* Steffen Nurpmeso: > >I think it is more than "a bit flakey". You ask Wietse to support > >something which introduces a significant security risk. > > Now you exaggerate a bit.
Not really, the original example of invoking "iptables" directly requires root provileges. That could be mitigated by using sudo, but this step was not included in the example. Wietse could provide a security wrapper, but why should he bother? The core argument as far as I am concerned is that it is not part of Postfix's responsibilities to trigger external processes when a login error occurs or somebody targets a honeypot address. Postfix writes to a log, and I think that's enough. An interested party could hook into syslog, removing the need to scan log files (although the latter is easy enough). That would have the added benefit of also taking care of other software, like Dovecot or OpenLDAP. The analysis I require is not limited to Postfix logs, and I don't think I am alone in this regard. > Heck my mailing-lists still use mailman2 and python2 [...] Mailman2 was written for Python 2.x. That is different from people asking me to retroactively add Python 3.6 support for software I wrote for versions >= 3.7. -Ralph _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
