diff -r 8f41c9f3f392 configure.in
--- a/configure.in	Wed Nov 19 16:11:01 2008 +0200
+++ b/configure.in	Wed Nov 19 14:31:56 2008 +0000
@@ -461,7 +461,8 @@ AC_CHECK_FUNCS(fcntl flock lockf inet_at
 	       setrlimit setproctitle seteuid setreuid setegid setresgid \
 	       strtoull strtoll strtouq strtoq \
 	       setpriority quotactl getmntent kqueue kevent backtrace_symbols \
-	       walkcontext dirfd clearenv malloc_usable_size clock_gettime)
+	       walkcontext dirfd clearenv malloc_usable_size clock_gettime \
+	       setppriv)
 
 dnl strtoimax and strtoumax are macros in HP-UX, so inttypes.h must be included
 AC_MSG_CHECKING([for strtoimax])
diff -r 8f41c9f3f392 src/master/Makefile.am
--- a/src/master/Makefile.am	Wed Nov 19 16:11:01 2008 +0200
+++ b/src/master/Makefile.am	Wed Nov 19 14:18:36 2008 +0000
@@ -22,6 +22,7 @@ dovecot_SOURCES = \
 	auth-process.c \
 	askpass.c \
 	capabilities-posix.c \
+	capabilities-solaris.c \
 	child-process.c \
 	dict-process.c \
 	dup2-array.c \
diff -r 8f41c9f3f392 src/master/capabilities.h
--- a/src/master/capabilities.h	Wed Nov 19 16:11:01 2008 +0200
+++ b/src/master/capabilities.h	Wed Nov 19 14:18:38 2008 +0000
@@ -1,7 +1,7 @@
 #ifndef CAPABILITIES_H
 #define CAPABILITIES_H
 
-#if defined(HAVE_LIBCAP)
+#if defined(HAVE_LIBCAP) || defined(HAVE_SETPPRIV)
 
 void drop_capabilities(void);
 
diff -r 8f41c9f3f392 src/master/capabilities-solaris.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/master/capabilities-solaris.c	Wed Nov 19 14:18:39 2008 +0000
@@ -0,0 +1,54 @@
+/* Copyright (c) 2008 Dovecot authors, see the included COPYING file */
+
+#include "common.h"
+#include "capabilities.h"
+
+#ifdef HAVE_SETPPRIV
+
+#include <priv.h>
+
+void drop_capabilities(void)
+{
+	static const char* privs[] = {
+		"PRIV_PROC_FORK",
+		"PRIV_PROC_EXEC",
+		"PRIV_FILE_CHOWN",
+		"PRIV_PROC_SETID",
+		"PRIV_PROC_CHROOT",
+		"PRIV_NET_PRIVADDR",
+		"PRIV_FILE_DAC_READ",
+		"PRIV_FILE_DAC_WRITE",
+		NULL
+	}, **p;
+	priv_set_t *priv_set;
+	int ret;
+
+	priv_set = priv_allocset();
+	if (priv_set == NULL) {
+		i_warning("Can't allocate memory for privilege set: %m");
+		return;
+	}
+
+	priv_emptyset(priv_set);
+
+	for (p = privs; *p != NULL; p++) {
+		ret = priv_addset(priv_set, *p);
+		if (ret != 0) {
+			i_warning("Can't drop %s from privilege set: %m", *p);
+		}
+	}
+
+	ret = setppriv(PRIV_SET, PRIV_PERMITTED, priv_set);
+	if (ret) {
+		i_warning("Can't set %s privelege set: %m", "PERMITTED");
+	}
+
+	ret = setppriv(PRIV_SET, PRIV_EFFECTIVE, priv_set);
+	if (ret) {
+		i_warning("Can't set %s privelege set: %m", "EFFECTIVE");
+	}
+
+	priv_freeset(priv_set);
+}
+
+#endif