Am 20.12.2013 um 08:48 schrieb David Gwynne <da...@gwynne.id.au>:
> On 20 Dec 2013, at 2:56 am, Alexander Hall <alexan...@beard.se> wrote:
>
>> Henning Brauer <lists-openbsdt...@bsws.de> wrote:
>>> * Craig R. Skinner <skin...@britvault.co.uk> [2013-12-19 10:18]:
>>>> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote:
>>>>> skin...@britvault.co.uk (Craig R. Skinner) writes:
>>>>>> On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote:
>>>>>>>>>>> Check the security of /var/mail/dirs similar to
>>> /var/mail/boxes:
>>>>>>>>>
>>>>>>>
>>>>>>> Indeed, but security(8) really reflects things in the base OS,
>>>>>>>
>>>>>>
>>>>>> smtpd.conf(8)
>>>>>> deliver to maildir path
>>>>>> Mail is added to a maildir. Its location, path, may
>>>>>> contain format specifiers that are expanded before use
>>>>>>
>>>>>>
>>>>>> Therefore: ... deliver to maildir /var/mail/%{user.username}
>>>>> "Therefore"? How so? What's the logic, here?
>>>> THEREFORE software in base can deliver to maildir in /var/mail
>>>
>>> THEREFORE software in base can also deliver mail to
>>> /omgohmymail/pr0n/$uid - does that mean we check it in security?
>>>
>>> The question is rather wether Maildirs in /var/mail are a common
>>> enough setup to warrant a check in security.
>>
>> I totally agree with Henning here.
>>
>> That said, I ended up putting my Maildirs in /var/maildir because of this,
>> so I for one wouldn't object.
>
> i also put maildirs in /var/maildir...
Similar discussion, pops up from time to time:
http://marc.info/?l=openbsd-misc&m=133422769629575&w=2
Quoting sthen@ in the old thread:
"/var/mail is intended for user-owned mbox files, I would think
moving your maildirs elsewhere is more sane. I tend to use /mail
for virtual user mailboxes but each to their own :)"
IMHO, some "standard"/best practice directory for maildirs is
missing in hier(7).
FWIIW, I put mine in /var/vmail but I would move mine to anything
else to fulfill standard/best practices.
