Postfix Security Documentation
Hi, is there any documentation on securing a postfix server readily available? I didn't find anything much at the postfix homepage, nor in the postfix-doc package. I'd be especially interested in chrooting postfix processes. Regs, Sven -- Sven Riedel [EMAIL PROTECTED] Liebigstr. 38 30163 Hannover "Python is merely Perl for those who prefer Pascal to C" (anon)
Postfix Security Documentation
Hi, is there any documentation on securing a postfix server readily available? I didn't find anything much at the postfix homepage, nor in the postfix-doc package. I'd be especially interested in chrooting postfix processes. Regs, Sven -- Sven Riedel [EMAIL PROTECTED] Liebigstr. 38 30163 Hannover "Python is merely Perl for those who prefer Pascal to C" (anon) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Security Documentation
> Hi, > is there any documentation on securing a postfix server readily > available? I didn't find anything much at the postfix homepage, nor in > the postfix-doc package. > I'd be especially interested in chrooting postfix processes. look at /etc/postfix/sample-master.cf or in postfix doc's or just see your configuration in /etc/postfix/master.cf -- debian user
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: > Hi, > is there any documentation on securing a postfix server readily > available? I didn't find anything much at the postfix homepage, nor in > the postfix-doc package. > I'd be especially interested in chrooting postfix processes. > In Debian, postfix is chrooted by default. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Postfix Security Documentation
Quoting Tomasz Papszun <[EMAIL PROTECTED]>: > On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: > > is there any documentation on securing a postfix server readily > > available? I didn't find anything much at the postfix homepage, nor in > > the postfix-doc package. > > I'd be especially interested in chrooting postfix processes. > In Debian, postfix is chrooted by default. Not true. A number of processes are chrooted, but not all. Please look at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix. Sven, do you want to chroot *all* processes? Postfix is supposed to be secure out of the box (except for programming errors, as we recently saw :-( ). So improving Postfix security should be done inside of Postfix. You may want to you the Postfix mailing list (warning: lots of traffic!) and ask there. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 12:59:39 +0200, Lupe Christoph wrote: > Quoting Tomasz Papszun <[EMAIL PROTECTED]>: > > On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: > > > > is there any documentation on securing a postfix server readily > > > available? I didn't find anything much at the postfix homepage, nor in > > > the postfix-doc package. > > > I'd be especially interested in chrooting postfix processes. > > > In Debian, postfix is chrooted by default. > > Not true. A number of processes are chrooted, but not all. Please look > at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix. Sure, I know it. == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # == smtp inet n - - - - smtpd #628 inet n - - - - qmqpd pickupfifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 nqmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce flush unix n - - 1000? 0 flush smtp unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp But I think that (almost?) all process that _can_ be chrooted, _are_ chrooted. How could the 'local' process deliver mail to user mailboxes if it would be chrooted?? If I'm wrong and it's possible somehow, someone may correct me of course. > Sven, do you want to chroot *all* processes? Postfix is supposed to be > secure out of the box I think the same :-) . > (except for programming errors, as we recently saw :-( ). Even those, they were just vulnerable to DoS and "bounce scans", not break-ins. > So improving Postfix security should be done inside of > Postfix. You may want to you the Postfix mailing list (warning: lots > of traffic!) and ask there. > > Lupe Christoph -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros.
Re: Postfix Security Documentation
On Wednesday 20 August 2003 06:26 am, Tomasz Papszun wrote: > Sure, I know it. > > == > # service type private unpriv chroot wakeup maxproc command + args > # (yes) (yes) (yes) (never) (50) > # > == > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > > > But I think that (almost?) all process that _can_ be chrooted, _are_ > chrooted. > How could the 'local' process deliver mail to user mailboxes if it would > be chrooted?? > > If I'm wrong and it's possible somehow, someone may correct me of > course. > It is possible, but with some extra work. You need to have the delivery desination in the chroot jail with it. For example, if you have it chroot to /var/spool/postfix then you want to make /var/spool/postfix/var/spool/mail/ as that will be where mail is delivered to by default. Using "mount -o bind /var/spool/mail /var/spool/postfix/var/spool/mail" you can have the same stuff in both locations (or reverse it if you are really parinoid about security). > > Sven, do you want to chroot *all* processes? Postfix is supposed to be > > secure out of the box > > I think the same :-) . I think the added steps of chrooting the last three proccess is unneccicary, except for overly parinod experts. I say experts, because in changing the default behavior of postifx, it is possible to open up more security problems than you are preventing, and at the same time make it harder for you to dectect such problems. > > (except for programming errors, as we recently saw :-( ). > > Even those, they were just vulnerable to DoS and "bounce scans", not > break-ins. These sort of things will always be around, in every mail system. It's due to the fact SMTP is such a horrid protocol. But we are stuck with it, so we do the best we can with tradeoffs. > > So improving Postfix security should be done inside of > > Postfix. You may want to you the Postfix mailing list (warning: lots > > of traffic!) and ask there. There is also several irc channels for postfix scattered about- they are not real talkitive, but its certianly less traffic than the postfix list. Jay -- Jay Kline http://www.slushpupie.com/
