[wplug] problem with maildrop

Kevin Squire gentgeen at linuxmail.org
Thu May 31 10:20:06 EDT 2007 

I have been assigned the task of setting up a mailserver (with webmail
only interface) for our students for this next school year.  After some
research, the "ISP style" of virtual users/virtual mailboxs/even
multiple domains was what we needed.  I followed the directions here :
http://workaround.org/articles/ispmail-sarge/ with various other sites
when I ran into trouble.

My problem really is the maildrop portion.  The directions that I tired
to follow are http://www.xs4all.nl/~jaspersl/quota/

The only way I can seem to get maildrop to work, is to have postfix call
it via sudo.  If I let it run as user 'vmail' then the emails get
dropped to a single mbox style file called /home/vmail/Maildir.  If I
run it from the command line as root, or with sudo in the postfix
config, then it goes into the Maildir of the virtual user
(/home/vmail/$DOMAIN/$USER/)

I found here
http://postfix.wiki.xs4all.nl/index.php?title=Combine_With_Maildrop_Howto#Maildrop_Setuid.3F
that maildrop needed to be called with elevated rights, and that I had
3 options.  

  1) Your mail server must invoke maildrop as the root user 
  2) Manually change the permissions on the maildrop binary to be 
     setuid root.
  3) Manually change the permissions on the courier-authlib's socket
     directory (/usr/local/var/spool/authdaemon by default) to be 
     globally readable or executable.

Option 1 -- Is what I did, thanks to sudo. 
Option 2 -- Did not seem to make any difference
Option 3 -- Sounds even less safe then what I did

So my question really is -- Did I go about fulfilling option 1 the right
way?  Is the use of sudo inside the postfix call a good/bad idea? (seems
bad to me)?  Any thoughts on what I could do?

I would be happy to provide any addition information/logs/etc. but was
not sure what would really matter in this case, and I did not want to
flood the list.


################################################
/etc/sudoers

%vmail  ALL=NOPASSWD: /usr/bin/maildrop


################################################
/etc/postfix/master.cf (all on one line)

maildrop  unix  -       n       n       -       -       pipe flags=DRhu
user=vmail argv=/usr/bin/sudo /usr/bin/maildrop -w 90 -d ${recipient}



-- 
http://gentgeen.homelinux.org

#############################################################
 Associate yourself with men of good quality if you esteem    
 your own reputation; for 'tis better to be alone then in bad 
 company.        - George Washington, Rules of Civility

More information about the wplug mailing list