On Mon, Oct 23, 2006 at 03:12:33AM +0200, William Steve Applegate wrote:
> After upgrading to the last release from an old customised one, I began
> to see messages like that in my log file:
>
> Oct 22 21:25:03 kingslanding postfix/pipe[10679]: 93DB3CEC92: to=<[EMAIL
> PROTECTED]>, orig_to=<[EMAIL PROTECTED]>, relay=maildrop, delay=1.9,
> delays=1.6/0.08/0/0.26, dsn=5.1.1, status=bounced (user unknown. Command
> output: ERR: authdaemon: s_connect() failed: Permission denied Invalid user
> specified. )
>
> I use a Postfix + Courier + Maildrop + MySQL backed setup, and my
> maildrop entry in Postfix's master.cf looks like this:
>
> maildrop unix - n n - - pipe
> flags=DRhu user=postman argv=/usr/bin/maildrop -d [EMAIL PROTECTED]
> ${extension} ${recipient} ${user} ${nexthop}
>
> Googleing the error message has lead me to
> <http://archives.neohapsis.com/archives/postfix/2005-05/1183.html>,
> which describes some solutions to this problem. I chose to chmod +s the
> maildrop binary, but I would like to ensure this doesn't repeat at the
> next upgrade. Thus, could you please make sure maildrop can read the
> authdaemon socket out of the box (or at least include a warning in
> preinst saying that a manual action is necessary to do so)?
Well, the authdaemon socket is located in:
drwxr-xr-x daemon/daemon 0 2006-09-09 21:54:23 ./var/run/courier/
drwxr-x--- daemon/daemon 0 2006-09-09 21:54:23 ./var/run/courier/authdaemon/
Sounds like you may want to:
* make maildrop setgid daemon, although I don't reckon that would work
well if you still need to setgid mail (in order to lock files in /var/mail).
Do you need that?
Also, other repercussions of making a binary setgid daemon may exist.
* change permissions of those files to be mail:mail
* ask the maintainer or courier-authdaemon and courier-maildrop what's their
strategy with this whole daemon user thing :)
* handle upgrades by dpkg-divert'ing /usr/bin/maildrop and making a note
somewhere always to check whether you need the new one, but that's an ugly
workaround which may fail later
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
