Mercurial > hg > mlmmj
comparison README.postfix @ 780:ddae562f7cf0
Document why 'nobody' is inappropriate and capitalise a few things
| author | Ben Schmidt |
|---|---|
| date | Mon, 15 Nov 2010 10:11:28 +1100 |
| parents | fdc57c9e5f56 |
| children | 58d726e86650 |
comparison
equal
deleted
inserted
replaced
| 779:93d445688ebe | 780:ddae562f7cf0 |
|---|---|
| 1 README.postfix Dec 16th 2009 | 1 README.postfix Dec 16th 2009 |
| 2 | 2 |
| 3 POSTFIX ISSUES | 3 POSTFIX ISSUES |
| 4 | 4 |
| 5 The main issue with Postfix and mlmmj is the mlmmj requirement that | 5 The main issue with Postfix and Mlmmj is the Mlmmj requirement that |
| 6 the mlmmj executables must be executed by root or the owner of the | 6 the Mlmmj executables must be executed by root or the owner of the |
| 7 list directory. | 7 list directory. |
| 8 | 8 |
| 9 This is at odds with Postfix. The standard local delivery mechanism | 9 This is at odds with Postfix. The standard local delivery mechanism |
| 10 for Postfix is local(8) that ships with Postfix. According to | 10 for Postfix is local(8) that ships with Postfix. According to |
| 11 local(8) delivery to external programs is done on behalf of the | 11 local(8) delivery to external programs is done on behalf of the |
| 12 receiving user. But when delivering to a program without using a | 12 receiving user. But when delivering to a program without using a |
| 17 local(8) daemon will use the owner of the :include: file from the | 17 local(8) daemon will use the owner of the :include: file from the |
| 18 aliases file. But this is a problem too. By default :include: | 18 aliases file. But this is a problem too. By default :include: |
| 19 files are disabled as a security precaution in aliases files for | 19 files are disabled as a security precaution in aliases files for |
| 20 delivering to external programs. | 20 delivering to external programs. |
| 21 | 21 |
| 22 This leaves us with a conundrum on how to execute the mlmmj | 22 So Postfix then falls back to executing with the user specified by |
| 23 executables as an 'mlmmj' user without using alias files. One | 23 the configuration option 'default_privs'. The default setting for |
| 24 answer is to use a postfix transport. | 24 this option is the user 'nobody'. You can make Mlmmj work by having |
| 25 your lists owned by 'nobody', but this is not recommended. Other | |
| 26 programs and daemons may use 'nobody' as a user who should not have | |
| 27 access to anything; most notably, some NFS implementations use this | |
| 28 user when somebody connects but fails to authenticate. Such users | |
| 29 should not be able to access your mailing lists. Changing | |
| 30 'default_privs' to an 'mlmmj' user may open other security holes, | |
| 31 and may not be appropriate if Postfix is used for other external | |
| 32 programs besides Mlmmj. | |
| 33 | |
| 34 This leaves us with a conundrum on how to execute the Mlmmj | |
| 35 executables as an 'mlmmj' user. One answer is to use a Postfix | |
| 36 transport. | |
| 25 | 37 |
| 26 First we'll get the 'mlmmj' user setup and then move onto the | 38 First we'll get the 'mlmmj' user setup and then move onto the |
| 27 postfix configuration: | 39 Postfix configuration: |
| 28 | 40 |
| 29 MLMMJ SETUP | 41 MLMMJ SETUP |
| 30 | 42 |
| 31 Create a 'mlmmj' user that will own all the lists. Use whatever | 43 Create a 'mlmmj' user that will own all the lists. Use whatever |
| 32 user creation app/script is provided by your system. Generally | 44 user creation app/script is provided by your system. Generally |
| 33 'useradd'. | 45 'useradd'. |
| 34 | 46 |
| 35 Create the spool directory that is owned by the 'mlmmj' user. | 47 Create the spool directory that is owned by the 'mlmmj' user. |
| 41 | 53 |
| 42 Create a mailing list using mlmmj-make-ml. Make sure to use the | 54 Create a mailing list using mlmmj-make-ml. Make sure to use the |
| 43 -s flag to set the spool directory if it isn't /var/spool/mlmmj | 55 -s flag to set the spool directory if it isn't /var/spool/mlmmj |
| 44 | 56 |
| 45 POSTFIX SETUP | 57 POSTFIX SETUP |
| 46 | 58 |
| 47 First thing is to make sure that the postfix server accepts mail for | 59 First thing is to make sure that the postfix server accepts mail for |
| 48 the mailing lists. For a server that handles mail for multiple | 60 the mailing lists. For a server that handles mail for multiple |
| 49 domains, this is done with a 'virtual_alias_map'. This is how I'll | 61 domains, this is done with a 'virtual_alias_map'. This is how I'll |
| 50 demonstrate. | 62 demonstrate. |
| 51 | 63 |
| 52 Add a virtual_alias_map file to main.cf configuration. We'll use a | 64 Add a virtual_alias_map file to main.cf configuration. We'll use a |
| 53 regular expression map since we need to be able to match all the | 65 regular expression map since we need to be able to match all the |
| 54 various mjmml delimiter addresses (list-subscribe, list-unsubscribe, | 66 various Mlmmj delimiter addresses (list-subscribe, list-unsubscribe, |
