Re: security(8) check maildir as well as mailbox permissions
skin...@britvault.co.uk wrote: >I'll continue to locally patch security While we are at it, do you understand that you can populate root's crontab with whatever scripts you want, so that you don't need to patch security in order to get the job done for you? -- Dmitrij D. Czarkoff
Re: security(8) check maildir as well as mailbox permissions
On 21/12/13 3:14 PM, Craig R. Skinner wrote: On 2013-12-21 Sat 09:16 AM |, Theo de Raadt wrote: You seem to be coming from the perspective that people do stupid things, and our base system should handle those stupid things. My perspective is maildir (backed IMAP) is commonly deployed, and such are as well being security checked. Yes, and perhaps that means they should use a different directory! No thanks. I say /var/mail is the right place for maildirs. Then do so on your own systems. The mailbox format is too limiting these days, with all of its file locking problems. A cluster of SMTP servers can concurrently write to a set of NFS mounted /var/mail directories, while simultaneously, a cluster of IMAP servers can concurrently both read and write to the same NFS mounted /var/mail directories. None of this is relevant to the discussion. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: security(8) check maildir as well as mailbox permissions
skin...@britvault.co.uk (Craig R. Skinner) writes: > On 2013-12-21 Sat 09:16 AM |, Theo de Raadt wrote: >> > > You seem to be coming from the perspective that people do stupid >> > > things, and our base system should handle those stupid things. >> > > >> > >> > My perspective is maildir (backed IMAP) is commonly deployed, >> > and such are as well being security checked. >> >> Yes, and perhaps that means they should use a different directory! > > No thanks. > > I say /var/mail is the right place for maildirs. It's not. Do what you want on your systems. > The mailbox format is too limiting these days, with all of its file > locking problems. > > A cluster of SMTP servers can concurrently write to a set of NFS mounted > /var/mail directories, while simultaneously, a cluster of IMAP servers > can concurrently both read and write to the same NFS mounted /var/mail > directories. > > I'll continue to locally patch security, as I'm not fool who makes an > idol out of archaic UNIX traditions. Fine! > Cheers, -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: security(8) check maildir as well as mailbox permissions
On 2013-12-21 Sat 09:16 AM |, Theo de Raadt wrote: > > > You seem to be coming from the perspective that people do stupid > > > things, and our base system should handle those stupid things. > > > > > > > My perspective is maildir (backed IMAP) is commonly deployed, > > and such are as well being security checked. > > Yes, and perhaps that means they should use a different directory! No thanks. I say /var/mail is the right place for maildirs. The mailbox format is too limiting these days, with all of its file locking problems. A cluster of SMTP servers can concurrently write to a set of NFS mounted /var/mail directories, while simultaneously, a cluster of IMAP servers can concurrently both read and write to the same NFS mounted /var/mail directories. I'll continue to locally patch security, as I'm not fool who makes an idol out of archaic UNIX traditions. Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: security(8) check maildir as well as mailbox permissions
> > You seem to be coming from the perspective that people do stupid > > things, and our base system should handle those stupid things. > > > > My perspective is maildir (backed IMAP) is commonly deployed, > and such are as well being security checked. Yes, and perhaps that means they should use a different directory!
Re: security(8) check maildir as well as mailbox permissions
On 2013-12-21 Sat 08:55 AM |, Theo de Raadt wrote: > > You seem to be coming from the perspective that people do stupid > things, and our base system should handle those stupid things. > My perspective is maildir (backed IMAP) is commonly deployed, and such are as well being security checked.
Re: security(8) check maildir as well as mailbox permissions
> People are placing maildirs in /var/maildir, /var/vmail, /mail, > /var/spool/mail, and who knows what other embarrassingly heinous > hierarchical heresies are being committed. Index: hier.7 === RCS file: /cvs/src/share/man/man7/hier.7,v retrieving revision 1.109 diff -u -u -p -r1.109 hier.7 --- hier.7 14 Aug 2013 08:39:29 - 1.109 +++ hier.7 21 Dec 2013 15:21:55 - @@ -617,7 +617,7 @@ Log files for .El .Pp .It mail/ -User mailbox files. +User mailbox files and/or maildirs. .It named/ Chroot directory for .Xr named 8 . You seem to be coming from the perspective that people do stupid things, and our base system should handle those stupid things. I don't buy it. If it's stupid, why not just leave the script alone.
