On Nov 28, mark@??? (Mark Murray) wrote:
> Better to minimise the number
> of apps that can deliver mail to /var/mail, and ensure they use a
> co-operating locking scheme.
Better still to deliver the mail to the user's home directory and avoid
_all_ the problems of a common mail spool. Ever done an ls -l on
/var/spool/mail with 10000 user mailboxes in it? How many coffees did you
brew while you waited for it to complete.
And yes, I would also recommend something like procmail as the delivery
agent, but I also think the vulnerability of a writable spool is vastly
overrated compared to other security risks in common use with no fix,
like all the popper daemons people are using the provide no logging of
failed password attempts, or exponential backoff strategie, to name one
glaring one off the top of my head.
--
Artificial Intelligence stands no chance against Natural Stupidity.
GAT d- -p+(--) c++++ l++ u++ t- m--- W--- !v
b+++ e* s-/+ n-(?) h++ f+g+ w+++ y*