[Mimedefang] Permissions on /varspool/MIMEDefang

Nels Lindquist nlindq at maei.ca
Fri Feb 12 12:04:01 EST 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/11/2016 3:54 AM, Bill Maidment wrote:
> 
> -----Original message-----
>> From:Richard Laager <rlaager at wiktel.com> Sent: Thursday 11th
>> February 2016 18:22 To: mimedefang at lists.roaringpenguin.com 
>> Subject: Re: [Mimedefang] Permissions on /varspool/MIMEDefang
>> 
>> On 02/10/2016 11:01 PM, Bill Maidment wrote:
>>> Hi After your most recent release I have had problems with the
>>> permissions on /var/spool/MIMEDefang being reset to 0750 after
>>> a reboot. I need the permission to be 0770 to allow for clamd
>>> scanner to use the directory. I eventually discovered this line
>>> in /usr/lib/tmpfiles.d/mimedefang.conf z
>>> /var/spool/MD-Quarantine 0750 defang defang - -
>> 
>> `grep -r tmpfiles.d mimedefang-2.78` returns nothing for me. Are
>> you sure this isn't coming from your distro's package of
>> MIMEDefang?
>> 
> 
> It may be coming from EPEL (the packager), but the file is
> mimedefang.conf not mimedefang-2.78
> 
>> Also, /var/spool/MIMEDefang and /var/spool/MD-Quarantine aren't
>> the same thing.
>> 
> 
> I meant /var/spool/MIMEDefang
> 
>> And in any event, why would clamd need to write to
>> /var/spool/MIMEDefang?
>> 
> 
> It's where clamd at scan wants to store the clamd.sock when
> communicating with mimedefang.

In /etc/sysconfig/mimedefang, what's the current setting for
MD_ALLOW_GROUP_ACCESS?

If group access is currently not allowed, then working files created
by MIMEDefang will not be created group readable irrespective of spool
directory permissions.

I recommend configuring MIMEDefang to use the default ClamAV socket
file location, adding the clam user (clam or clamav usually) to the
"defang" group and enabling AllowSupplementaryGroups in clamd.conf;
that way MIMEDefang and ClamAV can easily be independently updated
without clobbering each other.

- ----
Nels Lindquist

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)

iEYEARECAAYFAla+EH8ACgkQh6z5POoOLgRWEgCgyrJuALyLd+Z4GD9wSF8ZlX4H
omsAn0rrvWueC5gdXAkvLjLfDnxirCQ3
=PYWS
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list