On 07/24/2012 07:33 PM, mouss wrote: > > map_directory = /var/db/postmap > cidr = cidr:${map_directory}/cidr > db = ${db_type}:${map_directory}/${db_type} > map_directory = /var/db/postmap > regex = ${regex_type}:${map_directory}/${regex_type} > sql = ${sql_type}:${map_directory}/${sql_type} > ... > > ls -l /var/db/ > ... > drwxr-x--- 9 root postfix 512 Feb 10 2011 postmap/ > ...
Ok, thanks, I'll stick with this for a while and see what happens. It seems sendmail needs to read main.cf, but not any of the map files (at least, not the ones I'm using in the way I'm using them) or master.cf. We've only got two boxes that have anything sensitive in the maps; on the one with the mail store, I have just: /etc/postfix: cp -R etc/postfix /etc/ chgrp -R postfix /etc/postfix find /etc/postfix -type d -print0 | xargs -0 chmod 755 find /etc/postfix -type f -print0 | xargs -0 chmod 640 chmod 644 /etc/postfix/main.cf which is close to what you posted, modulo master.cf and 'rx' of the maps directory. On the MX, I also need to make one of the map files readable to the amavis user, but there's nothing sensitive in that map, so 644 is fine there. I'll report if anything else breaks =)