This one time, at band camp, Peter Troeger said: > I am using your clamav-milter package with Postfix 2.3 from Debian > Etch. Postfix introduced Milter support with the 2.3 series (see > http://www.postfix.org/MILTER_README.html). > > I needed to change /etc/default/clamav-milter so that the Unix domain > socket file is written do a different location, since the Postfix > smtpd in Debian is running chroot'ed: > > SOCKET=local:/var/spool/postfix/.../clamav-milter.sock > > It would be good if this is indicated somewhere in the README file. > > I also needed to change /etc/init.d/clamav-milter, so that the > permissions of the created socket file are modified after startup. > Otherwise, the Postfix smtpd daemon has not the right permissions to > read it. It would be good if there is a (described) solution which > does not demand change of package executables. > > One idea might be to make the socket file group-readable / writeable > on creation, which would allow to add the postfix user to the > according group.
clamav-milter uses smfi_setconn to create it's socket listener, which is documented here: http://www.dblab.ece.ntua.gr/~adamo/makecf/milters/milterdoc/smfi_setconn.html It says to create the socket 0600. Not sure what to do about that - any suggestions to maintain interoperability with sendmail (obviously the first concern) and add some for postfix? They seem like very different security models to me, so I'm not sure this will e easy, out of the box. /etc/default/clamav-milter is there for you to change for local needs, so I see that part as fine. I can put a note in the README if it would (never having used postfix with milters, if you want to send me a short howto snippet, it would be much appreciated). Thanks, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
