diff -Nru ssmtp-2.64/debian/changelog ssmtp-2.64/debian/changelog
--- ssmtp-2.64/debian/changelog	2014-07-15 00:49:35.000000000 +0000
+++ ssmtp-2.64/debian/changelog	2016-04-13 15:50:31.000000000 +0000
@@ -1,3 +1,11 @@
+ssmtp (2.64-8ubuntu1) xenial; urgency=medium
+
+  * Remove world read access to /etc/ssmtp/* and chgrp to "mail".
+    Install the ssmtp binary as setgid and owned by "root:mail".
+    LP: #654065, Closes: #661954
+
+ -- Simon Deziel <simon.deziel@gmail.com>  Wed, 13 Apr 2016 15:44:14 +0000
+
 ssmtp (2.64-8) unstable; urgency=medium
 
   * Fix "Partial loss of message body, sending message to wrong recipicients".
diff -Nru ssmtp-2.64/debian/control ssmtp-2.64/debian/control
--- ssmtp-2.64/debian/control	2014-07-15 00:34:15.000000000 +0000
+++ ssmtp-2.64/debian/control	2016-04-13 15:47:35.000000000 +0000
@@ -1,7 +1,8 @@
 Source: ssmtp
 Section: mail
 Priority: extra
-Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
 Build-Depends: dpkg-dev (>= 1.16.1~), po-debconf, libgnutls-openssl-dev
 Standards-Version: 3.9.5
 Vcs-Git: git://git.debian.org/ssmtp/ssmtp.git
diff -Nru ssmtp-2.64/debian/postinst ssmtp-2.64/debian/postinst
--- ssmtp-2.64/debian/postinst	2010-04-08 06:17:25.000000000 +0000
+++ ssmtp-2.64/debian/postinst	2016-04-13 15:44:07.000000000 +0000
@@ -52,13 +52,15 @@
 	test -z "$FromOverride" && FromOverride=NO
 
 	touch /etc/ssmtp/ssmtp.conf.tmp
-	chmod 644 /etc/ssmtp/ssmtp.conf.tmp
+	chmod 640 /etc/ssmtp/ssmtp.conf.tmp
+	chgrp mail /etc/ssmtp/ssmtp.conf.tmp
 
 	sed "s/^root=.*/root=$root/;s/^mailhub=.*/mailhub=$mailhub/;s/^rewriteDomain=.*/rewriteDomain=$rewritedomain/;s/^hostname=.*/hostname=$hostname/;s/^FromLineOverride=.*/FromLineOverride=$FromOverride/;s/^#FromLineOverride=.*/FromLineOverride=$FromOverride/" /etc/ssmtp/ssmtp.conf > /etc/ssmtp/ssmtp.conf.tmp
 	mv -f /etc/ssmtp/ssmtp.conf.tmp /etc/ssmtp/ssmtp.conf
 else
 	touch /etc/ssmtp/ssmtp.conf
-	chmod 644 /etc/ssmtp/ssmtp.conf
+	chmod 640 /etc/ssmtp/ssmtp.conf
+	chgrp mail /etc/ssmtp/ssmtp.conf
 
 	exec 1>/etc/ssmtp/ssmtp.conf
 
diff -Nru ssmtp-2.64/debian/rules ssmtp-2.64/debian/rules
--- ssmtp-2.64/debian/rules	2014-04-11 17:44:32.000000000 +0000
+++ ssmtp-2.64/debian/rules	2016-04-13 15:44:07.000000000 +0000
@@ -38,13 +38,13 @@
 	install -m 755 debian/config debian/tmp/DEBIAN
 
 	install -d -m 755 debian/tmp/usr/sbin
-	install -s -m 755 ssmtp debian/tmp/usr/sbin/ssmtp
+	install -s -g mail -m 2755 ssmtp debian/tmp/usr/sbin/ssmtp
 	install -d -m 755 debian/tmp/usr/share/man/man8
 	install -m 644 ssmtp.8 debian/tmp/usr/share/man/man8/ssmtp.8
 	install -d -m 755 debian/tmp/usr/share/man/man5
 	install -m 644 ssmtp.conf.5 debian/tmp/usr/share/man/man5/ssmtp.conf.5
-	install -d -m 755 debian/tmp/etc/ssmtp
-	install -m 644 revaliases debian/tmp/etc/ssmtp/revaliases
+	install -d -g mail -m 750 debian/tmp/etc/ssmtp
+	install -g mail -m 640 revaliases debian/tmp/etc/ssmtp/revaliases
 
 	-cd debian/tmp/usr/sbin && ln -sf ssmtp sendmail
 	install -d -m 755 -o root -g root debian/tmp/usr/lib