On 2013/12/17 17:07, Craig R. Skinner wrote: > On 2013-12-16 Mon 13:15 PM |, Craig R. Skinner wrote: > > On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote: > > > On 2013/12/16 12:11, Craig R. Skinner wrote: > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > > > > > > Aren't maildirs usually in ~/Maildir? > > > > > > > MTA's can deliver to maildirs in several places. > > > > Postfix example (the trailing slash changes from mbox to maildir format): > > > > $ postconf -h mail_spool_directory > > /var/mail/ > > > > Usually, all user web files are kept in ~/public_html > OpenBSD places them in /var/www/users/$LOGIN > > By keeping all mail in a separately mounted /var/mail partition, > (with simple mutt & dovecot configs) mail only users can have > /var/empty has $HOME, authpf or nologin as $SHELL. > This eliminates SQL or other complicated mail stores for 'virtual' users > > Separate 'black box' servers can be dedicated to mail only duties, > without user shell logins,.... > > /var/mail can be NFS exported as there are no file locking problems with > maildirs - each message is a unique file. New mail can be delivered > without locking the box. > > Also, an annual dump cycle can be set on /home, > with quarterly/monthly level 0 dumps on /var/mail, > different quotas set on the different partitions..... > > Possibilities abound,
Indeed, but security(8) really reflects things in the base OS, perhaps a security.local might be worthwhile for custom setups though...
