On Sat, Oct 16, 2004 at 07:56:45PM -0600, Gary Aitken wrote: > Trying to install milter-greylist. > After configuring sendmail, and without the milter-greylist daemon > running, maillog contains messages of the type: > > sm-mta: i9H12H4P059533: Milter (greylist): local socket name > /var/milter-greylist/milter-greylist.sock unsafe > > From what I've been able to dig up, this is because sendmail thinks > it's unsafe to read/write that socket.
No, this is sendmail's convoluted way of telling you that milter-greylist isn't actually running, and so it would be unsafe (ie. might result in lost e-mail) if it was to attempt to communicate via the socket with that non-existent process. It doesn't have anything to do with the ownership/permissions of either the milter-greylist socket, or the milter-greylist process itself. The answer is just to start up the milter-greylist process. > Upon checking, I discovered /var/milter-greylist was owned by smmsp, > so I changed it to root. Unfortunately, that didn't solve the > problem. Um... don't do that. Leave the permissions as they were when the port was installed. The various parts of the mail system are deliberately configured to run as *non root* for security reasons: essentially, if someone can take over the process by eg. a buffer overflow attack, all they get is a process with ordinary user credentials, so limiting the amount of damage they can do. /var/milter-greylist has to be writable by the UID milter-greylist runs as, and the best way of doing that is to give that UID ownership of the directory. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
Description: PGP signature