Martin Vegter:
> >> May I ask list members an opinion?
> >> Now when chroot works, is it recommended to use it? Does it provide an
> >> extra layer of security?
> >
> > That depends on what else is running in your system. Besides a small
> > unprivileged Postfix network daemon inside a chroot jail, do you
> > have other network daemons running that are large, that have full
> > access to the file system, and that run with high privilege level?
>
> I am running only Postfix and openssh-server
Then, openssh-server is a more likely target. Measures that one can
take are not allowing password logins, and not allowing logins from
the entire Internet. That has probably a bigger security impact
than running smtpd chrooted.
Wietse
