I just experienced this problem after an update this morning on squeeze.
The APT upgrade installed a new version of perl:
# dpkg -l perl
ii perl 5.10.0-22
# dpkg -l mailscanner
ii mailscanner 4.74.16-1
Afterwards, debugging mailscanner showed it dying with the error message
"Insecure dependency in chown while running with the -T switch in
/usr/share/MailScanner//MailScanner/Message.pm on line 2407". It appears
to be while calling the perl chown function to set the permissions on an
exploded message in the "incoming" work directory.
There were also a number of problems appearing with loading custom
functions, such as MailWatch logging and white/black list as well as
calling the various exploders, etc while processing the email.
After doing some digging I found out about the Perl Taint Mode. Although
the -T param is not explicitly set in /etc/init.d/mailscanner it seems
that Perl will automcatically turn on taint mode. From
http://perldoc.perl.org/perlsec.html:
"Perl automatically enables a set of special security checks, called
/taint mode/, when it detects its program running with differing real
and effective user or group IDs."
After much head banging I finally tried adding --chuid postfix:postfix
(the user/group set in Run As in MailScanner.conf) to the
start-stop-daemon call in /etc/init.d/mailscanner. Eg,
start-stop-daemon --start --quiet --nicelevel $run_nice --chuid
postfix:postfix --exec $DAEMON --name $NAME -- $DAEMON_ARGS
I hope this is of some help, as it is now working fine for me!
Mark
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
begin:vcard
fn:Mark Presling
n:Presling;Mark
email;internet:m...@presling.com
tel;home:+6442322774
tel;cell:+6421549540
version:2.1
end:vcard
