On 07/24/2012 07:33 PM, mouss wrote:
>
> map_directory = /var/db/postmap
> cidr = cidr:${map_directory}/cidr
> db = ${db_type}:${map_directory}/${db_type}
> map_directory = /var/db/postmap
> regex = ${regex_type}:${map_directory}/${regex_type}
> sql = ${sql_type}:${map_directory}/${sql_type}
> ...
>
> ls -l /var/db/
> ...
> drwxr-x--- 9 root postfix 512 Feb 10 2011 postmap/
> ...
Ok, thanks, I'll stick with this for a while and see what happens. It
seems sendmail needs to read main.cf, but not any of the map files (at
least, not the ones I'm using in the way I'm using them) or master.cf.
We've only got two boxes that have anything sensitive in the maps; on
the one with the mail store, I have just:
/etc/postfix:
cp -R etc/postfix /etc/
chgrp -R postfix /etc/postfix
find /etc/postfix -type d -print0 | xargs -0 chmod 755
find /etc/postfix -type f -print0 | xargs -0 chmod 640
chmod 644 /etc/postfix/main.cf
which is close to what you posted, modulo master.cf and 'rx' of the maps
directory.
On the MX, I also need to make one of the map files readable to the
amavis user, but there's nothing sensitive in that map, so 644 is fine
there.
I'll report if anything else breaks =)
