Benoit Panizzon wrote:
Make sure MIMEDefang is listening to an inet socket, maybe better on localhost, if you don't run your MIMEDefang on a dedicated filter machine.
This shouldn't be necessary, although for a variety of reasons it tends to be *easier* to get working since there are fewer places it can get blocked/broken. I'm using a Unix socket on my personal server currently.
Aside from security layers like AppArmor or SELinux, the key thing is to make sure the permissions and ownership on the directories leading up to the milter socket are correct (755, and root:root for /var and /var/spool, 750 and defang:defang for /var/spool/MIMEDefang - IIRC these should be default on Debian and Ubuntu at least), and that the Postfix system user is a member of the defang group.
Plugging ClamAV into MIMEDefang tends to hit the same permissions maze, along with a light dose of "where did Clam actually put the socket?", since I think MD looks in the "wrong" place by default. This has probably been fixed in newer packages.
-kgd _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
