On 12/3/11 7:15 AM, Wietse Venema wrote:
> Philip Prindeville:
>> Dec 2 20:32:54 localhost postfix/smtpd[9440]: warning: connect
>> to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock:
>> Permission denied
>
> Does the error go away if you turn off SeLinux?
>
> Wietse
Could have
Philip Prindeville:
> I'm just wondering why the socket can't be opened before the
> set_ugid() drops the additional groups.
smtpd(8) does not use set_ugid(), and it does not drop auxiliary group.
Wietse
Philip Prindeville:
> Dec 2 20:32:54 localhost postfix/smtpd[9440]: warning: connect
> to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock:
> Permission denied
Does the error go away if you turn off SeLinux?
Wietse
On 12/2/11 8:23 PM, Philip Prindeville wrote:
> On 12/2/11 2:19 PM, Wietse Venema wrote:
>> Philip Prindeville:
>>> Would it make sense to add a parameter of additional gid's that
>>> you want smtpd to retain?
>>
>> Perhaps you can use a class "inet" socket on 127.0.0.1. That
>> will have less impa
On 12/2/11 2:19 PM, Wietse Venema wrote:
> Philip Prindeville:
>> Would it make sense to add a parameter of additional gid's that
>> you want smtpd to retain?
>
> Perhaps you can use a class "inet" socket on 127.0.0.1. That
> will have less impact on the Postfix security architecture.
> With 64k p
Philip Prindeville:
> Would it make sense to add a parameter of additional gid's that
> you want smtpd to retain?
Perhaps you can use a class "inet" socket on 127.0.0.1. That
will have less impact on the Postfix security architecture.
With 64k ports, you won't run out of them quickly.
Wie