Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Jun 2003 05:45:19 +0000
From: "Hallgrimur H. Gunnarsson" <hhg@...a.is>
To: popa3d-users@...ts.openwall.com
Subject: Re: root mail.

Hi,

On  0, Craig Hammond <Craig@...solutions.com.au> wrote:
> I have just starting using popa3d.

Welcome to the group :-)

> I'm figuring that you stop popa3d from serving roots mail for security
> reasons.
> The only reason I can think off is to stop stupid admins from sending
> the root password in cleartext over the internet.
>  
> I'm using popa3d for just for an internal email system, so security
> isn't so important.
> It is possible to change it so I can retrieve roots mail. If so, how.

The check is in set_user which is called from do_root_auth after
authentication to drop to the user (pop_root.c). The check is:

if (!pw->pw_uid) return 1;

However, as a principle i'd strongly recommend against doing this
even on an internal email system. The usual way of doing this
is to forward the mail for root, postmaster, etc to a local user
or a remote address.

-- hhg

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.