Subject: OK, so how do we slam shut this sendmail problem once and for all?
To: None <current-users@NetBSD.ORG>
From: John Kohl <>
List: current-users
Date: 08/30/1995 21:44:01
I'm getting tired of new-and-different sendmail holes arriving every so

How difficult would it be to make sendmail run as an unprivileged user?
Give it rights to deliver mail locally (through a privileged delivery
agent which can be many fewer lines of code and easier to audit), throw
it in a chroot-ed environment, and don't let it out of its cage.

That should reduce the potential exposure to just destroying/stealing
local mailboxes.  Can folks live without .forward files piping mail to
an agent and/or other random-execution paths?