On Sun, Dec 12, 2010 at 03:51:00PM -0500, Philip A Colvin wrote:
> r...@ubuntu:~# ls -l /var/spool/MIMEDefang
>>> total 8
>>> -rw-r----- 1 defang defang 5 2010-12-12 12:30 mimedefang-multiplexor.pid
>>> srw------- 1 defang defang 0 2010-12-12 12:30 mimedefang-multiplexor.sock
>>> -rw-r----- 1 defang defang 5 2010-12-12 12:30 mimedefang.pid
>>> srwxr-x--- 1 defang defang 0 2010-12-12 12:30 mimedefang.sock
>>
>> so anyone outside of the 'defang' group has no access to the .sock file.
>> (you forgot 'file mimedefang.sock' to show file type. but let's assume
>> it's a real socket).
> Sorry about forgetting the file mimedefang.sock. It is showing as a
> socket..
> /var/spool/MIMEDefang/mimedefang.sock: socket
>
> Would putting the postfix user in the defang group get around the
> permissions problem?
It should work, while pipe(8) and local(8) do not initialize secondary
groups when running commands as a particular user, the "mail_owner"
user does acquire secondary groups when Postfix drops privileges.
> The error does not show a permissions problem, just
> that it cannot find the file. I'm guessing that has something to do with
> the chroot.
So most likely a chroot issue, the milter socket needs to be visible
from the chroot jail.
Don't use chroot until you get everything else working, and even then it
is not particularly useful on many systems whose security overall is lower
than an unjailed Postfix...
--
Viktor.
