Re: MTA Suggestion

To: debian-user@lists.debian.org
Subject: Re: MTA Suggestion
From: "D. J. Bernstein" <djb@cr.yp.to>
Date: 12 Nov 1997 02:22:05 -0000
Message-id: <19971112022205.23059.qmail@cr.yp.to>

For anyone planning to write new code using /var/spool/mail or /tmp:
http://www.netspace.org/lsv-archive/bugtraq.html contains many examples
of insecure code produced by programmers who thought, incorrectly, that
they understood how to use world-writable directories.

> it is not at all difficult to set the permissions on /var/spool/mail
> correctly, and it is trivial to make adduser (or whatever other user
> creation procedure you use) run "touch /var/spool/mail/USER ; chown
> USER.mail /var/spool/mail/user"

Sorry, but the real world doesn't work that way. Most MUAs---including,
for example, every MUA that does dot-locking---need mailboxes in a
writable directory. That means either

   * a world-writable directory, which has historically been a disaster,
     and which continues to cause security problems in new MUAs; or

   * a group-mail-writable directory, with MUAs all setgid mail, which
     has historically been a disaster, and which continues to cause
     security problems in new MUAs; or

   * a user-owned directory, which is trivial to handle safely.

Notably absent from your commentary has been any explanation of the
_disadvantages_ of putting mail in a user-owned directory. Yes, of
course there are transition costs, which is why people can continue to
use /var/spool/mail with qmail until they're comfortable switching. 

> your NFS-based arguments against /var/spool/mail

Once again: My discussion of /var/spool/mail has nothing to do with NFS.

> > (Big ISPs have another problem with /var/spool/mail: on most systems,
> > reading a large directory takes a long time.)
> which is an argument against maildir, is it not?

No. The scaling problems with /var/spool/mail are both quantitatively
and qualitatively much more severe. (Note that maildir is designed only
for reliable handling of incoming messages, not for long-term storage.)

> maildir may have some advantages in an NFS environment,

As I already explained, maildir has advantages in any environment.

> what's the point of having your mail in this great new format if you
> cant find a mail reader which can use it?

It is an _option_. Right now it's supported by qmail-pop3d and mutt and
a patched version of pine; as more readers support it, more users will
be able to switch to it. That's called ``progress,'' not ``problem.''

> > Change ./Mailbox to '|preline procmail' in the qmail-start invocation.
> why isn't this in the FAQ?

It's discussed in the INSTALL files for 1.02.

See, some users _ask questions_ and _suggest improvements_ rather than
spewing misinformation all over the net.

> what about relaying TO particular host/domain names?

Add the domain names to rcpthosts.

---Dan
Put an end to fake mailing list subscriptions. http://pobox.com/~djb/ezmlm.html


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: MTA Suggestion
  - From: Behan Webster <behanw@verisim.com>

Prev by Date: Re: 1997 World Series
Next by Date: Re: Update: mounting MS-DOS fs onto Linux
Previous by thread: Re: MTA Suggestion
Next by thread: Re: MTA Suggestion
Index(es):
- Date
- Thread