[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with Postfix port

> qmail takes this pretty much to the extreme.  Despite the offer of a
> cash reward no one has ever been able to find a security hole in qmail.

Let's not start this flamewar on cash/prize intrusion testing, shall we?
It was bad enough on firewalls. I don't see a problem with sendwhale
just as long as you use it to process the mail and not actually receive
it. smtpd/smtpfwdd work great for that.

What I haven't figured out is what to do with mail.local or
/var/spool/mqueue. Right now mail.local bitches about having to be root.
The offending code can be yanked. The issue though is how to safely
append to the user's mail file. Either we don't attempt to become the
user (which requires root) while processing his mail box, or we make his
mailbox writable by group "mailer" or something. Is that a reasonable
thing to do? My ultra short-term solution is to suid mail.local again.

I don't have a stock box anymore and I'm no expert on the mail system in
general. But what am I missing below? As best I can tell this is how a
clean install will look like (based on Makefile entries and mtree file)
but it won't accept mail sent with /usr/bin/mail since it can't queue
the file. Can someone point out my incredible oversight?

/usr/bin/mail 555 root.bin
/usr/sbin/sendmail 555 root.bin
/usr/libexec/mail.local 555 root.bin
/usr/libexec/lockspool 4555 root.bin
/var/mail 755 root.wheel
/var/spool/mqueue 755 root.wheel

And my accounting information shows the users each program is running as
when delivery is successful.
local mail (via /usr/bin/mail):
	mail (as me) -> sendmail (as me) -> mail.local (as root)
network mail (via port 25)
	smtpd (as smtpd) -> smtpfwdd (as smtpd) -> sendmail (as smtpd) ->
mail.local (as root)