Hey folks, thanks to a hint on IRC, I started experimenting with postscreen(8) to fend off some hefty zombie attacks.
I can't help but notice that http://www.postfix.org/POSTSCREEN_README.html#config suggests to disable the chroot on all new services, and notably smtpd. Also, all socket paths (e.g. milter) have to be updated. Is this necessary? postscreen seems to work fine with all these services chrooted… I know chroots are not a reliably security enhancement, but I don't need to turn them off either if they're working. What's the rationale here? I don't assume this was done by accident… Thanks, -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ due to lack of interest tomorrow has been cancelled. spamtraps: madduck.bo...@madduck.net
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
