question on using zmailer in a distributed environment

[Donald Ball <balld@sunsite.unc.edu>]

Howdy, sorry to be asking such basics question to the guru list but I
couldn't find out what I wanted in the list archive.

Okay, so we've got a bunch of workstations and a big honking server. We
want the server to be the only machine receiving mail and have users
access their mailboxes via IMAP. If mail gets sent to a user at their
workstation, we want the mail to be punted to the honking server. My guess
is that defining the following in SiteConfig for the workstations will
work: 

MAILSERVER=	sunsite.unc.edu
PUNTHOST=	sunsite.unc.edu
FORCEPUNT=	sunsite.unc.edu
SMARTHOST=	sunsite.unc.edu

but it seems a bit overkill. I don't want sunsite to necessarily send out
all the mail, just receive it all. 

Second question: I want as much as possible of the zmailer stuff to live
in our shared read-only /usr/local directory. Currently the setup looks
like this: 

MAILBIN=	/usr/local/mail/bin
MAILSHARE=	/usr/local/mail
MAILVAR=	/usr/local/mail
prefix=		/usr/local/mail

but I strongly suspect that some of these things really _need_ to be
local, not shared. Which ones, if any? 

Penultimate question: We're moving from icky NFS to slightly less icky AFS
shortly. How well do zmailer and AFS coexist?

Final question: There's another machine on campus which is running zmailer
and has an interesting security hole. Commands run via the .forward file
mechanism are executed with root permission! I was able to get myself a
nice suidroot /bin/sh using my .forward file. Is this a misconfiguration
issue or a flaw in zmailer? 

Thanks in advance for any answers.

- donald