Josip Rodin wrote:
On Mon, Oct 23, 2006 at 03:12:33AM +0200, William Steve Applegate wrote:
After upgrading to the last release from an old customised one, I began
to see messages like that in my log file:
Oct 22 21:25:03 kingslanding postfix/pipe[10679]: 93DB3CEC92: to=<[EMAIL PROTECTED]>,
orig_to=<[EMAIL PROTECTED]>, relay=maildrop, delay=1.9, delays=1.6/0.08/0/0.26,
dsn=5.1.1, status=bounced (user unknown. Command output: ERR: authdaemon: s_connect()
failed: Permission denied Invalid user specified. )
I use a Postfix + Courier + Maildrop + MySQL backed setup, and my
maildrop entry in Postfix's master.cf looks like this:
maildrop unix - n n - - pipe
flags=DRhu user=postman argv=/usr/bin/maildrop -d [EMAIL PROTECTED]
${extension} ${recipient} ${user} ${nexthop}
Googleing the error message has lead me to
<http://archives.neohapsis.com/archives/postfix/2005-05/1183.html>,
which describes some solutions to this problem. I chose to chmod +s the
maildrop binary, but I would like to ensure this doesn't repeat at the
next upgrade. Thus, could you please make sure maildrop can read the
authdaemon socket out of the box (or at least include a warning in
preinst saying that a manual action is necessary to do so)?
Well, the authdaemon socket is located in:
drwxr-xr-x daemon/daemon 0 2006-09-09 21:54:23 ./var/run/courier/
drwxr-x--- daemon/daemon 0 2006-09-09 21:54:23 ./var/run/courier/authdaemon/
Sounds like you may want to:
* make maildrop setgid daemon, although I don't reckon that would work
well if you still need to setgid mail (in order to lock files in /var/mail).
Do you need that?
Also, other repercussions of making a binary setgid daemon may exist.
* change permissions of those files to be mail:mail
* ask the maintainer or courier-authdaemon and courier-maildrop what's their
strategy with this whole daemon user thing :)
The packages started with daemon years ago and I tried to allocate fixed
UID/GID for courier, but that was denied. So I sticked with that. Any
advice is welcome.
Bye
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