Re: security(8) check maildir as well as mailbox permissions
On 2013-12-16 Mon 12:11 PM |, Craig R. Skinner wrote: > Check the security of /var/mail/dirs similar to /var/mail/boxes: > Several skilled sysadmins have stated they deliberately avoid using /var/mail for maildirs as security(8) generates warnings about these. People are placing maildirs in /var/maildir, /var/vmail, /mail, /var/spool/mail, and who knows what other embarrassingly heinous hierarchical heresies are being committed. It's simple to alter security to include maildirs as well as mailboxes. Either with the code I hacked up, or something sublimely superior. Compare: http://openbsd.7691.n7.nabble.com/security-8-and-maildir-td67036.html#a67039 Additionally, here's a possible corresponding diff for heir(7): Index: hier.7 === RCS file: /cvs/src/share/man/man7/hier.7,v retrieving revision 1.109 diff -u -u -p -r1.109 hier.7 --- hier.7 14 Aug 2013 08:39:29 - 1.109 +++ hier.7 21 Dec 2013 15:21:55 - @@ -617,7 +617,7 @@ Log files for .El .Pp .It mail/ -User mailbox files. +User mailbox files and/or maildirs. .It named/ Chroot directory for .Xr named 8 . > Index: security > === > RCS file: /cvs/src/libexec/security/security,v > retrieving revision 1.23 > diff -u -u -p -r1.23 security > --- security 21 Mar 2013 09:37:37 - 1.23 > +++ security 16 Dec 2013 12:05:52 - > @@ -458,9 +458,16 @@ sub check_mailboxes { > my $gname = (getgrgid $fgid)[0] // $fgid; > nag $fname ne $name, > "user $name mailbox is owned by $fname"; > - nag S_IMODE($mode) != (S_IRUSR | S_IWUSR), > - sprintf 'user %s mailbox is %s, group %s', > - $name, strmode($mode), $gname; > + if (S_ISDIR($mode)) { > + nag S_IMODE($mode) != (S_IRUSR | S_IWUSR | S_IXUSR), > + sprintf 'user %s maildir is %s, group %s', > + $name, strmode($mode), $gname; > + } > + else { > + nag S_IMODE($mode) != (S_IRUSR | S_IWUSR), > + sprintf 'user %s mailbox is %s, group %s', > + $name, strmode($mode), $gname; > + } > } > closedir $dh; > } >
Re: security(8) check maildir as well as mailbox permissions
Am 20.12.2013 um 08:48 schrieb David Gwynne : > On 20 Dec 2013, at 2:56 am, Alexander Hall wrote: > >> Henning Brauer wrote: >>> * Craig R. Skinner [2013-12-19 10:18]: On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: > skin...@britvault.co.uk (Craig R. Skinner) writes: >> On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: >>> Check the security of /var/mail/dirs similar to >>> /var/mail/boxes: > >>> >>> Indeed, but security(8) really reflects things in the base OS, >>> >> >> smtpd.conf(8) >> deliver to maildir path >> Mail is added to a maildir. Its location, path, may >> contain format specifiers that are expanded before use >> >> >> Therefore: ... deliver to maildir /var/mail/%{user.username} > "Therefore"? How so? What's the logic, here? THEREFORE software in base can deliver to maildir in /var/mail >>> >>> THEREFORE software in base can also deliver mail to >>> /omgohmymail/pr0n/$uid - does that mean we check it in security? >>> >>> The question is rather wether Maildirs in /var/mail are a common >>> enough setup to warrant a check in security. >> >> I totally agree with Henning here. >> >> That said, I ended up putting my Maildirs in /var/maildir because of this, >> so I for one wouldn't object. > > i also put maildirs in /var/maildir... Similar discussion, pops up from time to time: http://marc.info/?l=openbsd-misc&m=133422769629575&w=2 Quoting sthen@ in the old thread: "/var/mail is intended for user-owned mbox files, I would think moving your maildirs elsewhere is more sane. I tend to use /mail for virtual user mailboxes but each to their own :)" IMHO, some "standard"/best practice directory for maildirs is missing in hier(7). FWIIW, I put mine in /var/vmail but I would move mine to anything else to fulfill standard/best practices.
