On Sb, 08 feb 14, 23:50:06, Markus Schönhaber wrote: > > No other suggestions but one I already made: check maildrop's > documentation. That will hopefully help you to find out why maildrop > fails to connect to (courier's?) authdaemon. WAG: permissions of the the > corresponding socket are wrong. > > Anyway: I don't see a problem wrt to postfix (who is just the messenger > here). And since I'm not interested in maildrop, I can't be of any help.
It is the maildrop invocation (via pipe) that causes the problems. One
obvious mistake I did was to leave the -d ${recipient}, while I need to
call maildrop with -d ${user}, since I have system not virtual users.
The correct line in master.cf should look like this:
maildrop unix - n n - - pipe
flags=DORX user=mail argv=/usr/bin/maildrop -d ${user}
Once I fixed that I hit another issue:
Feb 9 18:19:15 sid postfix/pickup[6738]: 7FF70C0DF3: uid=1077 from=<amp>
Feb 9 18:19:15 sid postfix/cleanup[6744]: 7FF70C0DF3:
message-id=<[email protected]>
Feb 9 18:19:15 sid postfix/qmgr[6739]: 7FF70C0DF3: from=<[email protected]>,
size=314, nrcpt=1 (queue active)
Feb 9 18:19:15 sid postfix/pipe[6747]: 7FF70C0DF3: to=<[email protected]>,
relay=maildrop, delay=0.07, delays=0.04/0.01/0/0.02, dsn=4.3.0, status=deferred
(temporary failure. Command output: ERR: authdaemon: s_connect() failed: No
such file or directory /usr/bin/maildrop: Cannot set my user or group id. )
As far as I can tell this is because maildrop is installed setgid and
not setuid:
$ ls -l /usr/bin/maildrop
-rwxr-sr-x 1 root mail 206940 feb 1 19:44 /usr/bin/maildrop
chmod u+s works (tested), but I'm not very happy with it, even though
maildrop's documentation claims this is safe as it will immediately drop
privileges to the user specified by the '-d' option.
Another option is to invoke it as user 'amp' (also tested) via the
'user=' directive in master.cf, but this can only work as long as I'm
the sole user.
Since this endeavor is important only in the context of eventually
running a public facing postfix -> maildrop setup I'm not very fond of
any of these two workarounds.
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt
signature.asc
Description: Digital signature