Re: Postfix Security Documentation
> Hi, > is there any documentation on securing a postfix server readily > available? I didn't find anything much at the postfix homepage, nor in > the postfix-doc package. > I'd be especially interested in chrooting postfix processes. look at /etc/postfix/sample-master.cf or in postfix doc's or just see your configuration in /etc/postfix/master.cf -- debian user -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: > Hi, > is there any documentation on securing a postfix server readily > available? I didn't find anything much at the postfix homepage, nor in > the postfix-doc package. > I'd be especially interested in chrooting postfix processes. > In Debian, postfix is chrooted by default. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Security Documentation
Quoting Tomasz Papszun <[EMAIL PROTECTED]>: > On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: > > is there any documentation on securing a postfix server readily > > available? I didn't find anything much at the postfix homepage, nor in > > the postfix-doc package. > > I'd be especially interested in chrooting postfix processes. > In Debian, postfix is chrooted by default. Not true. A number of processes are chrooted, but not all. Please look at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix. Sven, do you want to chroot *all* processes? Postfix is supposed to be secure out of the box (except for programming errors, as we recently saw :-( ). So improving Postfix security should be done inside of Postfix. You may want to you the Postfix mailing list (warning: lots of traffic!) and ask there. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Security Documentation
On Wed, 20 Aug 2003 at 12:59:39 +0200, Lupe Christoph wrote: > Quoting Tomasz Papszun <[EMAIL PROTECTED]>: > > On Wed, 20 Aug 2003 at 10:55:55 +0200, Sven Riedel wrote: > > > > is there any documentation on securing a postfix server readily > > > available? I didn't find anything much at the postfix homepage, nor in > > > the postfix-doc package. > > > I'd be especially interested in chrooting postfix processes. > > > In Debian, postfix is chrooted by default. > > Not true. A number of processes are chrooted, but not all. Please look > at /etc/postfix/master.cf (IIRC). This is a standard feature of Postfix. Sure, I know it. == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (50) # == smtp inet n - - - - smtpd #628 inet n - - - - qmqpd pickupfifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - - 300 1 qmgr #qmgr fifo n - - 300 1 nqmgr rewrite unix - - - - - trivial-rewrite bounceunix - - - - 0 bounce defer unix - - - - 0 bounce flush unix n - - 1000? 0 flush smtp unix - - - - - smtp showq unix n - - - - showq error unix - - - - - error local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp But I think that (almost?) all process that _can_ be chrooted, _are_ chrooted. How could the 'local' process deliver mail to user mailboxes if it would be chrooted?? If I'm wrong and it's possible somehow, someone may correct me of course. > Sven, do you want to chroot *all* processes? Postfix is supposed to be > secure out of the box I think the same :-) . > (except for programming errors, as we recently saw :-( ). Even those, they were just vulnerable to DoS and "bounce scans", not break-ins. > So improving Postfix security should be done inside of > Postfix. You may want to you the Postfix mailing list (warning: lots > of traffic!) and ask there. > > Lupe Christoph -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix Security Documentation
On Wednesday 20 August 2003 06:26 am, Tomasz Papszun wrote: > Sure, I know it. > > == > # service type private unpriv chroot wakeup maxproc command + args > # (yes) (yes) (yes) (never) (50) > # > == > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > > > But I think that (almost?) all process that _can_ be chrooted, _are_ > chrooted. > How could the 'local' process deliver mail to user mailboxes if it would > be chrooted?? > > If I'm wrong and it's possible somehow, someone may correct me of > course. > It is possible, but with some extra work. You need to have the delivery desination in the chroot jail with it. For example, if you have it chroot to /var/spool/postfix then you want to make /var/spool/postfix/var/spool/mail/ as that will be where mail is delivered to by default. Using "mount -o bind /var/spool/mail /var/spool/postfix/var/spool/mail" you can have the same stuff in both locations (or reverse it if you are really parinoid about security). > > Sven, do you want to chroot *all* processes? Postfix is supposed to be > > secure out of the box > > I think the same :-) . I think the added steps of chrooting the last three proccess is unneccicary, except for overly parinod experts. I say experts, because in changing the default behavior of postifx, it is possible to open up more security problems than you are preventing, and at the same time make it harder for you to dectect such problems. > > (except for programming errors, as we recently saw :-( ). > > Even those, they were just vulnerable to DoS and "bounce scans", not > break-ins. These sort of things will always be around, in every mail system. It's due to the fact SMTP is such a horrid protocol. But we are stuck with it, so we do the best we can with tradeoffs. > > So improving Postfix security should be done inside of > > Postfix. You may want to you the Postfix mailing list (warning: lots > > of traffic!) and ask there. There is also several irc channels for postfix scattered about- they are not real talkitive, but its certianly less traffic than the postfix list. Jay -- Jay Kline http://www.slushpupie.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]