A common method to implement privilege separation is to have a computer program fork into two processes.
Such software tends to separate privileges by revoking them completely after the critical section is done, and change the user it runs under to some unprivileged account after so doing.
Privilege separation can also be done by splitting functionality of a single program into multiple smaller programs, and then assigning the extended privileges to particular parts using file system permissions.
Another email server software designed with privilege separation and security in mind is Dovecot.
[7][8] Solaris implements a separate set of functions for privilege bracketing.