[Mimedefang] watch-mimedefang (SSH Security).

David F. Skoll dfs at roaringpenguin.com
Wed Feb 17 06:57:07 EST 2010

D. Stussy wrote:

> The superuser (unix) or administrator (windows) should NEVER be
> permitted login access via SSH.

Well.  That's a blanket statement; there are certainly some cases that
justify root login via SSH.  For example, our nightly backup uses an
SSH key pair with a forced command (and restrictions like
no-X11-forwarding, no-port-forwarding, etc.) and runs as root.

Anyway... to run md-mx-ctrl, you don't actually need to be root.  You
can ssh in as "defang" and it will work.  Alternatively (or
additionally), you can use the "-a" option to mimedefang-multiplexor
to create a restricted socket that anyone can connect to for the purposes
of monitoring load.



More information about the MIMEDefang mailing list