r6805 - in trunk/BOOK: . basicnet/mailnews introduction/welcome

Ag. D. Hatzimanikas a.hatzim at gmail.com
Wed Jun 13 01:35:31 PDT 2007


On Wed, Jun 13, at 10:28 Alexander E. Patrakov wrote:
> dnicholson at linuxfromscratch.org wrote:
> 
> >  <screen><userinput>./configure --prefix=/usr --sysconfdir=/etc \
> > +    --with-docdir=/usr/share/doc/mutt-&mutt-version; \
> > +    --enable-pop --enable-imap --enable-smtp &&
> 
> Sorry Dan, but I disagree with your comment in Trac: "I also left out the 
> --with-sasl since none of the other --with-* args are explained. Hopefully 
> you know that if you need SMTP auth, you need sasl."
> 
> For me, this bit of knowledge looks non-obvious. I used msmtp on the CD 
> before --enable-smtp got added, and it didn't need SASL for SMTP 
> authentication. I think that many Mutt users follow the thame line of 
> thought. Moreover, from Trac comments, it looks like it took Ag two rebuilds 
> to figure this out.
> 
> I oppose to having commands with such trap in the book, i.e. ideally they 
> must work from the first attempt.
> 

Alexander, I want to be honest.

Personally, I don't build mutt with smtp support, just because of
reasons like this. 
It adds complexity to built instructions (many dependencies),
and... unnecessary code, which may lead to bugs, *unrelated* to the core 
mutt (which I am interested).

Another thing is that, if you enable smtp support, you have to supply
the password every time you need to send a message (nightmare if you also
use mutt in scripts), or this returns to ugly (to say at least) situations,
like:

set smtp_url="smtp://username:mypassword@smtp.gmail.com:587
in your muttrc

Un-desirable, dangerous and stupid; you have to give your muttrc special 
permissions.

Or,
set smtp_url="smtp://username:`awk '/^password/{print $2}' ~/.somefile_with_special_\
		permissions`@smtp.gmail.com:587
Hack!

While I initially was happy with smtp support, I turn out to be the opposite, as 
times goes on.

A MTA and especially a sendmail compatible MTA, is absolutely necessary to a 
_production_ system and we have to recommend it with any chance.
This also conforms with the Unix tradition (one tool for one job).

For these reasons, we have to warn users about the possible flaws in the
built-in smtp support and to mention also to build it --with-sasl and perhaps
--with-ssl, if we want to be complete.

Complexity, complexity, complexity.

>From the other side, people these days, they seem to add a considerable value
to "all in one" solutions, when they choose their software.
This is the trend, which I disagree, but it seems that I belong
to the minority, thus I have to shut up.

Personally as I said above, I prefer to have a MTA to do smtp-relay and let mutt to
do what it was supposed to do, but for the book; quite honestly I am undecided.

The guy in balance in me says, to disable smtp support, and to explicitly mention 
(the --enable-smtp switch) in the Command Explanations, with a note to link it
against Cyrus SASL, because some common smtp servers like googlemail, use it for
smtp authentication.
Here is the esmtp patch added by Brendan.
http://dev.mutt.org/hg/mutt/rev/f15667e8faff


A patch that make use of above thoughts attached.
It also fixes a forgotten applied patch.
Feel free to apply a better wording or a different approach.

Other (Archaic?) opinions needed.
-------------- next part --------------
Index: basicnet/mailnews/mutt.xml
===================================================================
--- basicnet/mailnews/mutt.xml	(revision 6806)
+++ basicnet/mailnews/mutt.xml	(working copy)
@@ -115,16 +115,12 @@
 
 <screen role="root"><userinput>chgrp -v mail /var/mail</userinput></screen>
 
-    <para>Fix a security vulnerability in <application>Mutt</application>:</para>
-
-<screen><userinput>patch -Np1 -i ../mutt-&mutt-version;-security_fix-1.patch</userinput></screen>
-
     <para>Install <application>Mutt</application> by running the following
     commands:</para>
 
 <screen><userinput>./configure --prefix=/usr --sysconfdir=/etc \
     --with-docdir=/usr/share/doc/mutt-&mutt-version; \
-    --enable-pop --enable-imap --enable-smtp &&
+    --enable-pop --enable-imap &&
 make</userinput></screen>
 
     <para>If you have the necessary dependencies installed and would like
@@ -166,7 +162,15 @@
     IMAP support.</para>
 
     <para><parameter>--enable-smtp</parameter>: This switch enables
-    SMTP relay support.</para>
+    SMTP relay support. It might also adds a required dependency to
+    <xref linkend="cyrus-sasl"/>, because some smtp servers use SASL
+    for ESMTP authentication. You have to enable it with the 
+    <parameter>--with-sasl</parameter> switch.</para>
+    <para>Note: If you make use of the built-in smtp support in
+    <command>mutt</command>, you make sure that you have read carefully
+    about the smtp-pass variable in Mutt documentation, and the security 
+    risks that you are taking if you enable it in your <filename>~/.muttrc</filename>. 
+    </para>
 
     <para><parameter>--with-...</parameter>: This switch enables the various
     dependencies.</para>


More information about the blfs-book mailing list