RE: Proper forums for these questions?

In another career, I configured procmail as a mail delivery agent, thus avoiding the .forward file entirely. Doing so introduces other problems so use at your own risk. Regarding why the .forward file ban was not included in SSG, in http://people.redhat.com/swells/scap-security-guide/RHEL6/output/table-rh... there is the comment "The security argument is not apparent or salient." Do you see the "no .forward files" requirement as impacting confidentiality, integrity, or availability? The description from the RHEL5 STIG in the above link indicates it potentially impacts confidentiality and availability. Are those indications sufficient for addition to the SSG, perhaps with a low severity? Would "forward_path = /dev/null" in /etc/postfix/main.cf be an adequate solution? In a similar vein, should there be a "sendmail must not be installed" rule? ;-) Thanks, Leland -- Leland Steinke, Security+ DISA FSO Technical Support Contractor tapestry technologies, llc 717-267-5797 (DSN 570) leland.j.steinke.ctr(a)mail.mil (gov't) lsteinke(a)tapestrytech.com (com'l)