srw-rw---- 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil
Then my service can run under the user "dovecot" and access the socket.
My educated guess is, no this doesn't create any extra vulnerability. If
someone could exploit the user dovecot, then don't they already have access to
dovecot, that socket and everything else? An extra step you can do if you are
not comfortable running the policy script as user dovecot is run the policy
script under its own user, then add that user to the dovecot group. But i am
far from being an expert and doing that might not be adding any extra 'safety'.
usermod -a -G policy_user dovecot
Now for my 2 cents;
Why? Not all clients keep active connections open to IMAP between fetching mail
and then sending to submission.
Postfix can validate user/pass credentials with dovecot when accepting mail for
submission.
Why add extra moving parts to your system instead of just using the built in
auth checking for submission mail?
http://www.postfix.org/postconf.5.html#permit_sasl_authenticated
POSTFIX:
submission inet n - n - - smtpd
...
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o
smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination
...
DOVECOT:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
