On Tue, 29 Aug 2000, Brian K. West wrote:
> I run my whole mail system as user exim.. even the
> popper runs as exim.. never even touches root privileges, since the whole
> mail system is virtual(ie. User do not have a real login at all).
It is worth pointing out explicitly that it is indeed possible to do
this with Exim. If all the local deliveries can be run as exim (or you
don't do any local deliveries), and you don't need to change uid to read
.forward files (or you don't have any .forward files), and you can live
without the ability to HUP the daemon (or you don't use a daemon) then
the Exim binary can be setuid exim rather than setuid root and you can
run with security=unprivileged. This is the most locked-down way to run
Exim, especially if you do it on a box with no user accounts.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.