Mailspool location (was: Debian mutt-ng_0.0+20050831-1_i390.deb)

Hi,

* Elimar Riesebieter [05-09-11 18:11:18 +0200] wrote:
> On Sun, 11 Sep 2005 the mental interface of
> Rocco Rutte told:

[ /var/mail safe ]
> > In such cases it's the admins fault. Mailspools outside of $HOME
> > have to be created with 0775 and root:mail and even better with
> > the sticky bit set. I even saw 1777 for the dir and 0660
> > ($user:mail) for the spools...

> This seems to be nfs exported var/spools?

Of course.

> Hey, come on, spooldirs are
> always local and in networks the admins have to sort them in $MAIL or
> provide them via imap.

Having spools local is just as evil because you have two options: either 
people get direct logins on the incomming mail server or one sets up 
IMAP on the incomming server, too. IMHO this is bad because the only 
thing the _incomming_ mail server has to do is to accept incomming mail 
and just run rock-stable software only. Interactive jobs have IMHO 
nothing to do on such a critical machine (I'm speaking of possibly 
hundreds of _untrusted_ users; when you can choose who gets a login the 
situation is different). Software like an IMAP daemon may cause lots of 
workload (for hundreds of users) and may have security issues in which 
case one may open up the incomming mail server remotely.

On the other hand, NFS is just as bad as it doesn't provide any real 
security.

From my experience, I've seen more networks using the NFS method and 
disabling logins and all additional software on critical machines.

  bye, Rocco
--
:wq!