How to Configure Qmail on Fedora Core 1 Server

Craig White craigwhite at azapple.com
Tue Jul 27 18:54:35 UTC 2004


On Tue, 2004-07-27 at 11:15, Fritz Whittington wrote:
> >
> *Mail read with Mozilla on a Windows machine from a POP3 server doesn't 
> have root's privileges either!*
> (And yes, you can do anything in vi that you might want to do in emacs, 
> so let's just ship *one* editor with the system and force everyone to do 
> it *that* way, just because!  OK with you?  I thought not.)  Of course, 
> I guess I could set up the foo alias and then read foo's mail with 
> Mozilla on a Windows machine from a POP3 server.  Can you prove that to 
> be even a tiny bit more secure?
---
that isn't the point though. If root can retrieve email from his account
- be it local or remote is the issue. You are differentiating a system
that doesn't differentiate. Restricting root's access locally would
require something like hosts.allow/deny or iptables, both of which is
beyond the safeguards of dovecot or whichever pop/imap daemon you
employ.

Proving that accessing mail from account foo or account root via POP3
remotely is inherently more secure is not relevant.

the topic of both vi and emacs doesn't correlate.
---
> 
> >Thus your argument about working
> >'with' or 'on' really doesn't hold water.
> >  
> >
> That refers to something of an additional topic:  qmail versus 
> sendmail/postfix/dovecot and the ease of installing without having to 
> read (first finding) bunches of docs and becoming something of a guru on 
> the subject.
> 
> Also, be aware that (IMHO) once any security issues are removed, this 
> becomes a "religious" (that is, personal preference) issue just like the 
> choice of a text editor. 
---
I do not seek to engage in a debate of one editor over another, or one
MTA versus another. I fail to see how this impacts the topic anyway.

Security issues being removed is between the user, his distro and
configuration. The distro makes assumptions of best use. The user can
override some of these decisions via configuration and the rest by
recompiling (they do provide the source code if you wish). This seems to
be a very logical system and when I want to work 'with' a system rather
than 'on' a system (your terms), I generally defer to the greater minds
than mine because I credit them for having foresight to consider the
security implications.

Craig





More information about the fedora-list mailing list