OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Alex van den Bogaerdt (alexergens.op.HET.NET)
Date: Fri Jul 05 2002 - 12:36:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Wietse Venema wrote:

    > When moving an existing account, it is standard practice to backup
    > that account's existing files and to restore them in the new place.
    > This is routine system administrator duty, and should not need
    > discussion on an MTA's mailing list.

    You are aware that the average mailer does create a maildir in case
    it is missing? I don't think it is illogical to assume this also
    applies to maildirs, >>>especially if the code says it does so.<<<

    > We seem to have an expectation problem. Postfix is an evolving mail
    > system. As such it is necessarily incomplete. That applies not only
    > to source code, but also to documentation. You are welcome to
    > contribute to either, as long as it does not introduce vulnerability.

    If I may summarize what I think has been discussed so far, please feel
    free to correct when/where necessary:

    1) you are aware many users wonder why postfix doesn't create a maildir
       when this directory is missing

    2) you have been looking into this problem and cannot find a *secure*
       way of creating one. Would there be such a secure way, you wouldn't
       mind implementing it into postfix

    If this summary is *not* correct then stop reading here please.

    OK, the summary so far is correct.

    Not yet entirely clear to me:

    3) You think it is the responsibility of the sysadmin to create the
       maildir, not postfix' responsibility. Postfix doesn't need to
       create this dir.

    IMHO the following is needed for a short-term solution:

    1) A small note in the faq, stating that postfix will not create a
       maildir when the recipient has no right to do so. This is also
       true in case it would be a subdirectory of $mail_spool_directory
       in the case it is not world writable.

       This probably has to be rewritten to make sense for the average
       reader, especially the one that doesn't speak English.

    2) A small note in postfix/src/local/maildir.c accompanying the line
       "Create any missing directories on the fly." basically stating the
       same as in (1)

    And for the long-term either:
    1) A formal statement that postfix doesn't and will never create
       directories unless the receipient could have done so himself
    -or-
    2) A safe way to create a directory. Probably something similar to:
       (copied from mailbox.c)
       * If delivering to the mail spool directory, and the spool directory is
       * world-writable, deliver as the recipient; if the spool directory is
       * group-writable, use the recipient user id and the mail spool group id.
       *
       * Otherwise, use root privileges and chown the mailbox.

    Alex
    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users