OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ian Prideaux (iansift.co.uk)
Date: Tue Mar 06 2001 - 04:29:22 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi All,

    Thanks for explaining that lot for me.
    > > but used postfix's LDA that can only look to /etc/passwd
    > > or similar USING SYSTEM METHODS (getpwnam),

    That's a pest, the boss might insist that I start using qmail
    because of this (Arrgghh, no, not that). How's this for a possible
    solution? We're running RedHat linux 6.2. There is a file
    /etc/nsswitch.conf that specifies where various system info is held.
    Part of our file reads

    passwd: files
    shadow: files
    group: files

    If I read the rest of the file correctly, then I should be able to
    change to

    passwd: files db

    and create a .db file somewhere which has values like

    ian ian:*goaway*:1197:200:Ian Prideaux:/home/ian:/bin/true

    That way, user ian is known as a real user, but cannot login
    (corrupt encrypted passwd, not told to do a shadow lookup, no entry
    in the shadow file anyway), and even if the user did login, they'd
    get thrown straight back out by their shell. What is this .db file,
    where does it live, or am I completely off track?

    Wietse Venema wrote:
    >
    > The postfix local delivery agent looks up users with getpwnam().
    >
    > The local_recipient_maps example for the Postfix local delivery
    > agent uses the Postfix map interface to getpwnam():
    >

    > Michael Tokarev:
    >
    > >
    > > Local delivery agent uses getpwnam() for any local users. It does NOT
    > > use any other sources of information, and NOT looks to local_recipient_maps
    > > (the latter is for smtpd daemon to reject mail to unknown users before
    > > accepting it). In short: local agent can deliver mails to REAL LOCAL UNIX
    > > USERS, not more than this (well, also aliases, forward etc). On many
    > > systems, getpwnam can be configured to use many sources of information
    > > (e.g. nsswitch.conf). Postfix have no qmail's equivalent of users stored
    > > in some qmail-related file (don't remember how this is called). This behavour
    > > of local agent wasn't changed for a long time, and 19991231 version also
    > > behaves this way.
    > >
    > > Your bounces is just that you configured: you told smtpd to accept mails
    > > for those "users", but used postfix's LDA that can only look to /etc/passwd
    > > or similar USING SYSTEM METHODS (getpwnam), and not defined those users at
    > > system level. So I'm unshure how that works with previous postfix release:
    > > if it works, then it was a bug (but unlikely). If you really need to deliver
    > > to non-system users, you can use either something like cyrus or virtual
    > > delivery agent available in snapshots (not included in release). Or you
    > > should define your users at system level, and setup local_recipient_maps
    > > appropriately.
    > >
    > > Regards,
    > > Mihcael.
    > >
    > >
    > > 

    -- 
Ian Prideaux
mailto:iansift.co.uk
http://www.sift.co.uk/