Re: security(8) check maildir as well as mailbox permissions
On 20 Dec 2013, at 2:56 am, Alexander Hall wrote: > > > Henning Brauer wrote: >> * Craig R. Skinner [2013-12-19 10:18]: >>> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: skin...@britvault.co.uk (Craig R. Skinner) writes: > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: >> Check the security of /var/mail/dirs similar to >> /var/mail/boxes: >> >> Indeed, but security(8) really reflects things in the base OS, >> > > smtpd.conf(8) > deliver to maildir path > Mail is added to a maildir. Its location, path, may > contain format specifiers that are expanded before use > > > Therefore: ... deliver to maildir /var/mail/%{user.username} "Therefore"? How so? What's the logic, here? >>> THEREFORE software in base can deliver to maildir in /var/mail >> >> THEREFORE software in base can also deliver mail to >> /omgohmymail/pr0n/$uid - does that mean we check it in security? >> >> The question is rather wether Maildirs in /var/mail are a common >> enough setup to warrant a check in security. > > I totally agree with Henning here. > > That said, I ended up putting my Maildirs in /var/maildir because of this, so > I for one wouldn't object. i also put maildirs in /var/maildir... > > /Alexander >
Re: security(8) check maildir as well as mailbox permissions
Henning Brauer wrote: >* Craig R. Skinner [2013-12-19 10:18]: >> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: >> > skin...@britvault.co.uk (Craig R. Skinner) writes: >> > > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: >> > >> > > > > Check the security of /var/mail/dirs similar to >/var/mail/boxes: >> > >> > > >> > >> >> > >> Indeed, but security(8) really reflects things in the base OS, >> > >> >> > > >> > > smtpd.conf(8) >> > > deliver to maildir path >> > > Mail is added to a maildir. Its location, path, may >> > > contain format specifiers that are expanded before use >> > > >> > > >> > > Therefore: ... deliver to maildir /var/mail/%{user.username} >> > "Therefore"? How so? What's the logic, here? >> THEREFORE software in base can deliver to maildir in /var/mail > >THEREFORE software in base can also deliver mail to >/omgohmymail/pr0n/$uid - does that mean we check it in security? > >The question is rather wether Maildirs in /var/mail are a common >enough setup to warrant a check in security. I totally agree with Henning here. That said, I ended up putting my Maildirs in /var/maildir because of this, so I for one wouldn't object. /Alexander
Re: security(8) check maildir as well as mailbox permissions
Marcus MERIGHI writes: [...] > By default it's supposed to be in $HOME/Maildir: > > smtpd.conf(5) > > deliver to maildir path > [snip what's quoted above] > If path is not provided, then ~/Maildir is assumed. > > Bye, Marcus We are aware of this. Now read again the previous mails and ask yourself why this part of the documentation has been stripped twice by the same guy. -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: security(8) check maildir as well as mailbox permissions
Am 12/19/13 10:55, schrieb Henning Brauer: > * Craig R. Skinner [2013-12-19 10:18]: >> On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: >>> skin...@britvault.co.uk (Craig R. Skinner) writes: On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: > Check the security of /var/mail/dirs similar to /var/mail/boxes: >>> > > Indeed, but security(8) really reflects things in the base OS, > smtpd.conf(8) deliver to maildir path Mail is added to a maildir. Its location, path, may contain format specifiers that are expanded before use Therefore: ... deliver to maildir /var/mail/%{user.username} >>> "Therefore"? How so? What's the logic, here? >> THEREFORE software in base can deliver to maildir in /var/mail > > THEREFORE software in base can also deliver mail to > /omgohmymail/pr0n/$uid - does that mean we check it in security? > > The question is rather wether Maildirs in /var/mail are a common > enough setup to warrant a check in security. By default it's supposed to be in $HOME/Maildir: smtpd.conf(5) deliver to maildir path [snip what's quoted above] If path is not provided, then ~/Maildir is assumed. Bye, Marcus
Re: security(8) check maildir as well as mailbox permissions
* Craig R. Skinner [2013-12-19 10:18]: > On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: > > skin...@britvault.co.uk (Craig R. Skinner) writes: > > > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: > > >> > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > > >> > > > > >> > > >> Indeed, but security(8) really reflects things in the base OS, > > >> > > > > > > smtpd.conf(8) > > > deliver to maildir path > > > Mail is added to a maildir. Its location, path, may > > > contain format specifiers that are expanded before use > > > > > > > > > Therefore: ... deliver to maildir /var/mail/%{user.username} > > "Therefore"? How so? What's the logic, here? > THEREFORE software in base can deliver to maildir in /var/mail THEREFORE software in base can also deliver mail to /omgohmymail/pr0n/$uid - does that mean we check it in security? The question is rather wether Maildirs in /var/mail are a common enough setup to warrant a check in security. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: security(8) check maildir as well as mailbox permissions