| 55 etc) | 67 confsub-0123456789abcdef, etc.). |
| 56 | 68 |
| 57 main.cf: | 69 main.cf: |
| 58 virtual_alias_maps = hash:/etc/postfix/virtual, | 70 virtual_alias_maps = hash:/etc/postfix/virtual, |
| 59 regexp:/var/spool/mlmmj/virtual.regexp | 71 regexp:/var/spool/mlmmj/virtual.regexp |
| 60 | 72 |
| 61 /var/spool/mlmmj/virtual.regexp: | 73 /var/spool/mlmmj/virtual.regexp: |
| 62 /^(mlmmj-test.*)@example\.com$/ ${1} | 74 /^(mlmmj-test.*)@example\.com$/ ${1} |
| 63 /^(another-list.*)@sample\.com$/ ${1} | 75 /^(another-list.*)@sample\.com$/ ${1} |
| 64 | 76 |
| 65 One line needs to be in the virtual map for each list the 'mlmmj' id | 77 One line needs to be in the virtual map for each list the 'mlmmj' id |
| 70 If you want to host multiple domains in a hierarchical structure, | 82 If you want to host multiple domains in a hierarchical structure, |
| 71 you can alternatively use: | 83 you can alternatively use: |
| 72 | 84 |
| 73 /^(list-name.*)@(domain\.com)$/ domain--${1} | 85 /^(list-name.*)@(domain\.com)$/ domain--${1} |
| 74 | 86 |
| 75 Next we make sure that postfix can invoke the mlmmj executables as | 87 Next we make sure that Postfix can invoke the mlmmj executables as |
| 76 the 'mlmmj' user. This is where the transport map comes in. So we | 88 the 'mlmmj' user. This is where the transport map comes in. So we |
| 77 add a transport map and a configuration option that instructs the | 89 add a transport map and a configuration option that instructs the |
| 78 transport to only deliver one file at a time. See transport(5) for | 90 transport to only deliver one file at a time. See transport(5) for |
| 79 more information on transports. | 91 more information on transports. |
| 80 | 92 |
| 81 main.cf: | 93 main.cf: |
| 82 transport_maps = regexp:/var/spool/mlmmj/transport | 94 transport_maps = regexp:/var/spool/mlmmj/transport |
| 83 mlmmj_destination_recipient_limit = 1 | 95 mlmmj_destination_recipient_limit = 1 |
| 84 | 96 |
| 85 /var/spool/mlmmj/transport: | 97 /var/spool/mlmmj/transport: |
| 86 /^(list-test).*$/ mlmmj:list-test | 98 /^(list-test).*$/ mlmmj:list-test |
| 87 /^(another-list).*$/ mlmmj:another-list | 99 /^(another-list).*$/ mlmmj:another-list |
| 88 | 100 |
| 89 What this transport file says, is that any message destined for an | 101 What this transport file says, is that any message destined for an |
| 95 For the hierarchical multi-domain solution, use this variant: | 107 For the hierarchical multi-domain solution, use this variant: |
| 96 | 108 |
| 97 /^(domain--list-name).*$/ mlmmj:domain/list-name | 109 /^(domain--list-name).*$/ mlmmj:domain/list-name |
| 98 | 110 |
| 99 Now we setup the 'mlmmj' transport. The 'mlmmj' in mlmmj:$1 above | 111 Now we setup the 'mlmmj' transport. The 'mlmmj' in mlmmj:$1 above |
| 100 indicates a transport listed in the postfix master.cf file. We are | 112 indicates a transport listed in the Postfix master.cf file. We are |
| 101 just going to create a transport called 'mlmmj' but it is nothing | 113 just going to create a transport called 'mlmmj' but it is nothing |
| 102 more than a pipe(8) to the mlmmj-receive program that is invoked as | 114 more than a pipe(8) to the mlmmj-receive program that is invoked as |
| 103 the 'mlmmj' user. | 115 the 'mlmmj' user. |
| 104 | 116 |
| 105 master.cf: | 117 master.cf: |
| 106 # mlmmj mailing lists | 118 # mlmmj mailing lists |
| 107 mlmmj unix - n n - - pipe | 119 mlmmj unix - n n - - pipe |
| 108 flags=DORhu user=mlmmj argv=/usr/local/bin/mlmmj-receive -F -L /var/spool/mlmmj/$nexthop/ | 120 flags=DORhu user=mlmmj argv=/usr/local/bin/mlmmj-receive -F -L /var/spool/mlmmj/$nexthop/ |
| 109 | 121 |
| 110 This takes the pipe(8) postfix delivery agent and tells it to invoke | 122 This takes the pipe(8) Postfix delivery agent and tells it to invoke |
| 111 '/usr/local/bin/mlmmj-receive' as the 'mlmmj' user and pipe the | 123 '/usr/local/bin/mlmmj-receive' as the 'mlmmj' user and pipe the |
| 112 email to it on stdin. This mode of transportation is given the name | 124 email to it on stdin. This mode of transportation is given the name |
| 113 'mlmmj'. | 125 'mlmmj'. |
| 114 | 126 |
| 115 The 'flags' parameter to pipe(8) is pretty critical here. In | 127 The 'flags' parameter to pipe(8) is pretty critical here. In |
| 127 $nexthop will get set to the name of the mailing list (or domain | 139 $nexthop will get set to the name of the mailing list (or domain |
| 128 and name). Your list directories, then, should be at | 140 and name). Your list directories, then, should be at |
| 129 /var/spool/mlmmj/list-name as usual, or for the hierarchical | 141 /var/spool/mlmmj/list-name as usual, or for the hierarchical |
| 130 multi-domain version, in /var/spool/mlmmj/domain/list-name. | 142 multi-domain version, in /var/spool/mlmmj/domain/list-name. |
| 131 | 143 |
| 132 Restart postfix and enjoy your new lists. | 144 Restart Postfix and enjoy your new lists. |
| 133 | 145 |
| 134 | 146 |