[Annoyed] Cyrus-imapd/sasl upgrade and lmtpd behaviour...

Ian G Batten I.G.Batten at ftel.co.uk
Thu Jan 2 05:12:59 EST 2003


On Mon, 30 Dec 2002, Scott Smith wrote:

> group and put cyrus and MTA user in it.  Or, you can run LMTP over TCP (keep
> it on loopback) with SASL.

I must confess that as a general rule I've given up on using AF_UNIX
sockets now that we're all aware that running all daemons as root is A
Bad Idea.  By the time you've wrestled with permissions, setuid bits,
setgid bits and all the rest, using TCP in loopback with some
authentication mechanism is far easier to debug.  Indeed, for a classic
``sealed box'' Cyrus setup, I'm not sure that just restricting lmtpd to
127.0.0.1 and using it unauthenticated is any weaker than having a Unix
domain socket which sendmail can get at.

ian





More information about the Info-cyrus mailing list