On 2013-12-18 Wed 20:48 PM |, J??r??mie Courr??ges-Anglas wrote: > skin...@britvault.co.uk (Craig R. Skinner) writes: > > > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: > >> > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > >> > > > >> > >> Indeed, but security(8) really reflects things in the base OS, > >> > > > > smtpd.conf(8) > > deliver to maildir path > > Mail is added to a maildir. Its location, path, may > > contain format specifiers that are expanded before use > > > > > > Therefore: ... deliver to maildir /var/mail/%{user.username} > > "Therefore"? How so? What's the logic, here? > THEREFORE software in base can deliver to maildir in /var/mail > >> Indeed, but security(8) really reflects things in the base OS, OK? -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: security(8) check maildir as well as mailbox permissions
On Wed, Dec 18, 2013 at 08:48:38PM +0100, Jérémie Courrèges-Anglas wrote: > skin...@britvault.co.uk (Craig R. Skinner) writes: > > > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: > >> > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > >> > > > >> > >> Indeed, but security(8) really reflects things in the base OS, > >> > > > > smtpd.conf(8) > > deliver to maildir path > > Mail is added to a maildir. Its location, path, may > > contain format specifiers that are expanded before use > > > > > > Therefore: ... deliver to maildir /var/mail/%{user.username} > > "Therefore"? How so? What's the logic, here? > > deliver to maildir path > Mail is added to a maildir. Its location, path, may > contain format specifiers that are expanded before use > (see above). If path is not provided, then ~/Maildir is > assumed. > > You're trying to trick people into doing what you want. That's not > a very good idea on this mailing-list. Maybe a plugin based security(8)? If it won't be accepted into base OS maybe it could be in ports as an alternative (line base OS nginx with limited features and nginx in ports). jirib
Re: security(8) check maildir as well as mailbox permissions
skin...@britvault.co.uk (Craig R. Skinner) writes: > On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: >> > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: >> > > >> >> Indeed, but security(8) really reflects things in the base OS, >> > > smtpd.conf(8) > deliver to maildir path > Mail is added to a maildir. Its location, path, may > contain format specifiers that are expanded before use > > > Therefore: ... deliver to maildir /var/mail/%{user.username} "Therefore"? How so? What's the logic, here? deliver to maildir path Mail is added to a maildir. Its location, path, may contain format specifiers that are expanded before use (see above). If path is not provided, then ~/Maildir is assumed. You're trying to trick people into doing what you want. That's not a very good idea on this mailing-list. > OK for the patch then? http://nelson-haha.com/ > Cheers, -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: security(8) check maildir as well as mailbox permissions
On 2013-12-18 Wed 15:54 PM |, Stuart Henderson wrote: > > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > > > > > Indeed, but security(8) really reflects things in the base OS, > smtpd.conf(8) deliver to maildir path Mail is added to a maildir. Its location, path, may contain format specifiers that are expanded before use Therefore: ... deliver to maildir /var/mail/%{user.username} OK for the patch then? Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: security(8) check maildir as well as mailbox permissions
On 2013/12/17 17:07, Craig R. Skinner wrote: > On 2013-12-16 Mon 13:15 PM |, Craig R. Skinner wrote: > > On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote: > > > On 2013/12/16 12:11, Craig R. Skinner wrote: > > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > > > > > > Aren't maildirs usually in ~/Maildir? > > > > > > > MTA's can deliver to maildirs in several places. > > > > Postfix example (the trailing slash changes from mbox to maildir format): > > > > $ postconf -h mail_spool_directory > > /var/mail/ > > > > Usually, all user web files are kept in ~/public_html > OpenBSD places them in /var/www/users/$LOGIN > > By keeping all mail in a separately mounted /var/mail partition, > (with simple mutt & dovecot configs) mail only users can have > /var/empty has $HOME, authpf or nologin as $SHELL. > This eliminates SQL or other complicated mail stores for 'virtual' users > > Separate 'black box' servers can be dedicated to mail only duties, > without user shell logins, > > /var/mail can be NFS exported as there are no file locking problems with > maildirs - each message is a unique file. New mail can be delivered > without locking the box. > > Also, an annual dump cycle can be set on /home, > with quarterly/monthly level 0 dumps on /var/mail, > different quotas set on the different partitions. > > Possibilities abound, Indeed, but security(8) really reflects things in the base OS, perhaps a security.local might be worthwhile for custom setups though...
