[Mimedefang] defang running as postfix user
philipp_subx at redfish-solutions.com
Fri Dec 2 12:49:57 EST 2011
On 12/1/11 7:16 PM, Philip Prindeville wrote:
> On 12/1/09 3:20 PM, Matt Garretson wrote:
>> Aniruddha Barua wrote:
>>> Normally, "mimedefang" is run as user "defang", "postfix" is run as "postfix" and "clamav" is
>>> run as user "defang" because it is "mimedefang" that calls "clamav". There may be other ways too.
>> On my systems I just add the clamav user into the defang
>> group, and then chmod g+rx /var/spool/MIMEDefang .
>> (Note that you'll have to do the above chmod every time
>> you install/upgrade MIMEdefang, as the Makefile resets
>> the permissions on the spool dir.)
> Sorry, couldn't figure out if there was a conclusive answer to this thread.
> I tried to add 'postfix' into the 'defang' group, but that doesn't seem to be adequate.
> What else needs to be done?
> And I noticed that on Fedora and Centos, the socket itself is 750... not 640... Execute permission on a socket?
> Does the socket need to be 660?
Well, with the directory as 750, and the socket as 660, with postfix in the defang group, I could not get this to work:
Dec 1 20:26:05 localhost postfix/smtpd: warning: connect to Milter service unix:/var/spool/MIMEDefang/mimedefang.sock: Permission denied
What's the officially blessed way to make this work on a standard linux distro like Centos or Fedora?
More information about the MIMEDefang