Re: [maildropl] Re: maildrop 1.5.0 not finding users in userdb - Ben Rosengart - net.sourceforge.lists.courier-maildrop

16 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Re: maildrop 1.5.0 no...

From	Sent On	Attachments
Ben Rosengart	Nov 1, 2002 4:27 pm
Ben Rosengart	Nov 4, 2002 12:25 pm
Sam Varshavchik	Nov 4, 2002 2:53 pm
Ben Rosengart	Nov 4, 2002 3:42 pm
Sam Varshavchik	Nov 4, 2002 3:59 pm
Ben Rosengart	Nov 5, 2002 4:22 pm
Sam Varshavchik	Nov 5, 2002 7:41 pm
Ben Rosengart	Nov 5, 2002 8:09 pm
Ben Rosengart	Nov 6, 2002 2:31 pm
Luc Brouard	Nov 6, 2002 2:38 pm
Ben Rosengart	Nov 6, 2002 3:20 pm
Ben Rosengart	Nov 6, 2002 5:52 pm
Sam Varshavchik	Nov 6, 2002 6:49 pm
Ben Rosengart	Nov 6, 2002 7:09 pm
Sam Varshavchik	Nov 6, 2002 7:40 pm
Ben Rosengart	Nov 6, 2002 8:19 pm	.userdb

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [maildropl] Re: maildrop 1.5.0 not finding users in userdb	Actions...
From:	Ben Rosengart (br+c...@panix.com)
Date:	Nov 6, 2002 2:31:44 pm
List:	net.sourceforge.lists.courier-maildrop

More details: I have reproduced this with maildrop 1.4 as well. Here are my compile flags:

./configure --with-db=db --prefix=/pkg/maildrop \ --enable-sendmail=/usr/sbin/sendmail --enable-use-flock=0 \ --enable-use-dotlock=1 --enable-maildrop-uid=root \ --enable-maildrop-gid=wheel --enable-userdb \ --with-trashquota --enable-maildirquota --enable-smallmsg=1048576 \ --enable-restrict-trusted=0

I'm calling maildrop from postfix with:

maildrop -d ${user}@${nexthop} -f ${sender} ${recipient}

To reiterate, ktrace shows that only the first few bytes of the userdb are being read. After that, the file access pattern suggests that getpwent() is being called.

I need to be able to do delivery with different UIDs. Please advise.

On Mon, Nov 04, 2002 at 05:53:31PM -0500, Sam Varshavchik wrote:

Ben Rosengart writes:

This behavior seems to vary with the setting of "--enable-restrict-trusted" for some reason. If it is set to 1, then the userdb is consulted, but delivery to users with UIDs other than the trusted one is impossible. If it is set to 0, then the below-described behavior occurs. Please advise.

What exactly is unclear about the following description from INSTALL:

When I compile with --enable-restrict-trusted=0, all deliveries fail with "Invalid user specified", and the userdb is not consulted. Why?

By the way, I did remember to set the setuid bit on the maildrop binary.

* --enable-restrict-trusted=flag - if set to 1, maildrop permits only certain "trusted" user or group IDs to use the -d option. Setting this variable to 0 allows anyone to use the -d option (provided that maildrop has set-userid-to-root privileges). This allows certain denial-of-service attacks, so this setting is not recommended. The default value is 1.

* --enable-trusted-users='...' - sets the list of users allowed to use the -d option if --enable-restrict-trusted is set to 1. If --enable-restrict-trusted is set to 0, this option is not used. Put a list of user IDs allowed to use the -d option between the apostrophes, separated by single spaces. If your mail transport agent uses maildrop as the local delivery agent this list must include the userid that the mail transport agent runs as. If this option is not specified, maildrop attempts to put together a list including common mail system user ids.

Kids, the seven basic food groups are GUM, PUFF PASTRY, PIZZA, PESTICIDES, ANTIBIOTICS, NUTRA-SWEET and MILK DUDS!!

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: