 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
3 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Run maildrop as anoth...| From | Sent On | Attachments |
|---|---|---|
| Daniel Villavicencio | Jan 27, 2008 2:19 pm | |
| Tony Earnshaw | Jan 27, 2008 10:13 pm | |
| Devin Rubia | Jan 28, 2008 12:10 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [maildropl] Run maildrop as another user (not vmail) | Actions... |
|---|---|---|
| From: | Tony Earnshaw (ton...@hetnet.nl) | |
| Date: | Jan 27, 2008 10:13:52 pm | |
| List: | net.sourceforge.lists.courier-maildrop | |
Daniel Villavicencio skrev, on 27-01-2008 23:20:
Hi everyone, i'm new to the list, i have recently installed a mail server using postfix, ldap, amavisd-new, spamassassin, clamav and courier-maildrop, i was following this howto:
for amavisd-new i follow other howto from howtoforge, everything is working fine but i wanned to change a little my configuration, in the howto i followed the home directory of the users was owned by vmail user so the authldaprc was using vmail as the global uid and gid for all my users, now i want to change this so the authldaprc use the uid and gid from the user, everything seems to be ok, but when my server receive email for a local user the maildrop can't write the email to the Maildir directory and i get an error like this:
you are not a trusted user
I don't know what binaries Debian gives you, but where people build fro source or or build their own (Red Hat, Fedora, Mandrake, SuSE etc.) rpms, there is a %configure option:
--enable-restrict-trusted=flag - if set to 1, maildrop permits only certain "trusted" user or group IDs to use the -d option. Setting this variable to 0 allows anyone to use the -d option (provided that maildrop has set-userid-to-root privileges). This allows certain denial-of-service attacks, so this setting is not recommended. The default value is 1.
and another:
--enable-trusted-users='...' - sets the list of users allowed to use the -d option if --enable-restrict-trusted is set to 1. If --enable-restrict-trusted is set to 0, this option is not used. Put a list of user IDs allowed to use the -d option between the apostrophes, separated by single spaces. If your mail transport agent uses maildrop as the local delivery agent this list must include the userid that the mail transport agent runs as. If this option is not specified, maildrop attempts to put together a list including common mail system user ids.
You'd likely do best to contact the Debian maintainer to ask about whether these have been enabled and if so, with what trusted users. also, it ought to have 6755 perms if people are going to su.
this is what i have in my master.cf for maildrop:
maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -w 80
That'll work for your situation, but there are more parameters possible.
i supose the problem is that maildrop always run as the vmail user and i need to change so maildrop runs as the person that is receiving the email or make the vmail user a trusted user for every user in my ldap or something like this and i don't know how to do this so please if you could help me do this it would be great
I'm using debian 4.0 (etch), postfix 2.3.8, courier-maildrop 0.53.3, slapd 2.3.30 i installed everything using aptitude
The current maildrop version is 2.0.4.
Courier maildrop gets delivered source and rpm with a large amount of documentation. Make sure you have it all.
--Tonni
-- Tony Earnshaw Email: tonni at hetnet dot nl