Re: Postfix Security Documentation

To: Lupe Christoph <lupe@lupe-christoph.de>
Cc: debian-security@lists.debian.org
Subject: Re: Postfix Security Documentation
From: Tomasz Papszun <tomek@lodz.tpsa.pl>
Date: Wed, 20 Aug 2003 13:26:39 +0200
Message-id: <[🔎] 20030820112639.GD20061@lodz.tpsa.pl>
In-reply-to: <[🔎] 1061377179.3f43549b7fd28@www.lupe-christoph.de>
References: <[🔎] 20030820085555.GD29865@localnet> <[🔎] 20030820092816.GC20545@lodz.tpsa.pl> <[🔎] 1061377179.3f43549b7fd28@www.lupe-christoph.de>

On Wed, 20 Aug 2003 at 12:59:39 +0200, Lupe Christoph wrote:
> Quoting Tomasz Papszun <tomek@lodz.tpsa.pl>:
> > On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote:
> 
> > > is there any documentation on securing a postfix server readily
> > > available? I didn't find anything much at the postfix homepage, nor in
> > > the postfix-doc package. 
> > > I'd be especially interested in chrooting postfix processes.
> 
> > In Debian, postfix is chrooted by default.
> 
> Not true. A number of processes are chrooted, but not all. Please look
> at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix.

Sure, I know it.

==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (50)
#
==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       -       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       nqmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
flush     unix  n       -       -       1000?   0       flush
smtp      unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp


But I think that (almost?) all process that _can_ be chrooted, _are_
chrooted.
How could the 'local' process deliver mail to user mailboxes if it would
be chrooted??

If I'm wrong and it's possible somehow, someone may correct me of
course.

> Sven, do you want to chroot *all* processes? Postfix is supposed to be
> secure out of the box 

I think the same :-) .

> (except for programming errors, as we recently saw :-( ). 

Even those, they were just vulnerable to DoS and "bounce scans", not
break-ins.

> So improving Postfix security should be done inside of
> Postfix. You may want to you the Postfix mailing list (warning: lots
> of traffic!) and ask there.
> 
> Lupe Christoph

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@lodz.tpsa.pl   http://www.lodz.tpsa.pl/   | ones and zeros.

Reply to:

Follow-Ups:
- Re: Postfix Security Documentation
  - From: Jay Kline <jay@teamfreeze.com>

References:
- Postfix Security Documentation
  - From: Sven Riedel <sr@gimp.org>
- Re: Postfix Security Documentation
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>
- Re: Postfix Security Documentation
  - From: Lupe Christoph <lupe@lupe-christoph.de>

Prev by Date: Re: Simple e-mail virus scanner
Next by Date: Re: pam doesn't see nis
Previous by thread: Re: Postfix Security Documentation
Next by thread: Re: Postfix Security Documentation
Index(es):
- Date
- Thread