On 2005-09-21, at 0623, tonix (Antonio Nati) wrote:
Why are you running it with -u $QMAILDUID ?You should run it as vpopmail, excluding any uidswitching (if you enabled uidswitching within chkuser_settings.h, comment it).Cert must be owned by vpopmail as well.
qmail is, and has always been, designed to have qmail-smtpd run as qmaild. the only reason to make it run as the vpopmail user is so that you can us "vchkpw" to support AUTH, and the solution there is to make the "vchkpw" binary setuid so it always runs as the vpopmail user.
the servercert.pem file should be owned by root and readable to the group "nofiles" (which is the group qmaild belongs to.) the clientcert.pem file (if you have one) should also be owned by root, but readable to the group "qmail".
-------------------------------------------------- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ <[EMAIL PROTECTED]> | -------------------------------------------------- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | --------------------------------------------------
PGP.sig
Description: This is a digitally signed message part
