Le 12/12/2010 18:46, Philip A Colvin a écrit :
I was able to get some time to get the answers to the questions below...
On 12/11/10 4:24 AM, mouss wrote:
Is the socket there?
# ls -l /var/spool/MIMEDefang/mimedefang.sock
# file /var/spool/MIMEDefang/mimedefang.sock
Yes, the socket is there...
r...@ubuntu:~# ls -l /var/spool/MIMEDefang
total 8
-rw-r----- 1 defang defang 5 2010-12-12 12:30 mimedefang-multiplexor.pid
srw------- 1 defang defang 0 2010-12-12 12:30 mimedefang-multiplexor.sock
-rw-r----- 1 defang defang 5 2010-12-12 12:30 mimedefang.pid
srwxr-x--- 1 defang defang 0 2010-12-12 12:30 mimedefang.sock
so anyone outside of the 'defang' group has no access to the .sock file.
(you forgot 'file mimedefang.sock' to show file type. but let's assume
it's a real socket).
PS. I don't use mimedefang.
maybe you have a chroot issue?
# grep smtpd master.cf
I don't think there is a chroot issue... see below
I think there is... see below;-p
r...@ubuntu:/# grep smtpd /etc/postfix/master.cf
smtp inet n - - - - smtpd
if you check master.cf, you should see:
#==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
the 5th field is chroot and defaults to 'yes'. In your config, it is
'-', so it defaults to chrooted.
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
See below for permissions
otherwise, check the permissions starting from the top:
# ls -l / |grep var
drwxr-xr-x 14 root root 4096 2010-12-09 15:37 var
# ls -l /var |grep spool
drwxr-xr-x 6 root root 4096 2010-12-09 15:52 spool
# ls -la /var/spool/MIMEDefang
total 20
drwxr-x--- 3 defang defang 4096 2010-12-12 12:30 .
drwxr-xr-x 6 root root 4096 2010-12-09 15:52 ..
-rw-r----- 1 defang defang 5 2010-12-12 12:30 mimedefang-multiplexor.pid
srw------- 1 defang defang 0 2010-12-12 12:30 mimedefang-multiplexor.sock
-rw-r----- 1 defang defang 5 2010-12-12 12:30 mimedefang.pid
srwxr-x--- 1 defang defang 0 2010-12-12 12:30 mimedefang.sock
drwx------ 2 defang root 4096 2010-12-09 15:52 .spamassassin
do you have any "security thing" like SELinux, AppArmor, ...?
What system/distribution are you running?
I did not think AppArmor was installed. I'm still learning about Linux
so these things keep slipping by. After reading up, I see AppArmor is
loaded by default with Ubuntu.
r...@ubuntu:/# dpkg -l |grep -i armor
ii apparmor 2.5.1~rc1-0ubuntu2 User-space parser utility for AppArmor
ii apparmor-utils 2.5.1~rc1-0ubuntu2 Utilities for controlling AppArmor
ii libapparmor-perl 2.5.1~rc1-0ubuntu2 AppArmor library Perl bindings
ii libapparmor1 2.5.1~rc1-0ubuntu2 changehat AppArmor library
r...@ubuntu:/# apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
/sbin/dhclient3
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode :
/sbin/dhclient3 (663)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
