[lug] postfix aliases, best practices?

D. Stimits stimits at comcast.net
Wed Dec 27 17:53:33 MST 2006


bgiles at coyotesong.com wrote:

>Just to be clear, I'm referring to (internal only?) redirect to a common
>account, not separate queues.  I don't think any processes actually send
>mail to any account other than 'root', but it's cheap insurance.
>
>  
>
Hmm...so then is there some sort of security issue solved by having 
aliases for all of the system accounts which redirect to a real user? It 
sounds like it avoids some sort of exploit from sending email to system 
accounts...but if so, why not just make those account names always 
bounce as non-existent?
...

>>>I think you need an entry for every account in /etc/passwd.  I don't
>>>recall, off the top of my head, how to only define the accounts
>>>internally.
>>>      
>>>

Seems that the default aliases file actually defines several not even in 
the passwd file (e.g., sales).

I probably need to pick up a book on postfix config. Some of the 
documentation is fairly clear and simple, but it often lacks information 
about why they do things certain ways.

D. Stimits, stimits AT comcast DOT net



More information about the LUG mailing list