 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
11 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Fwd: maildrop + ldap...| From | Sent On | Attachments |
|---|---|---|
| Brad Askew | Jul 20, 2006 9:52 am | |
| Tony Earnshaw | Jul 20, 2006 10:10 pm | |
| Chida N | Jul 20, 2006 11:56 pm | |
| Tony Earnshaw | Jul 21, 2006 12:36 am | |
| Brad Askew | Jul 21, 2006 7:13 am | |
| Brad Askew | Jul 21, 2006 8:09 am | |
| Tony Earnshaw | Jul 21, 2006 11:17 pm | |
| Brad Askew | Jul 26, 2006 6:43 am | |
| Brad Askew | Jul 26, 2006 6:44 am | |
| Tony Earnshaw | Jul 26, 2006 10:01 pm | |
| Tony Earnshaw | Jul 27, 2006 11:40 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [maildropl] Fwd: maildrop + ldap how to | Actions... |
|---|---|---|
| From: | Tony Earnshaw (teri...@barlaeus.nl) | |
| Date: | Jul 26, 2006 10:01:49 pm | |
| List: | net.sourceforge.lists.courier-maildrop | |
on den 26.07.2006 Klokka 08:44 (-0500) skreiv Brad Askew:
[...]
You might not like the following from a security viewpoint (suid/sgid programs can enable privilege escalation in certain circumstances), but standard maildrop binary perms are 755. Try 'chmod u+s,g+s `which maildrop`' as root. The reason is that maildrop has to be able to change euid to the uid calling it. See the maildrop INSTALL file for a more detailed discussion.
When I try this, it returns nothing.
Hmm ... looking at your listing below, the maildrop binary already has the correct permissions.
Another thing I dont understand is how when running maildrop -V 9 -d <virtual_account> < msg as root, the mail goes to the correct user's mailbox that it retrieves from LDAP, but running it as the vmail user (how it is configured to run in the master.cf file) it retrieves the right information from LDAP, but still insists on putting the message in a Maildir it creates on its own.
vmail@mta1:~$ maildrop -V 4 -d virtual_user < msg maildrop: authlib: groupid=1001 # vmail uid gid maildrop: authlib: userid=1001 maildrop: authlib: logname=virtual_user, home=/home/vmail/domains, mail=tsch.biz/virtual_user/ maildrop: Changing to /home/vmail # This is wrong, why here, why not what it retrieved from LDAP above? Message start at 0 bytes, envelope sender=vmail /etc/courier/maildroprc(6): MAILDROP="/usr/bin/maildrop" /etc/courier/maildroprc(11): Opening logfile /var/log/maildrop /etc/courier/maildroprc(12): VERBOSE="9" vmail@mta1~$
As root: mta1:~# maildrop -V 4 -d virtual_user < /home/me/msg maildrop: authlib: groupid=1001 maildrop: authlib: userid=1001 maildrop: authlib: logname=virtual_user, home=/home/vmail/domains, mail=tsch.biz/virtual_user/ maildrop: Changing to /home/vmail/domains # Changes to the right dir here Message start at 0 bytes, envelope sender=virtual_user /etc/courier/maildroprc(6): MAILDROP="/usr/bin/maildrop" /etc/courier/maildroprc(11): Opening logfile /var/log/maildrop /etc/courier/maildroprc(12): VERBOSE="9" mta1:~#
See the difference? Run as root I get the test message in my inbox, run as vmail it goes into a maildir in /home/vmail, which is the user running the command.
mta1:~# ls -al /usr/bin/maildrop -rwsr-sr-x 1 root vmail 166684 2006-06-11 09:24 /usr/bin/maildrop
Is there anything else I may be missing?
Force maildrop to get the correct Maildir? In my maildroprc for sites with virtual users I extract each user's Maildir from the $HOME variable, got from the LDAP_HOMEDIR attribute in authldaprc, which is set to the same as LDAP_MAILDIR (e.g. /home/vmail/beheerders/tearnshaw). I do it with cut(1).
--Tonni
-- Tony Earnshaw tonni at barlaeus.nl