-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My advice would be to:
useradd dbmail groupadd dbmail chown dbmail:dbmail /etc/dbmail/dbmail.conf chown dbmail:dbmail /usr/sbin/dbmail-smtp chmod 0600 /etc/dbmail/dbmail.conf chmod 4755 /usr/sbin/dbmail-smtp also, make sure you run dbmail-imapd and/or dbmail-pop3d as uid/gid dbmail:dbmail. suid-bit for dbmail-smtp is set in order to allow all local users to insert messages. Such is standard behaviour in local mailtransports, hence. However, this may or may not be a good thing; stricter security is always an option. ymmv. Daniel Brown wrote: | Wrote Odhiambo Washington: | | |>* Alan Hicks <[EMAIL PROTECTED]> [20030929 13:33]: wrote: |> | | [...] | |>>You need to set the user permission for the process that will be |>>delivering the mail. In my setup I have dbmail owner set to 'mail' |>>and in my exim.conf have the delivery as follows: |>> |>>local_delivery: |>> driver = pipe |>> command = "/usr/local/sbin/dbmail-smtp -d [EMAIL PROTECTED]" |>> return_fail_output |>> user = mail |>> |>>If you have the dbmail owner set to anything else, just set the |>> user = anything else |> |>;) |> |> |> |>>PS Setting the user to nobody would allow the user nobody (such as apache |>>or other low level users) to submit mail. |> |>Does that compromise the security? Just a bit lost. Is that bad? | | | Since the DBMail config files also includes the SQL username and | password to get to the DBMail system's database, anyone able to view | it can thus access the SQL server, and then proceed to: | | * Read, delete, or alter existing messages | * Forge new messages | * See or change user passwords | * Delete user accounts or create new ones (ex: temporary spam-reply | mailboxes) | * Redirect messages from one mailbox to another (ex: the attacker's | so they can continue reading someone else's mail) | * Trash your DBMail tables and cause DBMail to fail completely | (assuming enough access is granted to that SQL username) | | All of those possibilities is serious. There may be more I haven't | even touched on yet, too. | | To mitigate these risks, it's best to install the DBMail config files | with a unique username, and then set the permissions on the DBMail | config files (at minimum the file containing the SQL user/pass) | to only allow read-access from that username. | | ANY access granted to a user used for any other purpose, for example | Apache's "nobody" user, then programs also running under that user | (such as normal PHP scripts!) would be able to read your DBConf file, | and then do the harm I listed above. | | I hope this thoroughly explains the security aspects. :) | | -Daniel | - -- ~ ________________________________________________________________ ~ Paul Stevens mailto:[EMAIL PROTECTED] ~ NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED] ~ The Netherlands________________________________http://www.nfg.nl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQE/eJpd8iITvBH4zTERAj3bAJ9CRH1BX3BjXKWutFnH8/GMF7GSfACfe6NN AU3lgRxTDOK7fJTggYfY5ww= =1JN1 -----END PGP SIGNATURE-----
