[OpenAFS] Mail delivery into OpenAFS
Nathan Ward
nward@esphion.com
Mon, 07 Jul 2003 10:21:42 +1200
On Sun, 06 Jul 2003 15:01:04 -0700, Buhrmaster, Gary
<gtb@SLAC.Stanford.EDU> wrote:
> One thing to consider is whether you are going
> to allow execution of programs on your mail
> delivery host (such as procmail, etc). If
> so, one has to consider that local root exploits
> are a common issue, and do you want that host
> to have the keys available with the ability to forge any token? Only you
> can decide
> if such a risk is acceptable for your organization.
The key file holds a key for the qmail/delivery principal.
The credentials are specific the to the qmail delivery.
The ACLs that apply to this user are:
fs sa ~ qmail.delivery l
fs sa ~/Maildir qmail.delivery l
fs sa ~/Maildir/tmp qmail.delivery idk
fs sa ~/Maildir/new qmail.delivery ik
I think this is sufficient.. ?