@whynothugo @drewdevault OpenSSH has a *lot* of privileges issues.
- It needs port <1024, I think this should be a remnant of the past and instead require either something like: A firewall which would restrict per dedicated user, or capabilities/special-group.
- It needs to create a session for another user, with it's own authentication scheme due to ssh-keys (so I guess most if not all of BSD Auth is out), I think this is one where you'd need proper capabilities and something with a clean API (like the setuid+setgid+setgroups+… dance should probably be a single syscall).

OpenSMTPd is also a "fun" one on this, if I wanted better security I feel like I'd end up making it a pure MTA and only have the MDA part to a POP/IMAP daemon to avoid effectively overriding the file system permissions on both the mbox and maildir-in-$HOME cases.