Charles Marcus wrote:
On 10/7/2008 3:09 PM, mouss wrote:
Note that both smtp.example.com and example.com are FQDN.
Right, but the latter can never be a _host_ name...
of course it can:
# hostname example.com
# hostname
example.com
Is there any place that discusses the pros/cons of per mailbox vs static
udi/gid?
Not that I know of, except in unix books ;-p
I'm usng static now, but not sure if there is any advantage one
way or another. I'm mostly concerned with security and simplicity (I'm
lazy and don't like cleaning up messes or managing complicated
configurations)...
I use a single uid:gid. This makes it easy to have scripts that play
with mail (retrain the filter, ...) without having to run as different
users or as a privileged user (or having to play with group
permissions...). This also makes it easy to deliver with an unprivileged
LDA.
Other people prefer per uid:gid so that if the imap/pop thread/process
that is reading someone's mailbox can't be tricked to read other people
mail.
In short, from a security perspective, there are arguments for either
side. a bug in a privileged LDA may lead to a system compromise. a bug
in the imap server exposes people mail. but an LDA is far easier to code
than an imap server.
chose your camp!
