On Mon, Jun 04, 2012 at 10:38:02AM +0100, Andrew Beverley wrote:
> I've been using the default_privs setting to control which user
> Postfix uses to deliver mail to external commands. However, I note
> from the manual that this setting is only used "from an aliases
> file that is owned by root, or when delivery is done on behalf of
> root".
Right. When an aliases or .forward file is owned by a different user,
and mail is received for that user (or an alias in that file), that
user is the one running any command specified.
> I've come across instances when mail is still delivered to a
> command using the user "nobody" (such as when a mail is generated
> from the local server rather than delivered from an external
> source).
You forgot to include logs and evidence (file ownership and modes)
regarding these instances, so it is not possible to comment other
than a WAG. My WAG here is that multiple instances are involved:
local processes are invoking sendmail(1) in another instance.
> Is there any way to change the user that is used to deliver *all*
> mail to external commands?
No, that would not make sense for the local(8) delivery agent,
wherein the recipient is the one running any command. Perhaps you
would be interested in pipe(8)? You have not said what the problem
and ultimate goal is.
> If not, what is the recommended way of delivering to an
> external command and ensuring that the external command is always
> executed using the correct privileges?
Execution of external commands is not random. Again it's hard to say
anything more, not knowing what is actually happening.
> At the moment, the only way I can see to achieve this is to set the
> external command as executable by "nobody" and external files as
> writable by "nobody", but it doesn't seem right to do this in case
> other processes are utilising "nobody".
>
> Thoughts please?
>
> postconf -n as follows:
> alias_maps = hash:/etc/postfix/aliases,
> regexp:/etc/postfix/aliases-regexp
Who owns these? Do they contain any of the affected aliases?
> html_directory = /usr/share/doc/postfix-2.3.3/html
Hmmm, 2.3.3 is very old, and did not have support for this:
> multi_instance_directories = /etc/postfix-trusted
> /etc/postfix-untrusted /etc/postfix-reqconf
> multi_instance_enable = yes
> multi_instance_wrapper = ${command_directory}/postmulti -p --
You are running multiple instances on at least Postfix 2.6. Have you
distinguished the logging of each instance? Do you know for a fact
that none of these other instances is doing what you see?
> transport_maps = hash:/etc/postfix/transport
What is this doing? Is it sending anything to a pipe(8) transport?
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
