[Mimedefang] watch-mimedefang (SSH Security).
David F. Skoll
dfs at roaringpenguin.com
Wed Feb 17 06:57:07 EST 2010
D. Stussy wrote:
> The superuser (unix) or administrator (windows) should NEVER be
> permitted login access via SSH.
Well. That's a blanket statement; there are certainly some cases that
justify root login via SSH. For example, our nightly backup uses an
SSH key pair with a forced command (and restrictions like
no-X11-forwarding, no-port-forwarding, etc.) and runs as root.
Anyway... to run md-mx-ctrl, you don't actually need to be root. You
can ssh in as "defang" and it will work. Alternatively (or
additionally), you can use the "-a" option to mimedefang-multiplexor
to create a restricted socket that anyone can connect to for the purposes
of monitoring load.
Regards,
David.
More information about the MIMEDefang
mailing list