Philip Prindeville:
Dec 2 20:32:54 localhost postfix/smtpd[9440]: warning: connect
to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock:
Permission denied
Does the error go away if you turn off SeLinux?
Wietse
Philip Prindeville:
I'm just wondering why the socket can't be opened before the
set_ugid() drops the additional groups.
smtpd(8) does not use set_ugid(), and it does not drop auxiliary group.
Wietse
On 12/3/11 7:15 AM, Wietse Venema wrote:
Philip Prindeville:
Dec 2 20:32:54 localhost postfix/smtpd[9440]: warning: connect
to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock:
Permission denied
Does the error go away if you turn off SeLinux?
Wietse
Could have sworn this
I tried to set up Postfix (2.6.6) on a Centos6 system (yes, I've filed a bug
for them to bump to something 2.8.x-ish)... as:
Dec 1 20:26:05 localhost postfix/smtpd[7743]: warning: connect to Milter
service unix:/var/spool/MIMEDefang/mimedefang.sock: Permission denied
# ls -ld
On 12/2/11 2:19 PM, Wietse Venema wrote:
Philip Prindeville:
Would it make sense to add a parameter of additional gid's that
you want smtpd to retain?
Perhaps you can use a class inet socket on 127.0.0.1. That
will have less impact on the Postfix security architecture.
With 64k ports, you