> Replace local submission with some IPC-based mechanism, e.g. SMTP.
If my understanding is correct, submitting via SMTP would require
credentials then to avoid anonymity of TCP unless there's a specific
service that would work over a UDS so it can pass SO_PEERCRED along to
Postfix.
Is there an existing solution that would then act as the following?
Something to pass along auth data in the request without requiring ESMTPA.
program => "smtp" binary => unix socket => incoming postdrop manager =>
postdrop => Postfix
- Matt
On 7/23/2020 7:23 PM, Viktor Dukhovni wrote:
On Thu, Jul 23, 2020 at 07:17:19PM -0500, Matt Saladna wrote:
Bit of a pickle here with systemd in CentOS 8. Certain protective
directives, such as DynamicUser= or PrivateDevices=yes implicitly sets
NoNewPrivileges=true (systemd/systemd #12476). In turn that's blocking
setgid with /usr/sbin/postdrop. postdrop hangs indefinitely unable to
send its input to Postfix. As an example on CentOS 8 this breaks,
Local mail submission via sendmail(1) *requires* that postdrop(1)
be able to run setgid. If you're going to prevent that, then you
need to submit email via some other interface, e.g. a sendmail(1)
replacement that submits email via SMTP. This means that some
email may be lost when the SMTP server is down, but if that's
acceptable, then that's the way to go.
What's an appropriate workaround for this? Add postdrop to the list of
SupplementaryGroups= for the service,
No.
open world write access for /var/spool/postfix/maildrop,
No.
or is there a better route? It's a PHP-FPM pool, which I'd like to
tamp down as much as possible.
Replace local submission with some IPC-based mechanism, e.g. SMTP.
