Am Mittwoch, 11. Dezember 2002 12:02 schrieb Ben Reser: > On Wed, Dec 11, 2002 at 10:33:03AM +0100, Martin Fahrendorf wrote: > > To bind to a port less than 1024 you need root privileges. All > > mailports are less than 1024. so initialy you need root privileges. > > OK, you can drop it once you have bind to port 25 and change to a less > > privileged user. but if you want to store the mail in a users mailbox > > you need the privilege to write in this mailbox which, at least on my > > system, only the user can do. So eiter yo create a group which also > > has access to the mailbox files (and therefor can delete or read all > > mailboxes) or you had to change the user while delivering the mail. > > But only root can change user without typing the password. > > Umm this program doesn't listen for any incoming mail. It doesn't > require any privleged ports.
Ah, I misinterpretes something. I thought esmtp was also listening. It is for sending out purpose only, right? [...] > > > Yes, most endusers does not need a full featured mailserver like > > postfix. But you need a secure alternative and I don't know any > > besides not useing a mta. > > I don't see what you think is insecure about esmtp? Buffer overflows in > it would in general would be less of a risk than in postfix. And the > remaining issues, I don't think postfix is any less vulnerable to. You miss my point; I don't know esmtp in any detail. So I can't say whether it is secure or not. -- ------------------------------------------------------------ H E L I X Gesellschaft f�r Software & Engineering mbH ------------------------------------------------------------ Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 ------------------------------------------------------------ http://www.helix-gmbh.net [EMAIL PROTECTED] ------------------------------------------------------------
msg83603/pgp00000.pgp
Description: signature
