in Ideas · 62 words

Many parts of a mail delivery system could run chrooted besides those that Postfix already sandboxes.

For instance, procmail is a complex piece of software that must process user-supplied data; it should run chrooted to the user's mail folders directory. It could even run chrooted to an empty directory and merely pass very simple (folder, data) pairs to a less-sandboxed delivery application.