[ITP] postfix 2.11.3

Christian Franke Christian.Franke@t-online.de
Fri Nov 21 21:48:00 GMT 2014

Corinna Vinschen wrote:
>> See above (It always switches to $mail_owner and does never use
>> chown()).
>>  From postsuper.c:
>> * All file/directory updates must be done as the mail system owner.
>> This
>>     * is because Postfix daemons manipulate the queue with those same
>> * privileges, so directories must be created with the right ownership.
>>>     In theory postsuper should just use the
>>> account it's running under on Cygwin.
>> In (upstream) theory & practice, it should run with least privileges,
>> which is good :-)
> Well, passwd -R is still some mild variation of security by obscurity, and it might not be allowed in some environments.

Further investigation shows that with a few modifications, postsuper 
could be run without passwd -R - except the rare case that the 
hash_queue_depth was changed for already queued messages.

>    But then again, what company would actually use postfix on Cygwin as their MTA?  Never mind,then.

There already is a related warning in the Cygwin/postfix.README file.


More information about the Cygwin-apps mailing list