From: Stan Hoeppner
Sent: Tuesday, November 08, 2011 8:59 AM
To: postfix-users@postfix.org
Subject: Re: Symlink problem = file is a symbolic link or Mailbox
vulnerable - directory /var/spool/mail must have 1777 protection
Then you need to tell us what MDA you are currently using and what type
of mailbox storage. The list welcome message directed you to paste the
output of "postconf -n". That will tell us what MDA you use, if what
you want to do can be done, and how easy/difficult it may be to setup
such a thing. If you're using Dovecot it is relatively painless, if not
time consuming. If you are simply having Postfix local(8) delivery
directly to mbox mailboxes it will be more difficult to move user
mailboxes one by one. I've never used procmail so I have no tips for
you in that case.
MAIL01 ~ # postconf -n
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = //usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = /usr/share/doc/postfix-2.8.4/html
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 30000000
mydestination = $myhostname, localhost, taken.pl
mydomain = taken.pl
myhostname = taken.pl
mynetworks = 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.8.4/readme
relayhost = out.taken.pl
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_destinations, check_client_access
hash:/etc/postfix/access, check_recipient_access
hash:/etc/postfix/recipient_access, permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination, check_sender_access
hash:/etc/postfix/sender_checks_my, reject_unauth_pipelining
smtpd_restriction_classes = insiders_only, insiders_only2
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/smtp-cert.crt
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/smtp-cert.crt
smtpd_tls_key_file = /etc/postfix/smtp-cert.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
