Security: additional run-time checks to discourage sharing
of Postfix user/group ID values with other accounts.
-20020104
+20020105
Cleanup: SMTPD access maps now return DUNNO (undetermined)
instead of OK when a recipient address contains multiple
domains (user@dom1@dom2, etcetera). Victor Duchovny, Morgan
Stanley. File: smtpd/smtpd_check.c.
+20020106
+
Bugfix: SMTPD access maps did not handle address extensions.
File: smtpd/smtpd_check.c.
+20020107
+
+ Bugfix: postfix-script, when creating a missing maildrop
+ queue directory, still referenced install.cf when setting
+ maildrop directory group ownership; and the postfix command
+ did not export the setgid_group parameter to the postfix-script
+ shell script. Victor Duchovny.
+
+ Bugfix: postfix-script, when creating a missing public
+ queue directory, did not set group ownership of the public
+ directory.
+
Open problems:
Low: don't do user@domain and @domain lookups in
Simplification of the local Postfix security model.
-- The world-writable maildrop directory is gone. Postfix now always
- uses the set-gid postdrop command for local mail submissions.
- The local mail pickup daemon is now an unprivileged process.
+- No world-writable maildrop directory. Postfix now always uses
+ the set-gid postdrop command for local mail submissions. The
+ local mail pickup daemon is now an unprivileged process.
-- The world-accessible pickup and queue manager server FIFOs are
- gone. Postfix now uses a new set-gid postqueue command for all
- the queue operations that were implemented by the Postfix sendmail
- command.
+- No world-accessible pickup and queue manager server FIFOs. Postfix
+ now uses a new set-gid postqueue command for the queue operations
+ that used to implemented by the Postfix sendmail command.
Simplification of Postfix installation.
-- The install.cf file is gone.
-
- All installation settings are now kept in the main.cf file, and
better default settings are now generated for sendmail_path etc.
mkdir maildrop || exit 1
chmod 730 maildrop || exit 1
chown $mail_owner maildrop || exit 1
- (. $config_directory/install.cf; chgrp $setgid maildrop)
+ chgrp $setgid_group maildrop || exit 1
}
test -d pid || {
$WARN creating missing Postfix pid directory
mkdir public || exit 1
chmod 710 public || exit 1
chown $mail_owner public || exit 1
+ chgrp $setgid_group public || exit 1
}
test -d private || {
$WARN creating missing Postfix private directory
<b>postfix</b> [<b>-c</b> <i>config_dir</i>] [<b>-D</b>] [<b>-v</b>] <i>command</i>
<b>DESCRIPTION</b>
- The <b>postfix</b> command controls the operation of the Postfix
- mail system: start or stop the <b>master</b> daemon, do a health
- check, and other maintenance. The command sets up a stan-
- dardized environment and runs the <b>postfix-script</b> shell
- script to do the actual work.
+ This command is reserved for the super-user. To submit
+ mail, use the Postfix <b>sendmail</b> command.
+
+ The <b>postfix</b> command controls the operation of the Postfix
+ mail system: start or stop the <b>master</b> daemon, do a health
+ check, and other maintenance.
+
+ The <b>postfix</b> command sets up a standardized environment and
+ runs the <b>postfix-script</b> shell script to do the actual
+ work.
The following commands are implemented:
- <b>check</b> Validate the Postfix mail system configuration.
- Warn about bad directory/file ownership or permis-
+ <b>check</b> Validate the Postfix mail system configuration.
+ Warn about bad directory/file ownership or permis-
sions, and create missing directories.
- <b>start</b> Start the Postfix mail system. This also runs the
+ <b>start</b> Start the Postfix mail system. This also runs the
configuration check described above.
<b>stop</b> Stop the Postfix mail system in an orderly fashion.
Running processes are allowed to terminate at their
earliest convenience.
- Note: in order to refresh the Postfix mail system
- after a configuration change, do not use the <b>start</b>
- and <b>stop</b> commands in succession. Use the <b>reload</b>
+ Note: in order to refresh the Postfix mail system
+ after a configuration change, do not use the <b>start</b>
+ and <b>stop</b> commands in succession. Use the <b>reload</b>
command instead.
<b>abort</b> Stop the Postfix mail system abruptly. Running pro-
cesses are signaled to stop immediately.
<b>flush</b> Force delivery: attempt to deliver every message in
- the deferred mail queue. Normally, attempts to
- deliver delayed mail happen at regular intervals,
+ the deferred mail queue. Normally, attempts to
+ deliver delayed mail happen at regular intervals,
the interval doubling after each failed attempt.
