Am Mittwoch, 11. Dezember 2002 10:04 schrieb Ben Reser: > Am Dienstag, 10. Dezember 2002 19:22 schrieb Yves Duret: > > not queueing mail means no mail written on a hard disk, wich means you > > can loose mail with a machine crash.. > > This package is no more vulnerable to losing mail because of a machine > crash than postfix is. postfix can lose mail if the machine crashes at > just the right time. While I haven't specifically looked at this > package... I would guess it relays the mail immediately and if there is > a failure returns an error code that the MUA will pick up...
No, postfix can't lose mail (at least in theory). postfix don't confirms the receiving of the mail until it is succesfully written to the spool directory. So you can loose mail if you use write caches in your system (OS ore hardware) but thats not relayable to postfix. > > On Wed, Dec 11, 2002 at 08:59:11AM +0100, Martin Fahrendorf wrote: > > So, where is the avantage of this package? Nevertheless you need a > > mailserver and postfix is capable of SMTP-AUTH, TLS and many more. And > > postfix is known to be stable and secure. > > This just runs with the permissions of the user who injects the mail. > Without all the other stuff that makes it need special permissions. > Thus there is no possibility for this to have privilege escalation > issue, worst case scenario in this case is you manage to crash the > program. You can't say the same of postfix. postfix has access to > things like spool files, user mailboxes, etc... If it has a single > buffer overflow in it, then a user on the box could exploit that to > escalate privileges. To bind to a port less than 1024 you need root privileges. All mailports are less than 1024. so initialy you need root privileges. OK, you can drop it once you have bind to port 25 and change to a less privileged user. but if you want to store the mail in a users mailbox you need the privilege to write in this mailbox which, at least on my system, only the user can do. So eiter yo create a group which also has access to the mailbox files (and therefor can delete or read all mailboxes) or you had to change the user while delivering the mail. But only root can change user without typing the password. Btw, postfix does not run one single program with root privileges. there is only the master daemon. all the rest runs as user postfix and only the local delivery agent runs as the user which should reveive the mail. > > Frankly a program like this would be ideal for situations where you have > a mailhub that receives inbound mail for a server... that server then > uses fetchmail to download the mail and place it into a users spool. > > Then you use something like this program to feed outbound email into the > mailhub to get queued and sent. > > Most end users do not need a full fledged MTA on their desktop boxes > either for that matter. As soon as I get around to looking at this, I > intend to stop using postfix on my desktop machines if it fits the bill > (which it sure seems like it does). I looked into nullmailer a while > back and wasn't really happy with it so I just kept using postfix. Yes, most endusers does not need a full featured mailserver like postfix. But you need a secure alternative and I don't know any besides not useing a mta. Martin -- ------------------------------------------------------------ H E L I X Gesellschaft f�r Software & Engineering mbH ------------------------------------------------------------ Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 ------------------------------------------------------------ http://www.helix-gmbh.net [EMAIL PROTECTED] ------------------------------------------------------------
msg83594/pgp00000.pgp
Description: signature
