Milter-greylist

Arjun Datta wrote:
 > Also, just curious, but why should the milter run as smmsp - wouldn't it 
 > have more permissions if it ran as root ?

As a general rule, every program should run only with the
permissions that are absolutely required to do its job.
That way you restrict the damage if a security incident
happens.  If you don't care about security at all, you
could run everything as root, and having multiple users,
groups, file permissions etc. would be completely point-
less.

That rule applies to every program, not just milter-grey-
list.  Of course you should make sure that the program has
sufficient privilege to do what it has to do.  For example,
milter-greylist requires write access to the directory con-
taining the socket used for communication with sendmail.
It also needs to be able to write the greylist database.
The easiest way to accomplish that is to make smmsp the
owner of the directory (and mode 700).

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Gesch\ufffdftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht M\ufffdn-
chen, HRB 125758,  Gesch\ufffdftsf\ufffdhrer: Maik Bachmann, Olaf Erb, Ralf Gebhart
Any opinions expressed in this message are personal to the author and may
not necessarily reflect the opinions of secnetix GmbH & Co KG in any way.
FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"File names are infinite in length, where infinity is set to 255 characters."
        -- Peter Collinson, "The Unix File System"