On Tue, Mar 18, 2014 at 07:27:01AM -0700, jmct wrote:
> Hi Sahil,
>
> Sorry for my delayed response. I work in DEVOPS and we have had a crazy
> release schedule!
>
> I ran "postfix set-permissions" as root and did not see anything following -
> just sent me to the next line.
>
> I was working with another group within our company that uses Postfix just
> for relay purposes and they noticed that in my /etc/postfix/master.cf - the
> pickup process in the "never" column was set to a default of "60". I changed
> this value to "1" and noticed that my e-mails are now sending out almost
> instantly - instead of the long delay.
This is wrong. It should be 60. The 60 is a safety net. Pickup
is woken up by postdrop(1), which is setgid to a group can both
write the maildrop directory and can write a wakeup trigger to the
pickup socket in /var/spool/postfix/public.
> I do still see the error "warning: unable to look up public/pickup:
> Permission denied" - but it doesn't seem to be affecting the overall
> delivery of the mail.
It delays it by nearly a whole second, instead of typical 0.01s
latency otherwise. You also have pickup scanning empty maildrop
queues every second.
> I was reading online elsewhere about this error and
> saw that it could be just a red herring and nothing really to worry about.
You can also read online that vaccinations are a bad idea, the moon
landings were faked, ...
> If you have any other suggestions on getting rid of that message, it would
> be appreciated. Otherwise, I am happy with the performance now. Thanks again
> for your help! :)
The setgid $setgid_group postdrop(1) program running with any uid,
MUST be able to:
- Write files in $queue_directory/maildrop/
(owner $mail_owner, group $setgid_group mode 0730)
- Open the $queue_directory/public/pickup unix-domain socket.
The directory $queue_directory/public/ must be owned by
$mail_owner, group $setgid_group and have mode 0710.
The /var/spool/postfix ($queue_directory) directory and its parent
permissions must be 0755 allowing read-only access for all users.
No extended ACLs other than mode bits should be present on any
directories above or their ancestors.
The operating system MUST NOT cripple setgid programs by not
honouring the setgid bit. You need a POSIX filesystem for the
Postfix queue.
This is trivial to fix. Fix the real problem.
--
Viktor.
