Hello, I'm in the process of setting up a new mail server using the latest version of courier and I've run into a couple of issues that I could use some clarification on.
Our current mail server is a RH 7.3 box running courier 0.45 installed via rpm. In this setup the binaries are owned by the daemon user, and MAILUSER and MAILGROUP in esmtpd are set to daemon as well. Our new system is a RHEL 3AS box with a newly built courier 0.49 rpm. I noticed after installation that the same binaries that were owned by daemon on the old box are now owned by the courier user. This didn't seem like a problem until I tried to test the esmtp server. While trying to test the esmtp server, all requests to deliver mail end up giving a "432 Service temporarily unavailable" and the maillog shows permission denied errors from esmtpd. After a little tracing, I came to the realization that this was caused by the fact that the root esmtpd process was running as daemon and didn't have execute rites to the submit executable. I was able to fix the issue by either setting chmod o+rx on the executables or changing MAILUSER and MAILGROUP to courier. I'm just trying to understand the security issues caused by either solution and the reasons behind the apparent change in behavior of the rpm install. Firstly, why is it that the binaries are installed owned as courier when the default esmtpd has MAILUSER and MAILGROUP set to daemon? Secondly, if I set MAILUSER and MAILGROUP to courier am I likely to run into any other permission or security related issues down the road? Finally, if I shouldn't set these variables to courier, what steps do I need to take to run the esmtpd process as daemon? Many thanks for any insight you can provide. Regards, Bob -- Earl (Bob) Kinney Unix Systems Administrator Harvard-MIT Data Center ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
