On Friday 25 July 2008 19:32, Russell Coker wrote:
> Package: postfix-policyd-spf-perl
> Version: 2.005-2
> Severity: normal
>
> Having a daemon or server process run as "nobody" is a bad idea because if
> more than one daemon or server does it then one compromised daemon could
> attack others.
>
> Please make the postinst create an account named "postfix-policy" or
> similar.

Makes sense.  I'll do this.

> Also it would be good if the package included a script to enable and
> disable this.  Something like /usr/sbin/config-postfix-policyd-spf-perl
> which has options "enable" and "disable" to change the postfix
> configuration files.

Since administrators will configure their Postfix restrictions differently and 
this needs to be integrated into their smtpd restrictions (usually recipient 
restrictions) I don't think this is safely scriptable.  Patches welcome if 
you have a safe approach, but I don't see one.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to