Loading ...
Sorry, an error occurred while loading the content.

Re: Dot forward not reading links

Expand Messages
  • wimpunk
    ... Thanks for the feedback but still I don t get the point why it would make any difference between using a link or a file as .forward. That link could only
    Message 1 of 10 , Dec 4, 2012
    • 0 Attachment
      On Sat, Dec 1, 2012 at 2:52 PM, Wietse Venema <wietse@...> wrote:
      > wimpunk:
      >> If you want to check on malicious links, postfix could verify if the
      >> link it points to is a file with the correct features.
      >
      > The .forward file is a "program" that can execute arbitrary shell
      > commands and that can write to arbitrary files, with the privileges
      > of the recipient (which may be "root"). All this makes .forward a
      > sensitive file.
      >
      > Common-sense measures to protect a sensitive file are:
      >
      > - Keeping the file within a directory that is writable only by the
      > recipient or by the system adminstrator.
      >
      > - Using a "hidden" name in the user's home directory, such that the
      > file isn't easily destroyed by mistake.
      >
      > If you want Postfix to look for .forward files in other locations,
      > then you can edit the forward_path parameter setting. The default
      > is to look under the home directory.
      >
      > forward_path = $home/.forward${recipient_delimiter}${extension},
      > $home/.forward
      >
      > Here is an example with per-user files under /var/forward:
      >
      > forward_path = /var/forward/$user
      >
      > Of course you can mix the two models.
      >
      > Wietse

      Thanks for the feedback but still I don't get the point why it would
      make any difference between using a link or a file as .forward. That
      link could only be written by the sysadmin or me. The only thing you
      have to trust is having users with a little common sense. But you
      also need it if you want to use user defined .forward files.


      wimpunk.
    • wimpunk
      ... Sorry for the late reply but it sounds like a good plan. :-) Tnx! wimpunk.
      Message 2 of 10 , Dec 4, 2012
      • 0 Attachment
        On Sat, Dec 1, 2012 at 5:49 PM, /dev/rob0 <rob0@...> wrote:
        > On Sat, Dec 01, 2012 at 09:51:05AM +0100, wimpunk wrote:
        >> The reason I searched for this is because I just wanted to make my
        >> own management easier. I had a .forward+a file which filtered the
        >> mail to a specific folder in my mailbox. Because I wanted the mail
        >> send to ${user}+b and ${user}+c handled the same way, I created a
        >> link named .forward+b and .forward+c which pointed to .forward+a
        >> but as we know, it didn't worked.
        >
        > Hard links work fine.

        Sorry for the late reply but it sounds like a good plan. :-) Tnx!

        wimpunk.
      • Wietse Venema
        ... HARDlinks are OK, SYMlinks are not. I can t let your PC mentality dictate Postfix s security policies. Wietse
        Message 3 of 10 , Dec 4, 2012
        • 0 Attachment
          wimpunk:
          > Thanks for the feedback but still I don't get the point why it would
          > make any difference between using a link or a file as .forward. That
          > link could only be written by the sysadmin or me. The only thing you
          > have to trust is having users with a little common sense. But you

          HARDlinks are OK, SYMlinks are not. I can't let your PC mentality
          dictate Postfix's security policies.

          Wietse
        Your message has been successfully submitted and would be delivered to recipients shortly.