On Tue, Jul 19, 2011 at 05:29:57PM +0200, Lars T??uber wrote:
> > If that's indeed the situation, review the security implications; you
> > can either use ACLs to permit the dspam user execute permission fix that
> > up (if supported and enabled on your /var filesystem), or you can
> > consider making dspam a member of the postdrop group.
>
> thanks. That's it. I just put dspam in the postdrop group.
Without thinking about it too much, since it is reasonably expedient. :-(
My advice: just use a privileged port bound to the loopback interface,
there are many free ports near 25: 24, 26, 27, 28, 29. If you want to
prevent spoofing of the service by unprivileged users, use one of those.
Are you really concerned about local bypass of the filter? If so, SASL
may be more robust than messing around with directory permissions.
--
Viktor.
