chrooted vs non-chrooted postfix: what are realistic security risks?
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
By default, Ubuntu 16 runs postfix chrooted. I know that it is "for security". However, I can not find any documentation for 2 logical questions:
If we change default saslauthd file location, what (specifically) other official Ubuntu packages may be affected? Does saslauthd exist just for postifx, or it has other clients in official Ubuntu repository, and if there are such clients, will they conflict with chrooted postfix?
What are realistic security risks (known attacks ideas) against non-chrooted postifx? By its nature, postfix just listens port 25 and may be 2 other ports, receives and sends emails, but it doesn't interpret any third-party executable code like PHP or Python do, so why will it need chroot at all? In what specific scenarios postfix will interpret executable code or give attacker read or write access to directories not listed in its configuration files?
server security email postfix chroot
asked Apr 12 at 8:47
Vitaliy
1065
add a comment |Â
up vote
0
down vote
favorite
By default, Ubuntu 16 runs postfix chrooted. I know that it is "for security". However, I can not find any documentation for 2 logical questions:
If we change default saslauthd file location, what (specifically) other official Ubuntu packages may be affected? Does saslauthd exist just for postifx, or it has other clients in official Ubuntu repository, and if there are such clients, will they conflict with chrooted postfix?
What are realistic security risks (known attacks ideas) against non-chrooted postifx? By its nature, postfix just listens port 25 and may be 2 other ports, receives and sends emails, but it doesn't interpret any third-party executable code like PHP or Python do, so why will it need chroot at all? In what specific scenarios postfix will interpret executable code or give attacker read or write access to directories not listed in its configuration files?
server security email postfix chroot
asked Apr 12 at 8:47
Vitaliy
1065
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
By default, Ubuntu 16 runs postfix chrooted. I know that it is "for security". However, I can not find any documentation for 2 logical questions:
If we change default saslauthd file location, what (specifically) other official Ubuntu packages may be affected? Does saslauthd exist just for postifx, or it has other clients in official Ubuntu repository, and if there are such clients, will they conflict with chrooted postfix?
What are realistic security risks (known attacks ideas) against non-chrooted postifx? By its nature, postfix just listens port 25 and may be 2 other ports, receives and sends emails, but it doesn't interpret any third-party executable code like PHP or Python do, so why will it need chroot at all? In what specific scenarios postfix will interpret executable code or give attacker read or write access to directories not listed in its configuration files?
server security email postfix chroot
asked Apr 12 at 8:47
Vitaliy
1065
By default, Ubuntu 16 runs postfix chrooted. I know that it is "for security". However, I can not find any documentation for 2 logical questions:
If we change default saslauthd file location, what (specifically) other official Ubuntu packages may be affected? Does saslauthd exist just for postifx, or it has other clients in official Ubuntu repository, and if there are such clients, will they conflict with chrooted postfix?
What are realistic security risks (known attacks ideas) against non-chrooted postifx? By its nature, postfix just listens port 25 and may be 2 other ports, receives and sends emails, but it doesn't interpret any third-party executable code like PHP or Python do, so why will it need chroot at all? In what specific scenarios postfix will interpret executable code or give attacker read or write access to directories not listed in its configuration files?
server security email postfix chroot
server security email postfix chroot
asked Apr 12 at 8:47
Vitaliy
1065
asked Apr 12 at 8:47
Vitaliy
1065
asked Apr 12 at 8:47
Vitaliy
1065
asked Apr 12 at 8:47
Vitaliy
1065
asked Apr 12 at 8:47
Vitaliy
1065
1065
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1024298%2fchrooted-vs-non-chrooted-postfix-what-are-realistic-security-risks%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password