From
https://poolp.org/posts/2020-01-30/o...ory-dissected/
Quote:
Since this blew to my face, I had several ideas to tackle this. Some were already discussed and not retained because they had potential for other issues. The current ideas are these:
- switching back mail delivery agents to execle()
- disallowing delivery to root
[snip]
|
It has been a long time since I used Daniel Bernstein's
qmail, but one of the many precautions Bernstein takes to make
qmail safe is not delivering any mail to 'root' or any other user with '0' as userid.
In my 'install.site" script I always use the following patch script snippet to configure non-root mail delivery:
Code:
echo --- patch script for: aliases \( generated: Sun 2011-02-20 18:26 CET\) --- BEGIN
# --- edit the following line if needed
FILE=/etc/mail/aliases
EXT="$(date "+%Y%m%d_%H%M%S")"
patch -b -z ${EXT} -p0 ${FILE} <<END_OF_PATCH
--- ORIG/aliases Sun Feb 20 03:20:19 2011
+++ NEW/aliases Sun Feb 20 17:13:19 2011
@@ -69,9 +69,9 @@
sshd: /dev/null
# Well-known aliases -- these should be filled in!
-# root:
-# manager:
-# dumper:
+root: j65nko
+manager: root
+dumper: root
# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
abuse: root
END_OF_PATCH
echo --- patch script for: aliases --- END
# -----------------