On Sat, Dec 1, 2012 at 2:52 PM, Wietse Venema <wie...@porcupine.org> wrote:
> wimpunk:
>> If you want to check on malicious links, postfix could verify if the
>> link it points to is a file with the correct features.
>
> The .forward file is a "program" that can execute arbitrary shell
> commands and that can write to arbitrary files, with the privileges
> of the recipient (which may be "root"). All this makes .forward a
> sensitive file.
>
> Common-sense measures to protect a sensitive file are:
>
> - Keeping the file within a directory that is writable only by the
> recipient or by the system adminstrator.
>
> - Using a "hidden" name in the user's home directory, such that the
> file isn't easily destroyed by mistake.
>
> If you want Postfix to look for .forward files in other locations,
> then you can edit the forward_path parameter setting. The default
> is to look under the home directory.
>
> forward_path = $home/.forward${recipient_delimiter}${extension},
> $home/.forward
>
> Here is an example with per-user files under /var/forward:
>
> forward_path = /var/forward/$user
>
> Of course you can mix the two models.
>
> Wietse
Thanks for the feedback but still I don't get the point why it would
make any difference between using a link or a file as .forward. That
link could only be written by the sysadmin or me. The only thing you
have to trust is having users with a little common sense. But you
also need it if you want to use user defined .forward files.
wimpunk.
