Re: postfix: maildir-style delivery with external MDA?

To: debian-user@lists.debian.org
Subject: Re: postfix: maildir-style delivery with external MDA?
From: Andrei POPESCU <andreimpopescu@gmail.com>
Date: Sun, 9 Feb 2014 18:35:06 +0200
Message-id: <20140209163506.GA6280@sid.nuvreauspam>
In-reply-to: <52F6B49E.6050904@list-post.mks-mail.de>
References: <20140205111615.GN1706@sid.nuvreauspam> <52F22E94.6020907@list-post.mks-mail.de> <20140207190540.GR1706@sid.nuvreauspam> <52F6B49E.6050904@list-post.mks-mail.de>

On Sb, 08 feb 14, 23:50:06, Markus Schönhaber wrote:
> 
> No other suggestions but one I already made: check maildrop's
> documentation. That will hopefully help you to find out why maildrop
> fails to connect to (courier's?) authdaemon. WAG: permissions of the the
> corresponding socket are wrong.
> 
> Anyway: I don't see a problem wrt to postfix (who is just the messenger
> here). And since I'm not interested in maildrop, I can't be of any help.

It is the maildrop invocation (via pipe) that causes the problems. One 
obvious mistake I did was to leave the -d ${recipient}, while I need to 
call maildrop with -d ${user}, since I have system not virtual users. 

The correct line in master.cf should look like this:

    maildrop  unix  -       n       n       -       -       pipe
      flags=DORX user=mail argv=/usr/bin/maildrop -d ${user}

Once I fixed that I hit another issue:

Feb  9 18:19:15 sid postfix/pickup[6738]: 7FF70C0DF3: uid=1077 from=<amp>
Feb  9 18:19:15 sid postfix/cleanup[6744]: 7FF70C0DF3: message-id=<20140209161915.7FF70C0DF3@sid.nuvreauspam>
Feb  9 18:19:15 sid postfix/qmgr[6739]: 7FF70C0DF3: from=<amp@sid.nuvreauspam>, size=314, nrcpt=1 (queue active)
Feb  9 18:19:15 sid postfix/pipe[6747]: 7FF70C0DF3: to=<amp@sid.nuvreauspam>, relay=maildrop, delay=0.07, delays=0.04/0.01/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: No such file or directory /usr/bin/maildrop: Cannot set my user or group id. )

As far as I can tell this is because maildrop is installed setgid and 
not setuid:

$ ls -l /usr/bin/maildrop
-rwxr-sr-x 1 root mail 206940 feb  1 19:44 /usr/bin/maildrop

chmod u+s works (tested), but I'm not very happy with it, even though 
maildrop's documentation claims this is safe as it will immediately drop 
privileges to the user specified by the '-d' option.

Another option is to invoke it as user 'amp' (also tested) via the 
'user=' directive in master.cf, but this can only work as long as I'm 
the sole user.

Since this endeavor is important only in the context of eventually 
running a public facing postfix -> maildrop setup I'm not very fond of 
any of these two workarounds.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: postfix: maildir-style delivery with external MDA?
  - From: Lucius Rizzo <Lucius.Rizzo@Lucius.XxX>

References:
- postfix: maildir-style delivery with external MDA?
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: postfix: maildir-style delivery with external MDA?
  - From: Markus Schönhaber <debian-user@list-post.mks-mail.de>
- Re: postfix: maildir-style delivery with external MDA?
  - From: Andrei POPESCU <andreimpopescu@gmail.com>
- Re: postfix: maildir-style delivery with external MDA?
  - From: Markus Schönhaber <debian-user@list-post.mks-mail.de>

Prev by Date: Re: images that play nicely with revision control?
Next by Date: Re: images that play nicely with revision control?
Previous by thread: Re: postfix: maildir-style delivery with external MDA?
Next by thread: Re: postfix: maildir-style delivery with external MDA?
Index(es):
- Date
- Thread