mlmmj

changeset ddae562f7cf0

Document why 'nobody' is inappropriate and capitalise a few things
author Ben Schmidt
date Mon, 15 Nov 2010 10:11:28 +1100
parents 93d445688ebe
children 563b513fae21
files README.postfix
diffstat 1 files changed, 32 insertions(+), 20 deletions(-) [+]
line diff
     1.1 --- a/README.postfix	Mon Nov 15 09:36:38 2010 +1100
     1.2 +++ b/README.postfix	Mon Nov 15 10:11:28 2010 +1100
     1.3 @@ -2,8 +2,8 @@
     1.4  
     1.5  POSTFIX ISSUES
     1.6     
     1.7 -    The main issue with Postfix and mlmmj is the mlmmj requirement that
     1.8 -    the mlmmj executables must be executed by root or the owner of the
     1.9 +    The main issue with Postfix and Mlmmj is the Mlmmj requirement that
    1.10 +    the Mlmmj executables must be executed by root or the owner of the
    1.11      list directory.  
    1.12  
    1.13      This is at odds with Postfix.  The standard local delivery mechanism
    1.14 @@ -19,12 +19,24 @@
    1.15      files are disabled as a security precaution in aliases files for
    1.16      delivering to external programs.
    1.17  
    1.18 -    This leaves us with a conundrum on how to execute the mlmmj
    1.19 -    executables as an 'mlmmj' user without using alias files.  One
    1.20 -    answer is to use a postfix transport.
    1.21 +    So Postfix then falls back to executing with the user specified by
    1.22 +    the configuration option 'default_privs'.  The default setting for
    1.23 +    this option is the user 'nobody'.  You can make Mlmmj work by having
    1.24 +    your lists owned by 'nobody', but this is not recommended.  Other
    1.25 +    programs and daemons may use 'nobody' as a user who should not have
    1.26 +    access to anything; most notably, some NFS implementations use this
    1.27 +    user when somebody connects but fails to authenticate.  Such users
    1.28 +    should not be able to access your mailing lists.  Changing
    1.29 +    'default_privs' to an 'mlmmj' user may open other security holes,
    1.30 +    and may not be appropriate if Postfix is used for other external
    1.31 +    programs besides Mlmmj.
    1.32 +
    1.33 +    This leaves us with a conundrum on how to execute the Mlmmj
    1.34 +    executables as an 'mlmmj' user.  One answer is to use a Postfix
    1.35 +    transport.
    1.36  
    1.37      First we'll get the 'mlmmj' user setup and then move onto the
    1.38 -    postfix configuration:
    1.39 +    Postfix configuration:
    1.40  
    1.41  MLMMJ SETUP
    1.42      
    1.43 @@ -51,8 +63,8 @@
    1.44  
    1.45      Add a virtual_alias_map file to main.cf configuration.  We'll use a
    1.46      regular expression map since we need to be able to match all the
    1.47 -    various mjmml delimiter addresses (list-subscribe, list-unsubscribe,
    1.48 -    etc)
    1.49 +    various Mlmmj delimiter addresses (list-subscribe, list-unsubscribe,
    1.50 +    confsub-0123456789abcdef, etc.).
    1.51  
    1.52          main.cf:
    1.53              virtual_alias_maps = hash:/etc/postfix/virtual, 
    1.54 @@ -72,7 +84,7 @@
    1.55  
    1.56          /^(list-name.*)@(domain\.com)$/        domain--${1}
    1.57  
    1.58 -    Next we make sure that postfix can invoke the mlmmj executables as
    1.59 +    Next we make sure that Postfix can invoke the mlmmj executables as
    1.60      the 'mlmmj' user.  This is where the transport map comes in.  So we
    1.61      add a transport map and a configuration option that instructs the
    1.62      transport to only deliver one file at a time.  See transport(5) for
    1.63 @@ -97,7 +109,7 @@
    1.64          /^(domain--list-name).*$/              mlmmj:domain/list-name
    1.65  
    1.66      Now we setup the 'mlmmj' transport.  The 'mlmmj' in mlmmj:$1 above
    1.67 -    indicates a transport listed in the postfix master.cf file.  We are
    1.68 +    indicates a transport listed in the Postfix master.cf file.  We are
    1.69      just going to create a transport called 'mlmmj' but it is nothing
    1.70      more than a pipe(8) to the mlmmj-receive program that is invoked as
    1.71      the 'mlmmj' user.
    1.72 @@ -107,7 +119,7 @@
    1.73              mlmmj   unix  -       n       n       -       -       pipe
    1.74                  flags=DORhu user=mlmmj argv=/usr/local/bin/mlmmj-receive -F -L /var/spool/mlmmj/$nexthop/
    1.75  
    1.76 -    This takes the pipe(8) postfix delivery agent and tells it to invoke
    1.77 +    This takes the pipe(8) Postfix delivery agent and tells it to invoke
    1.78      '/usr/local/bin/mlmmj-receive' as the 'mlmmj' user and pipe the
    1.79      email to it on stdin.  This mode of transportation is given the name
    1.80      'mlmmj'.
    1.81 @@ -129,6 +141,6 @@
    1.82      /var/spool/mlmmj/list-name as usual, or for the hierarchical
    1.83      multi-domain version, in /var/spool/mlmmj/domain/list-name.
    1.84  
    1.85 -    Restart postfix and enjoy your new lists.
    1.86 +    Restart Postfix and enjoy your new lists.
    1.87  
    1.88