Nels Lindquist said: > Hey, there's absolutely nothing wrong with "defense in depth". :-)
If its a mail relay you can also lockdown sendmail to only allow writes to a subdirectory. So a sendmail exploit won't get you anywhere, I think. dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot() dnl # into this directory before writing files. dnl # If *all* your user accounts are under /home then use that dnl # instead - it will prevent any writes outside of /home ! define(`confSAFE_FILE_ENV',`/var')dnl -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
