farley@Manassas1.TDS-GN.LMCO.COM (Patrick Farley) asked:
>
>Does anyone have smap running with qmail here?
>
I don't think it's necessary. According to the TIS docs for smap,
it was created because "SMTP mail poses a threat to the system,
since mailers run with systems-level permissions..." and it is
intended to "insulate a notoriously buggy program which has been
implicated in many break-ins in the past."
The methods it accomplishes this are:
o Small program, easily verified as secure by reading source code,
o Runs as unprivileged user instead of root,
o Chroots to its spool directory, unable to write to files
anywhere else on the system.
The qmail smtp daemon does the first two, and instead of using
chroot(), it runs qmail-queue, another unprivileged program,
to put the message into the queue.
So running smap with qmail doesn't really gain you anything.
-Greg
--
Greg Andrews West Coast Online
Unix System Administrator 5800 Redwood Drive
gerg@wco.com Rohnert Park CA 94928
(yes, 'greg' backwards) 1-800-WCO-INTERNET
>
>Does anyone have smap running with qmail here?
>
I don't think it's necessary. According to the TIS docs for smap,
it was created because "SMTP mail poses a threat to the system,
since mailers run with systems-level permissions..." and it is
intended to "insulate a notoriously buggy program which has been
implicated in many break-ins in the past."
The methods it accomplishes this are:
o Small program, easily verified as secure by reading source code,
o Runs as unprivileged user instead of root,
o Chroots to its spool directory, unable to write to files
anywhere else on the system.
The qmail smtp daemon does the first two, and instead of using
chroot(), it runs qmail-queue, another unprivileged program,
to put the message into the queue.
So running smap with qmail doesn't really gain you anything.
-Greg
--
Greg Andrews West Coast Online
Unix System Administrator 5800 Redwood Drive
gerg@wco.com Rohnert Park CA 94928
(yes, 'greg' backwards) 1-800-WCO-INTERNET