Re: security(8) check maildir as well as mailbox permissions
On 2013-12-16 Mon 13:15 PM |, Craig R. Skinner wrote: > On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote: > > On 2013/12/16 12:11, Craig R. Skinner wrote: > > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > > > > Aren't maildirs usually in ~/Maildir? > > > > MTA's can deliver to maildirs in several places. > > Postfix example (the trailing slash changes from mbox to maildir format): > > $ postconf -h mail_spool_directory > /var/mail/ > Usually, all user web files are kept in ~/public_html OpenBSD places them in /var/www/users/$LOGIN By keeping all mail in a separately mounted /var/mail partition, (with simple mutt & dovecot configs) mail only users can have /var/empty has $HOME, authpf or nologin as $SHELL. This eliminates SQL or other complicated mail stores for 'virtual' users Separate 'black box' servers can be dedicated to mail only duties, without user shell logins, /var/mail can be NFS exported as there are no file locking problems with maildirs - each message is a unique file. New mail can be delivered without locking the box. Also, an annual dump cycle can be set on /home, with quarterly/monthly level 0 dumps on /var/mail, different quotas set on the different partitions. Possibilities abound, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: security(8) check maildir as well as mailbox permissions
On 2013-12-16 Mon 12:22 PM |, Stuart Henderson wrote: > On 2013/12/16 12:11, Craig R. Skinner wrote: > > Check the security of /var/mail/dirs similar to /var/mail/boxes: > > Aren't maildirs usually in ~/Maildir? > MTA's can deliver to maildirs in several places. Postfix example (the trailing slash changes from mbox to maildir format): $ postconf -h mail_spool_directory /var/mail/ Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
Re: security(8) check maildir as well as mailbox permissions
On 2013/12/16 12:11, Craig R. Skinner wrote: > Check the security of /var/mail/dirs similar to /var/mail/boxes: Aren't maildirs usually in ~/Maildir?
security(8) check maildir as well as mailbox permissions
Check the security of /var/mail/dirs similar to /var/mail/boxes: Index: security === RCS file: /cvs/src/libexec/security/security,v retrieving revision 1.23 diff -u -u -p -r1.23 security --- security21 Mar 2013 09:37:37 - 1.23 +++ security16 Dec 2013 12:05:52 - @@ -458,9 +458,16 @@ sub check_mailboxes { my $gname = (getgrgid $fgid)[0] // $fgid; nag $fname ne $name, "user $name mailbox is owned by $fname"; - nag S_IMODE($mode) != (S_IRUSR | S_IWUSR), - sprintf 'user %s mailbox is %s, group %s', - $name, strmode($mode), $gname; + if (S_ISDIR($mode)) { + nag S_IMODE($mode) != (S_IRUSR | S_IWUSR | S_IXUSR), + sprintf 'user %s maildir is %s, group %s', + $name, strmode($mode), $gname; + } + else { + nag S_IMODE($mode) != (S_IRUSR | S_IWUSR), + sprintf 'user %s mailbox is %s, group %s', + $name, strmode($mode), $gname; + } } closedir $dh; } Cheers, -- Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7