Loading ...
Sorry, an error occurred while loading the content.

289893Re: Dot forward not reading links

Expand Messages
  • wimpunk
    Dec 4, 2012
      On Sat, Dec 1, 2012 at 2:52 PM, Wietse Venema <wietse@...> wrote:
      > wimpunk:
      >> If you want to check on malicious links, postfix could verify if the
      >> link it points to is a file with the correct features.
      > The .forward file is a "program" that can execute arbitrary shell
      > commands and that can write to arbitrary files, with the privileges
      > of the recipient (which may be "root"). All this makes .forward a
      > sensitive file.
      > Common-sense measures to protect a sensitive file are:
      > - Keeping the file within a directory that is writable only by the
      > recipient or by the system adminstrator.
      > - Using a "hidden" name in the user's home directory, such that the
      > file isn't easily destroyed by mistake.
      > If you want Postfix to look for .forward files in other locations,
      > then you can edit the forward_path parameter setting. The default
      > is to look under the home directory.
      > forward_path = $home/.forward${recipient_delimiter}${extension},
      > $home/.forward
      > Here is an example with per-user files under /var/forward:
      > forward_path = /var/forward/$user
      > Of course you can mix the two models.
      > Wietse

      Thanks for the feedback but still I don't get the point why it would
      make any difference between using a link or a file as .forward. That
      link could only be written by the sysadmin or me. The only thing you
      have to trust is having users with a little common sense. But you
      also need it if you want to use user defined .forward files.

    • Show all 10 messages in this topic