<b>reload</b> Re-read configuration files. Running processes ter-
The following options are implemented:
<b>-c</b> <i>config_dir</i>
- Read the <b>main.cf</b> and <b>master.cf</b> configuration files
- in the named directory instead of the default con-
+ Read the <b>main.cf</b> and <b>master.cf</b> configuration files
+ in the named directory instead of the default con-
figuration directory. Use this to distinguish
- between multiple Postfix instances on the same
+ between multiple Postfix instances on the same
host.
<b>-D</b> (with <b>postfix</b> <b>start</b> only)
parameter.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>ENVIRONMENT</b>
- The <b>postfix</b> command sets the following environment vari-
+ The <b>postfix</b> command sets the following environment vari-
ables:
<b>MAIL</b><i>_</i><b>CONFIG</b>
This is set when the -D command-line option is pre-
sent.
- The following configuration parameters are made available
+ The following configuration parameters are made available
as process environment variables with the same names:
<b>command</b><i>_</i><b>directory</b>
- Directory with Postfix support commands (default:
+ Directory with Postfix support commands (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>daemon</b><i>_</i><b>directory</b>
- Directory with Postfix daemon programs (default:
+ Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>config</b><i>_</i><b>directory</b>
<b>queue</b><i>_</i><b>directory</b>
The directory with the Postfix queue directory (and
- with some files needed for programs running in a
+ with some files needed for programs running in a
chrooted environment).
<b>mail</b><i>_</i><b>owner</b>
- The owner of the Postfix queue and of most Postfix
- processes.
+ The owner of Postfix queue files and of most Post-
+ fix processes.
+
+ <b>setgid</b><i>_</i><b>group</b>
+ The group for mail submission and queue management
+ commands.
<b>FILES</b>
$<b>config</b><i>_</i><b>directory/postfix-script</b>, administrative commands
.SH DESCRIPTION
.ad
.fi
+This command is reserved for the super-user. To submit mail,
+use the Postfix \fBsendmail\fR command.
+
The \fBpostfix\fR command controls the operation of the Postfix
mail system: start or stop the \fBmaster\fR daemon, do a health
-check, and other maintenance. The command sets up a standardized
-environment and runs the \fBpostfix-script\fR shell script to
-do the actual work.
+check, and other maintenance.
+
+The \fBpostfix\fR command sets up a standardized environment and
+runs the \fBpostfix-script\fR shell script to do the actual work.
The following commands are implemented:
.IP \fBcheck\fR
The directory with the Postfix queue directory (and with some
files needed for programs running in a chrooted environment).
.IP \fBmail_owner\fR
-The owner of the Postfix queue and of most Postfix processes.
+The owner of Postfix queue files and of most Postfix processes.
+.IP \fBsetgid_group\fR
+The group for mail submission and queue management commands.
.SH FILES
.na
.nf
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20020106"
+#define DEF_MAIL_VERSION "Snapshot-20020107"
extern char *var_mail_version;
/* LICENSE
/* \fBpostfix\fR [\fB-c \fIconfig_dir\fR] [\fB-D\fR] [\fB-v\fR]
/* \fIcommand\fR
/* DESCRIPTION
+/* This command is reserved for the super-user. To submit mail,
+/* use the Postfix \fBsendmail\fR command.
+/*
/* The \fBpostfix\fR command controls the operation of the Postfix
/* mail system: start or stop the \fBmaster\fR daemon, do a health
-/* check, and other maintenance. The command sets up a standardized
-/* environment and runs the \fBpostfix-script\fR shell script to
-/* do the actual work.
+/* check, and other maintenance.
+/*
+/* The \fBpostfix\fR command sets up a standardized environment and
+/* runs the \fBpostfix-script\fR shell script to do the actual work.
/*
/* The following commands are implemented:
/* .IP \fBcheck\fR
/* The directory with the Postfix queue directory (and with some
/* files needed for programs running in a chrooted environment).
/* .IP \fBmail_owner\fR
-/* The owner of the Postfix queue and of most Postfix processes.
+/* The owner of Postfix queue files and of most Postfix processes.
+/* .IP \fBsetgid_group\fR
+/* The group for mail submission and queue management commands.
/* FILES
/* $\fBconfig_directory/postfix-script\fR, administrative commands
/* SEE ALSO
check_setenv(VAR_QUEUE_DIR, var_queue_dir); /* main.cf */
check_setenv(VAR_CONFIG_DIR, var_config_dir); /* main.cf */
check_setenv(VAR_MAIL_OWNER, var_mail_owner); /* main.cf */
+ check_setenv(VAR_SGID_GROUP, var_sgid_group); /* main.cf */
/*
* Make sure these directories exist. Run the maintenance scripts with as
projects / thirdparty / postfix.git / commitdiff
