There are more than a few places in the file system where Postfix
meets the non-Postfix world. This is what I came up with in a few
minutes.
- Pathnames in $forward_path (pathnames for .forward files for UNIX
system accounts). These are accessed while impersonating a recipient.
- Pathnames, commands, and :include:/file/name directives in
$alias_maps lookup results and in .forward files. These are accessed
while impersonating a recipient, the owner of an alias table, or
with $default_privs. **Some of this information is controlled by a
user.**
- Pathnames in $mail_spool_directory. These are accessed while
impersonating a recipient or with $default_privs.
- Pathname $maillog_file. This is opened as root, written as
$mail_owner.
- Pathnames in $virtual_mailbox_maps lookup results. These are
accessed while impersonating a recipient.
I could add a disclaimer for each of these, but who would it help?
For the skilled admin it's stating the obvious, and for the unskilled,
it is just another piece of information overload.
The real problem is with 'security' systems that don't report what
they are doing (perhaps out of arrogance: if you don't know why X
is blocked then you are not worthy of knowing that).
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
