On 02/19/2016 08:05 PM, Sebastian Nielsen wrote: > > Yeah, I agree that actually, only 644 is required on that config > file. But why get so angry when someone 666's a file to just get > things working? Its not like a list of banned spam domains is > something super-sensitive. >
Maybe this makes a good case in point. Your "list of banned spam domains" is actually whatever an attacker would like to feed into check_sender_access. For example, your domain name was registered with Gandi. Anyone who can execute *anything* on your server can now redirect all Gandi emails to himself, reset the password on your account, and take over every domain you own.
