On Wed, Oct 24, 2012 at 12:28:48PM -0400, Bill Shirley wrote:
> I don't understand why you strongly recommend against using the
> mailbox_command.  Is there a security risk here?

One issue is that mailbox_command is only used for local(8) delivery. 
You brought that up for the OP, who is reporting a problem in trying 
to use pipe(8). mailbox_command is not relevant for pipe. That added 
more confusion to the issue at hand.

I can't speak for Robert, but as I said in the other post I agree 
with him, so I will say why. You will get better overall performance 
with amavisd-new and LMTP, rather than invoking a command via pipe 
for every delivery.

No, mailbox_command in itself is not a security risk, except insofar 
as you could DoS yourself with more deliveries at once than the 
system is able to handle. Some risk of DoS is present for any kind of 
content filtering, though. But amavisd-new after-queue reduces that 

> I've read all the howtos.

Eww. I have not. I have made extensive referral to the documentation, 
however, and that is what I recommend. Many thousands of people who 
are generating web content do not know much about email. You don't 
want to turn to them for advice about this!

(FWIW, many of the howtos I have looked at are very bad.)

> There are many ways to setup a mail server. That's the beauty of 
> postfix, spamassassin, dovecot, etc; you can make it do what you 
> want.  Yes, some setups are bad.

Yes and yes.

> I am not the original poster.
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Reply via email to