Re: [Courier-imap] proper/secure permissions for maildrop and shared mailboxes
On Thu, Dec 13, 2007 at 11:58:55PM -0500, Joe Auty wrote: > Is Maildrop the best option for rule parsing, BTW? I would love to be > able to write sieve scripts, but I don't know of something that will > support this under Courier You can use Exim instead of Postfix - it has sieve built in (as well as its own filtering language), and delivers directly to Maildir++. With Exim the entire processing flow of mail acceptance, routing and delivery is configurable. This means there's quite a learning curve, but you get a Swiss army knife for mail processing. Furthermore, the documentation is utterly comprehensive. http://www.exim.org/ I guess the main argument for using maildrop would be if you're using sqwebmail, since it includes an interface for creation of simple maildrop rulesets. Regards, Brian. - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] proper/secure permissions for maildrop and shared mailboxes
On Thu, Dec 13, 2007 at 03:50:33AM -0500, Joe Auty wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> I'm struggling with figuring out what users and groups are at play
> with getting Maildrop to deliver messages to my shared folder
> collection.
>
> When I have my folder collection set as such:
>
> drwxr- 6 vmail mygroup 512 Dec 13 01:30 .Joe
Aside: this is an unusual set of permissions, and possibly you have
misunderstood how the permissions bits work when applied to directories:
r = can enter the directory
w = can create and delete files
x = can list the directory contents
If you give 'mygroup' only 'r' permissions, they can only access files if
they know in advance the exact filename to access. This is insufficient to
be able to browse messages in a Maildir.
Try mode 750 (drwxr-x---) instead. And of course this must apply to
subdirectories too.
However that aside, you should be able to *deliver* to this mailbox as user
"vmail" just given vmail rwx (as long as your subdirectories also have the
same)
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
>
> to be able to write to this mailbox. I'm delivering mail to this
> folder based on a maildrop rule set, NOT as myself, so "chown joe"ing
> the directory won't work with my rule set - I imagine that I would
> only want to be the owner of this directory if it was delivered
> straight there unaffected by my maildrop rules?
>
> I don't want this folder to be world readable or world writable
> obviously, but as it stands, Maildrop will only deliver to this folder
> when "everybody" has writable permission. I've tried just about every
> combination of permission set that I can think of. What permissions
> need to be assigned here to do what I want? What am I missing here?
Unless you have a problem with subdirectory permissions, this looks like a
Postfix problem. Maybe maildrop is not actually running as user "vmail".
You'll need to get some logs from postfix and/or maildrop showing the error.
Also, you're only giving maildrop the recipient E-mail address, not the
directory path, so perhaps maildrop isn't mapping this to the target
directory correctly. (However, you say it works if you change the
directories to mode 777, so this is probably OK)
I don't use either Postfix or maildrop, so I can't give you more specific
information on where to look for the problem. But my guess would be that
maildrop isn't running as user vmail. Perhaps it's installed setuid root and
is setting its own uid back to 'joe' or whatever.
Brian.
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
___
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] proper/secure permissions for maildrop and shared mailboxes
Joe Auty skrev, on 14-12-2007 05:58: > Any idea here? Is there a separate list where I might find some people > who are comfortable with Maildrop? Yes there is (surprise, surprise) the maildrop list. Details on the courier-mta site. You aren't likely to get answers to maildrop questions on this list. > Is Maildrop the best option for rule parsing, BTW? I would love to be > able to write sieve scripts, but I don't know of something that will > support this under Courier Maildrop has its own (very comprehensive) PCRE-based filtering routines. --Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] proper/secure permissions for maildrop and shared mailboxes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Any idea here? Is there a separate list where I might find some people
who are comfortable with Maildrop?
Is Maildrop the best option for rule parsing, BTW? I would love to be
able to write sieve scripts, but I don't know of something that will
support this under Courier
On Dec 13, 2007, at 3:50 AM, Joe Auty wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> I'm struggling with figuring out what users and groups are at play
> with getting Maildrop to deliver messages to my shared folder
> collection.
>
> When I have my folder collection set as such:
>
> drwxr- 6 vmail mygroup 512 Dec 13 01:30 .Joe
>
>
> I want every user in the group "mygroup" to be able to read this
> shared mailbox, and I want maildrop, which according to my Postfix
> master.cf file is running as user "vmail":
>
> maildrop unix - n n - - pipe
> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
>
> to be able to write to this mailbox. I'm delivering mail to this
> folder based on a maildrop rule set, NOT as myself, so "chown joe"ing
> the directory won't work with my rule set - I imagine that I would
> only want to be the owner of this directory if it was delivered
> straight there unaffected by my maildrop rules?
>
> I don't want this folder to be world readable or world writable
> obviously, but as it stands, Maildrop will only deliver to this folder
> when "everybody" has writable permission. I've tried just about every
> combination of permission set that I can think of. What permissions
> need to be assigned here to do what I want? What am I missing here?
>
>
>
>
>
>
>
>
> - ---
> Joe Auty
> NetMusician: web publishing software for musicians
> http://www.netmusician.org
> [EMAIL PROTECTED]
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.7 (Darwin)
>
> iD8DBQFHYPJZCgdfeCwsL5ERAl4KAJ9k0YEkERpFCQfWtnh6TuHQ+beHjQCdG1bn
> 5aZFf7ZyRDQ3l68hb+/Zxn0=
> =SfON
> -END PGP SIGNATURE-
>
> -
> SF.Net email is sponsored by:
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services
> for just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> ___
> Courier-imap mailing list
> Courier-imap@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (Darwin)
iD8DBQFHYg2PCgdfeCwsL5ERAkeHAJ47n8b3QT1MMLdBBx6855C1KgAXLACgmQg0
08cEMaccU3gV4MXZfZcmhz8=
=vkUw
-END PGP SIGNATURE-
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
___
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
