Bennett Todd says: > Scott Schwartz writes: > >| needlessly running with root privileges (like sendmail). > >You think pipes in .forward files should be disallowed, then? > > Errh, I think Perry objects (as does everybody else I've ever spoken to) to > having a big, complex, hairy, MONOLITHIC sendmail. The functionality it > performs ought to be broken down into smaller, simpler modules. Indeed it should. Mail delivery need not be done as root, and there is no point in having one monolithic program get mail, route mail, and send mail. However, I object to .forward files, period, because they don't work well in distributed environments. The concept was very nice in the days before distributed file systems, but now they are just a pain in the !@#!@$. What is the semantic meaning of a pipe in a .forward file if you have no real idea what machine the pipe is being run on or if the process delivering mail can even GET credentials to access the home directory of the adressee? In AFS environments this gets especially bad. When you are running mail for several thousand machines, as I have, .forward files become a cause for bounced or misaddressed mail virtually every day. What if you want to run POP in such an environment? At that point the entire concept has totally lost. Far better to use a proper database to store delivery information, and allow users to update their records. Programs can be run -- but not as root or as the user. Since the mail subsystem is not priviledged, breaking it at best gives you access to other people's mail. Perry