On Thu, Jul 11, 2013 at 07:58:35PM -0300, Hugo Osvaldo Barrera wrote: > > > > [...] > > > > I've a small doubt. If you're in a shared environment, how do you keep > rogue users from listening at port 10024 and intercepting all your email > if amavisd somehow crashes? > You wouldn't have that issue with ports < 1024, but that's not the > case. Has anyone taken this into consideration? >
The safest way is to bind below 1024. Can't amavisd do that before dropping privileges ? Otherwise you can probably use pf's user/group feature to filter on this port if the listening daemon doesn't run under _amavisd. Unless you *really* trust your users, you shouldn't create them accounts on the same machine where you run your mail server. Even more if there's the slightest suspicion that they could be hostile ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this email because you are subscribed to mailing list: [email protected] To unsubscribe, send mail with subject: [[email protected]] unregister
