Am 20.12.2013 um 08:48 schrieb David Gwynne <da...@gwynne.id.au>: > On 20 Dec 2013, at 2:56 am, Alexander Hall <alexan...@beard.se> wrote: > >> Henning Brauer <lists-openbsdt...@bsws.de> wrote: >>> * Craig R. Skinner <skin...@britvault.co.uk> [2013-12-19 10:18]: >>>> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: >>>>> skin...@britvault.co.uk (Craig R. Skinner) writes: >>>>>> On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: >>>>>>>>>>> Check the security of /var/mail/dirs similar to >>> /var/mail/boxes: >>>>>>>>> >>>>>>> >>>>>>> Indeed, but security(8) really reflects things in the base OS, >>>>>>> >>>>>> >>>>>> smtpd.conf(8) >>>>>> deliver to maildir path >>>>>> Mail is added to a maildir. Its location, path, may >>>>>> contain format specifiers that are expanded before use >>>>>> >>>>>> >>>>>> Therefore: ... deliver to maildir /var/mail/%{user.username} >>>>> "Therefore"? How so? What's the logic, here? >>>> THEREFORE software in base can deliver to maildir in /var/mail >>> >>> THEREFORE software in base can also deliver mail to >>> /omgohmymail/pr0n/$uid - does that mean we check it in security? >>> >>> The question is rather wether Maildirs in /var/mail are a common >>> enough setup to warrant a check in security. >> >> I totally agree with Henning here. >> >> That said, I ended up putting my Maildirs in /var/maildir because of this, >> so I for one wouldn't object. > > i also put maildirs in /var/maildir...
Similar discussion, pops up from time to time: http://marc.info/?l=openbsd-misc&m=133422769629575&w=2 Quoting sthen@ in the old thread: "/var/mail is intended for user-owned mbox files, I would think moving your maildirs elsewhere is more sane. I tend to use /mail for virtual user mailboxes but each to their own :)" IMHO, some "standard"/best practice directory for maildirs is missing in hier(7). FWIIW, I put mine in /var/vmail but I would move mine to anything else to fulfill standard/best practices.