Egbert Jan wrote: > I've taken this even further: I have separate 'users' for postfix, > postfixadmin (web frontend for virtual users/domains) and dovecot. Each > *might* need specific rights. Using restricted user rights and chroots and what not does not prevent SQL injection in any way. Robin