-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The one potentially problematic case that comes to mind is mail submission by sendmail; mechanisms such as cron, at, etc, expect to be able to generate mail from unprivileged users and that may break if you use sendmail as the MTA but without setuid. There are mail systems that don't require setuid, instead relying on LTMP, which might be preferable in your environment. I also find su very helpful, FWIW :-).
You can solve this by having sendmail put up an SMTP listener on a named socket. Create a directory /var/run/sendmail that is mode 755 owned by the sendmail runtime user (smmsp), then have sendmail listen on /var/run/sendmail/submission instead of port 25 (or 587).
To make this useful to applications we would need a function (in libutil?) that mail clients could call to do the dirty work of submission. There are benefits to this approach over using command-line sendmail to submit: the client can make use of SMTP facilities such as DSNs, message tracking, delivery-by, etc.
- --lyndon
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 - not licensed for commercial use: www.pgp.com
iQA/AwUBPvdr1wqAE4lfBssoEQJxQgCfVD+371Qc/xaQXGc0KcpREY2LcIsAoO42 x7RWNGMO1/VM5n0oJGgc/ulq =ZYQI -----END PGP SIGNATURE-----
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
