Loading ...
Sorry, an error occurred while loading the content.

Re: bare user names and {dk,sid}-milter

Expand Messages
  • Tony Earnshaw
    ... Okok .. 1075 [root:mercurius.intern] /etc/sysconfig # ps aux |grep dk- milter 6422 0.0 0.0 15376 1160 ? Ssl 18:41 0:00 /usr/bin/dk-filter -l
    Message 1 of 10 , Aug 1, 2006
    • 0 Attachment
      ty den 01.08.2006 Klokka 16:59 (+0200) skreiv Mark Martinec:

      > > ty den 01.08.2006 Klokka 10:46 (+0200) skreiv Mark Martinec:
      > > > On Tuesday August 1 2006 08:17, Tony Earnshaw wrote:
      > > > > ps aux | grep dk-filter
      > > > > root 31123 0.0 0.1 46392 1644 ? Ssl Jul26
      > > > ^^^^
      > > > > 0:05 /usr/bin/dk-filter -l -p inet:10003 ...
      > > >
      > > > A brave soul!
      >
      > > Hmmm ...
      > > ps auxwww|grep dk-
      > > postfix 14702 0.0 0.0 14284 1160 ? Ssl 11:35
      > ^^^^^^^
      > > 0:00 /usr/bin/dk-filter -l -p inet:10003 -d barlaeus.nl -
      > > s /etc/certs/dk-filter/mail.private.pem -S mail -C dnserror=tempfail -u
      > > postfix -H -D
      > >
      > > Seems to work, still signs mail ... now I'll have to change all my rpm
      > > stuff, bother.
      >
      >
      > http://www.postfix.org/MILTER_README.html :
      >
      > | To run a Milter application, see the documentation of the filter for
      > | options. A typical command looks like this:
      > | # /some/where/dk-filter -u userid -p inet:portnumber@localhost ...
      > | Please specify a userid value that isn't used for other applications
      > | (not "postfix", not "www", etc.).
      > ^^^^^^^^^^^^^

      Okok ..

      1075 [root:mercurius.intern] /etc/sysconfig # ps aux |grep dk-

      milter 6422 0.0 0.0 15376 1160 ? Ssl 18:41
      0:00 /usr/bin/dk-filter -l -p inet:10003 -d barlaeus.nl -
      s /etc/certs/dk-filter/mail.private.pem -S mail -C dnserror=tempfail -u
      milter -H -D

      "Nu is het welletjes" as they say here in Holland, "No kan det vera nok"
      in my homeland. I absolutely refuse to add a new milter user for each
      milter application I add; I'm amenable to every security push I get,
      until things begin to get ridiculous.

      Thanks again (dunno what we'd do without amavisd.new 2.4)

      --Tonni

      --
      Tony Earnshaw
      tonni at barlaeus.nl
    • Noel Jones
      ... Sounds as if you need to add localhost and internal networks to sid-milter s peerlist. See the sid-milter docs and support forums for more details. % man
      Message 2 of 10 , Aug 1, 2006
      • 0 Attachment
        At 12:44 PM 7/31/2006, Tuan Van wrote:
        >Hi list,
        >when a local user send an email with an address without
        >the domain part,
        >{dk,sid}-milter reject it.
        > I wonder if there is a fix for this except force local
        > user to use
        >fully qualified email address.

        Sounds as if you need to add localhost and internal
        networks to sid-milter's peerlist. See the sid-milter docs
        and support forums for more details.

        % man 8 sid-filter
        ...
        -a peerlist
        Identifies a file of "peers" which
        identifies clients whose con-
        nections should be accepted without
        processing by this filter.
        The peerlist should contain on each line a
        hostname, domain name
        (e.g. ".example.com"), IP address, or
        CIDR-style IP specifica-
        tion (e.g. "192.168.1.0/24").
        ...


        --
        Noel Jones
      • Geoff W
        ... That s all well and good (and sensible!) but it complicates matters a whole lot when you use sockets (especially if they are in a directory not owned by
        Message 3 of 10 , Aug 2, 2006
        • 0 Attachment
          On Tue, 1 Aug 2006 16:59:07 +0200, Mark Martinec wrote:

          >http://www.postfix.org/MILTER_README.html :
          >
          >| To run a Milter application, see the documentation of the filter for
          >| options. A typical command looks like this:
          >| # /some/where/dk-filter -u userid -p inet:portnumber@localhost ...
          >| Please specify a userid value that isn't used for other applications
          >| (not "postfix", not "www", etc.).
          > ^^^^^^^^^^^^^

          That's all well and good (and sensible!) but it complicates matters a whole lot when you use sockets (especially if they are in a directory not owned by 'mail' group)!

          Geoff
        Your message has been successfully submitted and would be delivered to recipients shortly.