Le 03/12/2010 20:17, Grant a écrit :
I just noticed that postgrey is listening on localhost:10030. Would
it be better to have it listen to a socket?
it's already listening on a socket! or do you mean a unix socket?
well, the question is what risk you are trying to mitigate (or how
"they" say: what is your threat model?).
- if you think a remote client would connect to localhost:10030, then
you'll need to fix your routing, packet filtering and NAT redirection to
prevent that.
- If you think a local program could connect to postgrey, a unix socket
will add some level of protection. but then check if you have other tcp
or udp sockets listening and see if the same applies...
PS. TCP sockets don't have Unix permission semantics, but they are nice
for chroot setups...
