite amazing that you actually use multiple different MUAs in parallel. I mean, most people stick to one MUA usually, maybe two. But you make it sound as if you need to access your emails through 5 or 10 or so, so that it is really worth making this kind of low-level configuration change. It's also hardly something we can suggest people to actively do. User credentials should not leak into the system like that. If two users send emails on the same host, then the SMTP delivery needs to provide proper authentication to the mail gateway attributing the individual mails to the right user. You lose that by always going via your local MTA. It certainly works for single-user systems but this generally not how we do things on Linux, where user and system configuration in general and authentication credentials in particular are strictly isolated. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
