Subject: Re: daily (& security) mail not delivered
To: NetBSD-current Discussion List <current-users@netbsd.org>
From: Andrew Brown <atatat@atatdot.net>
List: current-users
Date: 06/29/2003 23:33:07
>> right.  as has been established.  you need to fix your dns so that the
>> name of 127.0.0.1 isn't localhost.citi.umich.edu.
>
>Wouldn't it be one hell of a lot better to fix sendmail so that it
>doesn't need to look in the DNS (or /etc/hosts) to notice that the name
>"localhost" means "The Local Host" and so that it doesn't need to
>communicate with itself via the loopback interface?  The way you've
>described it as working now is completely insane (and is not necessary
>to allow sendmail to continue to run as an un-privileged program -- only
>the final local delivery to /var/mail/root need be done by a privileged
>program and that will be done by /usr/libexec/mail.local, which is so
>privileged)

i can't see how yet another instance of special casing for the name
"localhost" would be beneficial to anyone.

>It would be even smarter to also store mail in /var/mail by group-write
>privileges alone with only the initial creation of mailbox spool file
>requiring any privilege and that can be done just once at account
>creation time -- this way even mail.local would not have to be
>super-user, but rather just set-group-id to "mail" (a group-ID unique to
>mail.local, of course).

been there, tried that.  there's a whole host of "other" problems with
that, not the least of which is that in order for the user to read
their mail while mail.local can write to it, the user really needs to
"own" that file, which means that they can easily block themselves
from getting new mail.

imho, it's not worth the effort.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."