Roland Schneider writes:
> --On Freitag, 25. Mai 2001 22:14 +0800 Jericho Hell <[EMAIL PROTECTED]>
> wrote:
>
>> Hey
>> I am unsure if this has been posted... but could anyone tell
>> me what is
>> necessary to be done to run sqwebmail 2 in a chrooted
>> environment.
>
> If your sqwbmail is setuid root (the default) you could
> insert a chroot() right bevore it drops the privilegies
> and then fix a few paths in the source.
That's not going to work. At some point you probably will want to send a
message, or two, and unless sendmail/qmail-inject is in your chroot jail,
somewhere, this is going to be a rather pointless excersize.
>
> On FreeBSD simply build a jail for the mail-system, then
> log into the jail and compile the courier-package (and a
> webserver, the small thttpd should be fine...) from there.
You know, by the time you're done, you'll probably end up with >90% of the
standard OS in the chroot jail, and you would've reached a point of
diminishing returns a long time ago.
The best solution, IMO, is to simply set up a dedicated mail box that is not
trusted, in any way, by any other machine in your network. Plug that
machine into another box, which is dual-homed, and set up a tight firewall
on the gateway box that allows a severely limited set of IP traffic to pass
through to the mail box: HTTP in, from an unprivileged port, and SMTP out.
That's it. Perhaps SSH in as well, if you want to administer the mail box
remotely.
This is going to far easier, and faster, to set up, with standard tools, is
going to be a much more stable environment, and much easier to work with.
--
Sam
