On Friday 25 July 2008 19:32, Russell Coker wrote: > Package: postfix-policyd-spf-perl > Version: 2.005-2 > Severity: normal > > Having a daemon or server process run as "nobody" is a bad idea because if > more than one daemon or server does it then one compromised daemon could > attack others. > > Please make the postinst create an account named "postfix-policy" or > similar.
Makes sense. I'll do this. > Also it would be good if the package included a script to enable and > disable this. Something like /usr/sbin/config-postfix-policyd-spf-perl > which has options "enable" and "disable" to change the postfix > configuration files. Since administrators will configure their Postfix restrictions differently and this needs to be integrated into their smtpd restrictions (usually recipient restrictions) I don't think this is safely scriptable. Patches welcome if you have a safe approach, but I don't see one. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

