[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sendmail chrooted




On Fri, 21 Aug 1998, Roman Shterenzon wrote:

> Hi!
> 
> Did anyone ever tried running sendmail chrooted?
> I believe that it's possible.
> If you did, what are the pros and cons of this method?

pros: it's a bit more secure, if someone breaks in, they can't get to
everything

cons: as with any chrooted install you need static binaries or copies of
the needed libraries, and copies of the passwd file sans passwords to do
local deliveries (or at least to read people's .forward files), which will
be out of the chroot, so you have to stick it in a queue that will later
be picked up somehow by a non-chrooted procmail or something.

you'll hate me for saying that, Roman, but this solution is too complex
for a mail server, I may use it for a mail GATEWAY on a firewall, but then
again, there's SMAP, or better yet: Qmail :-)