Joel Conover wrote:

postfix/pipe[16155]: A5CB5163EC6: to=<[EMAIL PROTECTED]>, relay=maildrop, delay=0, status=bounced (user unknown. Command output: ERR: authdaemon: s_connect() failed: Permission denied Invalid user specified. )

See the NOTE in the first section of the INSTALL document:


When using the standalone maildrop build with courier-authlib, one of the following configurations must be used:

* Your mail server must invoke maildrop as the root user (the -d flag reads the mail account's uid and gid, then drops root) .
* Manually change the permissions on the maildrop binary to be setuid root.
* Manually change the permissions on the courier-authlib's socket directory (/usr/local/var/spool/authdaemon by default) to be globally readable or executable.

The default permissions on courier-authlib's socket directory blocks world-access to the filesystem socket connected to courier-authlib's authentication daemon process. In order for maildrop to connect to the authentication library, maildrop must either have root privileges (which will be temporary, as soon as maildrop determines the account's userid and groupid, it will drop root, before reading the maildroprc file), or courier-authlib's socket directory must have world read and execute permission.

Note that if the permissions on the socket directory are changed, anyone on the system can connect and obtain any account's password!

It is the system administrator's responsibility to choose the appropriate security policy when using the Courier Authentication Library.

------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. _______________________________________________ courier-users mailing list Unsubscribe:

Reply via email to