Re: pop3/imap server - possibly stupid question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Samuel Sieb quoted the postfix aliases file:

# For various security reasons, postfix WILL NOT deliver mail as root, so
# ensure that the root alias is aliased to a HUMAN user, as otherwise
# mail may get delivered to the $default_privs user (nobody).

Alexander Dalloz wrote:
> Ok Samuel, this default setup of Postfix is new to me. Thanks for
> pointing this out. I will have to read the Postfix documentation to
> understand the "various security reasons".

As I understand it...

Postfix is a "paranoid MTA", written in response to Sendmail security
problems and Dan Bernstein's qmail (the package, the license, and the
author have all been controversial).

Postfix is not a program as such: it's a flock of mutually-suspicious
programs, none of which trust each other, flying in close formation.
The smtpd daemon that listens to port 25 (the SMTP port) is SUID root
just long enough to open port 25, then drops root privileges before any
connections are made.  Everything else is done as the postfix user. And
all the other programs just run as postfix, so a theoretical Postfix
vulnerability would not give an attacker instant root (as a Sendmail
vulnerability would).

The exception is the final delivery to the mailbox, which is done with
the rights of the owner of that mailbox. If that owner is root, then
obviously that *would* make the "local" program run as root.

So that isn't allowed. It's paranoid, and I'm happy to have it working
for me.

James.

-- 
E-mail address: james | "We completely deny the allegations, and we're
@westexe.demon.co.uk  | trying to identify the alligators."



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux