Re: [maildropl] Fwd: maildrop + ldap how to - Brad Askew - net.sourceforge.lists.courier-maildrop

11 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] Fwd: maildrop + ldap...

From	Sent On	Attachments
Brad Askew	Jul 20, 2006 9:52 am
Tony Earnshaw	Jul 20, 2006 10:10 pm
Chida N	Jul 20, 2006 11:56 pm
Tony Earnshaw	Jul 21, 2006 12:36 am
Brad Askew	Jul 21, 2006 7:13 am
Brad Askew	Jul 21, 2006 8:09 am
Tony Earnshaw	Jul 21, 2006 11:17 pm
Brad Askew	Jul 26, 2006 6:43 am
Brad Askew	Jul 26, 2006 6:44 am
Tony Earnshaw	Jul 26, 2006 10:01 pm
Tony Earnshaw	Jul 27, 2006 11:40 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: [maildropl] Fwd: maildrop + ldap how to	Actions...
From:	Brad Askew (Brad...@Tsch.biz)
Date:	Jul 26, 2006 6:43:54 am
List:	net.sourceforge.lists.courier-maildrop

Thank you all for the help, and prompt replies. I installed courier-authlib, and already I had courier-imap working with ldap. So doing /usr/sbin/authtest it showed successfuly query against ldap.

Of course I spoke too early, although authtest works fine, running maildrop -d <virtual_user> still gets a "Invalid user specified." message. So now, there is no need for the /etc/maildrop/maildropldap.config file? Also I have courier-ldap, working and courier-imap working with ldap fine.

You might not like the following from a security viewpoint (suid/sgid programs can enable privilege escalation in certain circumstances), but standard maildrop binary perms are 755. Try 'chmod u+s,g+s `which maildrop`' as root. The reason is that maildrop has to be able to change euid to the uid calling it. See the maildrop INSTALL file for a more detailed discussion.

When I try this, it returns nothing. Another thing I dont understand is how when running maildrop -V 9 -d <virtual_account> < msg as root, the mail goes to the correct user's mailbox that it retrieves from LDAP, but running it as the vmail user (how it is configured to run in the master.cf file) it retrieves the right information from LDAP, but still insists on putting the message in a Maildir it creates on its own.

vmail@mta1:~$ maildrop -V 4 -d virtual_user < msg maildrop: authlib: groupid=1001 # vmail uid gid maildrop: authlib: userid=1001 maildrop: authlib: logname=virtual_user, home=/home/vmail/domains, mail=tsch.biz/virtual_user/ maildrop: Changing to /home/vmail # This is wrong, why here, why not what it retrieved from LDAP above? Message start at 0 bytes, envelope sender=vmail /etc/courier/maildroprc(6): MAILDROP="/usr/bin/maildrop" /etc/courier/maildroprc(11): Opening logfile /var/log/maildrop /etc/courier/maildroprc(12): VERBOSE="9" vmail@mta1~$

As root: mta1:~# maildrop -V 4 -d virtual_user < /home/me/msg maildrop: authlib: groupid=1001 maildrop: authlib: userid=1001 maildrop: authlib: logname=virtual_user, home=/home/vmail/domains, mail=tsch.biz/virtual_user/ maildrop: Changing to /home/vmail/domains # Changes to the right dir here Message start at 0 bytes, envelope sender=virtual_user /etc/courier/maildroprc(6): MAILDROP="/usr/bin/maildrop" /etc/courier/maildroprc(11): Opening logfile /var/log/maildrop /etc/courier/maildroprc(12): VERBOSE="9" mta1:~#

See the difference? Run as root I get the test message in my inbox, run as vmail it goes into a maildir in /home/vmail, which is the user running the command.

mta1:~# ls -al /usr/bin/maildrop -rwsr-sr-x 1 root vmail 166684 2006-06-11 09:24 /usr/bin/maildrop

Is there anything else I may be missing?

Thanks again.

--Tonni

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: