Am 12/19/13 10:55, schrieb Henning Brauer: > * Craig R. Skinner <[email protected]> [2013-12-19 10:18]: >> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: >>> [email protected] (Craig R. Skinner) writes: >>>> On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: >>>>>>>>> Check the security of /var/mail/dirs similar to /var/mail/boxes: >>>>>>> >>>>> >>>>> Indeed, but security(8) really reflects things in the base OS, >>>>> >>>> >>>> smtpd.conf(8) >>>> deliver to maildir path >>>> Mail is added to a maildir. Its location, path, may >>>> contain format specifiers that are expanded before use >>>> >>>> >>>> Therefore: ... deliver to maildir /var/mail/%{user.username} >>> "Therefore"? How so? What's the logic, here? >> THEREFORE software in base can deliver to maildir in /var/mail > > THEREFORE software in base can also deliver mail to > /omgohmymail/pr0n/$uid - does that mean we check it in security? > > The question is rather wether Maildirs in /var/mail are a common > enough setup to warrant a check in security.
By default it's supposed to be in $HOME/Maildir: smtpd.conf(5) deliver to maildir path [snip what's quoted above] If path is not provided, then ~/Maildir is assumed. Bye, Marcus
