On Tue, Jul 19, 2011 at 05:11:57PM +0200, Matthias Andree wrote:
> If that's indeed the situation, review the security implications; you
> can either use ACLs to permit the dspam user execute permission fix that
> up (if supported and enabled on your /var filesystem), or you can
> consider making dspam a member of the postdrop group.
>
> (1) mine looks like this on Postfix 2.8:
>
> drwx--s--- 2 postfix postdrop 4096 2011-07-19 00:44
> /var/spool/postfix/public
I think it is unwise to add "dspam" to the "postdrop" group. This would
give "dspam" unwanted additional rights, e.g. to write the maildrop
directory.
--
Viktor.
