Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 13 Oct 2001 13:38:21 +0300
From: Jarno Huuskonen <Jarno.Huuskonen@....fi>
To: owl-users@...ts.openwall.com
Subject: Postfix and procmail delivery ?

Hi,

AFAIK there's a small issue with using procmail as mailbox_command with
postfix: postfix runs procmail as the user receiving mail and if the
/var/spool/mail/user doesn't exist procmail(not suid/sgid) is unable to
create the mailbox. (I only tested this very briefly on an Owl test
install, but this at least is the case on RedHat (after procmail update)).

Do you have any workaround for this ?
I think Chris Wing (Caen Linux) has made a patch for useradd to create
the user's mailbox. Something like this might be useful for those
wishing to use procmail.

Do you have any ideas on how to prevent users from seeing the postfix
mailqueues / or flushing the queue (sendmail -q) ?
(quick hack would be to modify the sendmail command to refuse to run
if normal user tries to see/flush the queue ... Only works if the users
don't use their private copies of sendmail). What about using more
restricted permissions on the /var/spool/postfix/public/showq socket ?

-Jarno

-- 
Jarno Huuskonen <Jarno.Huuskonen@....fi>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.