Just an FYI, Wietse has issued a few patches to Postfix since this discussion began. The maildrop directory is no longer world readable, and I believe that mailq no longer returns the file names of queue files. The maildrop is still world writable. The patches are available via: ftp://ftp.porcupine.org/mirrors/postfix-release He also posted a more extended message to the Postfix mailing lists (which he said was sent to Bugtraq, too, though I haven't seen it here) discussing the design decisions he had made, and the reasons for them. "I see two directions for Postfix evolution: 1) maintain the present world-writable maildrop and unprivileged posting agent and 2) use a protected directory and a set-gid posting agent (set-uid seems to have no obvious advantage here). Is it feasible to keep maildrop queue file names secret, and are the other attacks indeed mere annoyances? Is it feasible to write secure set-gid programs that are not only secure today, but that will be secure on tomorrow's UNIX systems as well? Your feedback is appreciated." I think it's important to note that Postfix is still in beta, and is an evolving piece of software. People should keep that in mind when implementing it. I highly encourage people who are either using or considering the use of Postfix to subscribe to the mailing lists and follow the discussion there. Rich
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:25:50 PDT