Re: Catch-all with no system user

Wed, 04 Feb 2015 03:24:08 -0800 

On 2015-02-04 11:54, Gilles Chehade wrote:
> On Wed, Feb 04, 2015 at 06:56:09AM -0300, Hugo Osvaldo Barrera wrote:
> > > > 
> > > > I do get some issues regarding dovecot and it's lda now, though I won't 
> > > > go into
> > > > details since it's off topic.
> > > > 
> > > > I am wondering though: as what user is the command from `deliver to mda`
> > > > invoked (in this case: "/usr/local/libexec/dovecot/dovecot-lda").
> > > > 
> > > > Thanks, cheers,
> > > > 
> > > 
> > > MDA is invoked with the privileges of the end user.
> > > 
> > 
> > So, to make sure if I'm still not mistaken: in the above example, it would 
> > be
> > 1000:100, right?
> > 
> 
> yes
> 
> 
> > > Since recently this can be overriden so that all deliveries take place as
> > > a specific user, people use it for LMTP as far as I know.
> > > 
> > 
> > This hasn't made it to the latest snapshot, has it?
> >
> 
> it has, it's been around for a while "deliver [...] as _user"
> 
> 

The "as" keyword seems to rewrite the sender. How would that affect the user
that's used to deliver messages?

    If the as parameter is specified, smtpd(8) will rewrite the sender 
advertised in the SMTP session.
    address may be a user, a domain prefixed with ‘@’, or an email address, 
causing smtpd to rewrite the
    user-part, the domain-part, or the entire address, respectively.


> > Also, if I use lda with a unix domain socket, do I still need to give write
> > permissions to the user (eg: 1000:100 in this case), or does smtpd connect 
> > to
> > it using the same user the process runs as?
> > 
> 
> yes, the mda will run as the user so if it needs to access something, be
> it a file or a socket, the permissions should be ok for that user
> 

I'm sorry, I mistyped that (I'm way past my bedtime). I meant to ask if I use
*lmtp* with a unix socket. In this case do I need to grant write access to the
socket to smtpd, or the the user the email is mapped to (eg: 1000:100)?

> 
> -- 
> Gilles Chehade
> 
> https://www.poolp.org                                          @poolpOrg

Thanks,

-- 
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?

Attachment: pgpKt05_auBQZ.pgp
Description: PGP signature

Reply via email to