Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Oct 2001 08:31:05 +0300
From: Jarno Huuskonen <Jarno.Huuskonen@....fi>
To: owl-users@...ts.openwall.com
Subject: Re: Postfix and procmail delivery ?

On Mon, Oct 15, Solar Designer wrote:
> Why is the suggestion to restrict showq to root not acceptable for
> you, then?

Because I understood that the private showq (in master.cf) stops even
root from seeing the queue:
Quoting brett:
"take a look at the private setting for the showq command in
/etc/postfix/master.cf. of course, this will stop everybody (including
root) from seeing the mail queue since the showq daemon will run without
privilege.                                                                     
- brett"

OK, this time I tested it (set showq to private in master.cf)
(with postfix-20010228pl05 though):
As root:
mailq: warning: Mail system is down -- accessing queue directly
Mail queue is empty

As normal user:
mailq: fatal: Queue report unavailable - mail system is down

Seems to do the job: Well I'd prefer a different error message ;)

> To me, the problem with it is that it remains possible to flush the
> queue.  And restricting qmgr in the same way (via master.cf) breaks
> things.  I haven't checked the code to see what can be done, yet.

I browsed the postfix mailinlist archives and there was some
discussion about restricting mailq/flushing the queue. I got the
impression that Wietse might implement the feature if people convince
to him that it's necessary.

-Jarno

-- 
Jarno Huuskonen - System Administrator   |  Jarno.Huuskonen@....fi
University of Kuopio - Computer Center   |  Work:   +358 17 162822
PO BOX 1627, 70211 Kuopio, Finland       |  Mobile: +358 40 5388169

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.