Hi Ebe,
I think, running as root shouldn't be much of an issue...
In practice you are probably right. It might give you a warm fuzzy feeling to know it is a little better protected though. I would expect there are fewer known exploits for James than say Sendmail simply because of the smaller audience involved.
I don't have any idea of iptables, so I guess the risk of introducing new security holes because of a bad configuration is higher than the risk of running as root. And I donĀ“t like NAT very much.
Operating a server with a live internet connection and no firewall would scare me ;-)
I get the impression your server is not public facing which may not be so bad. Using iptables is scary at first, especially if your server is remotely located. One false setting and it may not talk to you again! However, if you manually test your settings and make a mistake then a remote reboot could get you back in business. Only when you are happy with your settings should you make them the boot defaults.
Let me know if you'd like more help setting up iptables.
Where should I go for information about JSVC? To the Apache Commons page or is the setup more James-specific?
I expect Norman could correct me if I'm wrong but I think you need to download the jar file (phoenix-daemon-loader-0.1.jar) he mentioned (https://issues.apache.org/jira/browse/JAMES-500) and then follow the instructions on (http://commons.apache.org/daemon/jsvc.html). But I honestly wouldn't bother until you have iptables sorted out first.
Regards, David Legg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
