[Mimedefang] defang running as postfix user
ADNET Ghislain
gadnet at aqueos.com
Tue Dec 1 17:12:33 EST 2009
>> hi,
>>
>> I have some little security question regarding mimedefang configuration as i
>> have issue running clamav and postfix with it because of socket owner's right.
>>
>> Do you know if there is any security risk to run defang as the postfix user ?
>> Same question if i run mimedefang as the clamav user ?
>>
>
> Normally, "mimedefang" is run as user "defang", "postfix" is run as "postfix" and "clamav" is
> run as user "defang" because it is "mimedefang" that calls "clamav". There may be other ways too.
> Depends on your requirements and situation.
>
>
yes the problem is that for a simple setup we need to:
- change the postfix/mimedefang init script to change the owner of the
socket
- change the clamav config to use defang user and then change the files
to be owned by defang and restart them all.
I wondered if there was not a better solution. Supplementary group seems
to be completly not working in clamav, all tests done lead to suffering
and no to filtering , same thing i find no other solution to the postfix
"do not run as root" issue with mimedefang socket ;)
regards,
Ghislain.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3529 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20091201/789847e8/attachment-0003.bin>
More information about the MIMEDefang
mailing list