Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
On Mon, Aug 29, 2005 at 08:42:38PM +0200, Jarry wrote If you have a problem with users having access to certain email, then don't let them access that email at all. That is the only way. > Neil Bothwick wrote: > > Q: How can I prohibit users from changing mail-path in their > $HOME/.procmailrc back to $HOME/.maildir? That way they could > circumvent my /var userqouta settings (100MB) and use /home > settings (5GB)... I believe that procmail is paranoid about any .procmailrc not having "correct" ownership and permissions. So if you chown it to root, procmail may ignore it when processing email for the user. You might want to look at setting up .procmailrc "properly" in the user's name, and then "chattr +i" on it. That should lock it down. Having said that... what's to prevent a user from saving copies of his email to a directory in his own account? I repeat what I said at the start of this message... if you have a problem with users having access to certain email, then don't let them access that email at all. That is the only way. -- Walter Dnes <[EMAIL PROTECTED]> My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
On Mon, Aug 29, 2005 at 08:42:38PM +0200, Jarry wrote: > And last question: I have access to one Debian box (which uses mbox > format). After logging there I get either message "No mail", or > "You have new mail". But I do not get any similar message on my > Gentoo box. Why? Can I somehow activate it? > I am not sure, but I've heard it is possible. Try setting the MAIL variable in BASH. W -- A man's home is his castle, in a manor of speaking. Sortir en Pantoufles: up 18 days, 19:26 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
On Mon August 29 2005 04:19 pm, A. Khattri wrote: > > And last question: I have access to one Debian box (which uses mbox > > format). After logging there I get either message "No mail", or > > "You have new mail". But I do not get any similar message on my > > Gentoo box. Why? Can I somehow activate it? > > Not with maildirs you dont. I'm not so sure this is true. I've been using Maildirs for 8 years and I get these messages on my Fedora Core machines, but I haven't bothered seeing why I don't on Gentoo. -- Ron -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
A. Khattri wrote: Strange. It seems to me to be a sort of security problem, if someone can so easily circumvent userquota settings... Not if you have quotas on /home Yes I do have quotas both on /home and /var. But if user can redirect its mails from /var (where userquota is 100MB, mail is supposed to be there) to /home (where userquota is 5GB and where user files are supposed to be, but not mails), then it really is a security problem for me... Jarry -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
On Tue, 30 Aug 2005, Jarry wrote: > Strange. It seems to me to be a sort of security problem, > if someone can so easily circumvent userquota settings... Not if you have quotas on /home -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
Q: How can I prohibit users from changing mail-path in their $HOME/.procmailrc back to $HOME/.maildir? Dont know if you can stop that. Strange. It seems to me to be a sort of security problem, if someone can so easily circumvent userquota settings... After logging there I get either message "No mail", or "You have new mail". But I do not get any similar message on my Gentoo box. Why? Can I somehow activate it? Not with maildirs you dont. It seems to me maildir does not have only advantages :-( Jarry -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
Le 29 août à 20:42:38 Jarry <[EMAIL PROTECTED]> écrit notamment: | OK, I tried. My /etc/procmailrc is: | DEFAULT=/var/spool/mail/$LOGNAME/ # that is the same > | Mail is still in "maildir" format but at least in /var/spool/mail. DEFAULT=/var/spool/mail/$LOGNAME (no slash at the end) should give you mbox format if you really like it (you might be the only one around here :-)) cheers, -- Jean Magnan de Bornier |Cours Victor Hugo e-mots: jean at bornier.net|13980 Alleins France T 08 70 39 34 03 |P 06 09 17 35 87 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
On Mon, 29 Aug 2005 20:42:38 +0200, Jarry wrote: > > MAILDIR=/var/spool/mail > > DEFAULT=$MAILDIR/$LOGNAME/ > > at the top of /etc/procmailrc > > OK, I tried. My /etc/procmailrc is: > DEFAULT=/var/spool/mail/$LOGNAME/ # that is the same > > Mail is still in "maildir" format but at least in /var/spool/mail. Rhat's correct, as others have said, maildir has many benefits. If you want delivery to a single file, remove the trailing slash. > Q: How can I prohibit users from changing mail-path in their > $HOME/.procmailrc back to $HOME/.maildir? That way they could > circumvent my /var userqouta settings (100MB) and use /home > settings (5GB)... Set the ownership of all .maildir directories to root:root and chmod 700? It wouldn't stop them changing it, but they'd soon change it back :) -- Neil Bothwick Joystick: (n.) a device essential for performing business tasks and training exercises esp. favored by pilots, tank commanders, riverboat gamblers, and medieval warlords. pgp2bI3dgLVdp.pgp Description: PGP signature
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
On Mon, 29 Aug 2005, Jarry wrote: > Q: How can I prohibit users from changing mail-path in their > $HOME/.procmailrc back to $HOME/.maildir? That way they could > circumvent my /var userqouta settings (100MB) and use /home > settings (5GB)... Dont know if you can stop that. > One more problem: I can not force "elm" to read it. If I start elm > with option "-f /var/spool/mail/$LOGNAME", it complains that it is > directory. When I try "elm -f /var/spool/mail/$LOGNAME/new", the same. > It seems to me, that elm simply can not read "maildir" format at all. > I tried another command-line mailer, "mail": the same problem... > Which command-line mail-reader supports maildir format? Hey, welcome to the 21st century (noone use elm and mail anymore ;-) You probably need to setup an IMAP server and then configure Pine and/or mutt to use IMAP (mutt actually supports maildir but some people might want to use Pine instead). I would remove elm entirely. > And last question: I have access to one Debian box (which uses mbox > format). After logging there I get either message "No mail", or > "You have new mail". But I do not get any similar message on my > Gentoo box. Why? Can I somehow activate it? Not with maildirs you dont. -- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] mail in $HOME/.maildir, why ??? (cont.)
Neil Bothwick wrote: MAILDIR=/var/spool/mail DEFAULT=$MAILDIR/$LOGNAME/ at the top of /etc/procmailrc OK, I tried. My /etc/procmailrc is: DEFAULT=/var/spool/mail/$LOGNAME/ # that is the same Mail is still in "maildir" format but at least in /var/spool/mail. Q: How can I prohibit users from changing mail-path in their $HOME/.procmailrc back to $HOME/.maildir? That way they could circumvent my /var userqouta settings (100MB) and use /home settings (5GB)... One more problem: I can not force "elm" to read it. If I start elm with option "-f /var/spool/mail/$LOGNAME", it complains that it is directory. When I try "elm -f /var/spool/mail/$LOGNAME/new", the same. It seems to me, that elm simply can not read "maildir" format at all. I tried another command-line mailer, "mail": the same problem... Which command-line mail-reader supports maildir format? And last question: I have access to one Debian box (which uses mbox format). After logging there I get either message "No mail", or "You have new mail". But I do not get any similar message on my Gentoo box. Why? Can I somehow activate it? Jarry -- gentoo-user@gentoo.org mailing list