Bug#410756: exim4 default config utterly useless for 98% of users

Marc Haber mh+debian-packages at zugschlus.de
Tue Feb 13 09:16:30 CET 2007 

retitle #410756 improvement suggestsions for default config
severity #410756 wishlist
reassign #410756 exim4-config
user exim4 at packages.debian.org
usertags #410756 post-etch
thanks

Thanks for your suggestions. I have marked and tagged them
appropriately.

On Mon, Feb 12, 2007 at 06:54:09PM -0800, prosolutions at gmx.net wrote:
> Okay, maybe not exactly 98%, but it can be guaranteed that the vast
> majority of people using Exim fall into the category of people with an
> ISP account who must use their ISP's mail server if they expect to be
> able to send mail anywhere.
> 
> Given that this is the case, it seems like a serious problem with Exim4
> that it fails to take into account the type of usage for the vast
> majority of users and insists on setting up a default configuration that
> is for all intents and purposes utterly worthless to them.
> 
> Here is what end user's want their mail client to do:
> 
>  - set itself up to authenticate against their ISP's mailer

Just throw your credentials into /etc/exim4/passwd.client. We have
intentionally not debconfed this at the current time because of #244724.

>  - if the mail supports TLS encryption, by all means use it

This is already the case.

>  - if the mailer supports CRAM-MD5 or other secure auth mechanism, use
>    it

CRAM-MD5 has the serious disadvantage of needing the password stored
in clear text on the client system. It is my opinion that the client
system is more likely to be compromised than the network being in use.
This might have changed in these days where unencrypted wireless LAN
installations play a role.

Do you have hard statistical data about how many ISP smarthosts do not
support STARTTLS but do support CRAM-MD5.

I still tend to belive that the decision to use CRAM-MD5 should be one
of the end user, but most end users are not qualified to take that
decision.

>  - provide a simple, easy-to-find way to reconfigure Exim, ideally with
>    a command that begins with "exim4" and can be found or easily
>    intuited via tab-completion

So you'd want to have a command exim4-reconfigure which does nothing
more than call dpkg-reconfigure exim4-config? Sorry, this is only
going to happen if this gets widely supported in Debian. The pointer
to dpkg-reconfigure exim4-config is in README.Debian.gz chapter 2.

> A couple of other considerations:
> 
>  - the first debconf question is this question about split
>    configuration.

This question can be moved to somewhere later in the configuration
process. I'm going to consider this for post-etch.

>  - The second option for type of mail configuration is "mail sent by
>    smarthost; received via SMTP or fetchmail"   There are couple of
>    problems with this: first, the terminology is not what the average
>    enduser is familiar with.

What terminology should be used here?

>   Again, they are being inundated right at the outset when all they
>   want is the bloody mail to work with their ISP's mailer.  Second,
>   when this option is selected, the end result 99% of the time IS NOT
>   A CONFIGURATION THAT ACTUALLY WORKS WITH THE MAILER.  Again, 98% of
>   the mailers are going to require SMTP client AUTH but this DOES NOT
>   GET CONFIGURED CORRECTLY!

If you want to be heard, do not alienate the people who you want to
follow your advice.

>  - The next question after this is "System mail name".  Again, for the
>    average person used to setting up Lookout or whatever to work with
>    their ISP's mailer, their reaction is going to be "What?  What does
>    that have to do with anything?"

If you use a GUI mailer, you'd be better off with having it deliver
directly to your ISP.

Don't we give a reasonable default for this question?

>  - "IP-addreses for incoming connections" - the default is 127.0.0.1, but
>    the text could be more clear and say something like "Do not change
>    this unless you know what you are doing.  Altering this value could
>    pose a security risk to your system.  For most users, the default value
>    is sufficient."

Good idea. Since debconf templates have a rather severe size limit, I
cannot guarantee that this can be implemented in debconf. I have
committed the text to README.Debian in svn.

> -  "Other destinations for which mail is accepted" - it could be clearer
>    and say that the default is sufficient for the vast majority of
>    users.

Defaults are usually sufficient for the vast majority of users. I
don't think it is a good idea to bloat the docs with matters of course.

>  - "IP address or host name of the outgoing smarthost."  Here the name or
>    address of the smarthost is entered.  Most users would think that
>    after this point that it would be configured to work with the ISP's
>    mailer, but they would be wrong.

What do you suggest changing?

>  - "Hide local mail name in outgoing mail"  Here is a problem with this:
>    if a user says "No" then tries to send mail, the ISP's mailer will
>    likely reject it because it will see From: <local user>@<host name>
>    with a message like "Sender address does not belong to logged in
>    user"   That's because the ISP's mailer expects it to be
>    <user>@<isp-mailer's domain> and has no idea about the host name of the
>    user's computer.

This is going to happen only if the ISP's mailer insists on their mail
addresses being used, which is thankfully the exception.

>   Cannot Exim4 be designed to install
>   so that it will work for most people without a huge fuss?

If it were _that_ easy, we'd have implemented this a long time ago.

We need your help. Please advise what to do. Give examples and
suggestions, wording for new templates and descriptions what's going
to happen.

> On a side note, I am willing to bet that were it the case that Exim4 set
> up properly, there would be a huge change in popularity-contest ratings,
> because it is almost guaranteed that a large majority of the reports
> fail to send.

popularity-contest (1.34) unstable; urgency=low
  * Remove question about submission method (http/smtp).  The HTTP
    method is and should be the primary submit method for new
   installations,
 -- Petter Reinholdtsen <pere at debian.org>  Mon,  4 Sep 2006 19:09:06 +0200
 
Please additionally note that I do not particularly enjoy communiating
with anonymous entities.

Additionally, when you claim percentages, I'd love to know how you
have determined these numbers. We are desperately trying to find out
who uses exim to gear them better. If you have just guessed them, I
guess against you that you have guessed way too high. That way, you're
only going to alienate the people you want to work for you.

You are also invited to join the pkg-exim4-devel mailing list to take
part in the development progress. You will probably love to read a
thread from the last summer (June - August, IIRC), where IIRC Wouter
suggested a completely new configuration scheme and also said that he
would implement it. Unfortunately, he hasn't yet gotten around to
actually produce code.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the Pkg-exim4-maintainers mailing list