[Mimedefang] Permissions on /varspool/MIMEDefang

Nels Lindquist nlindq at maei.ca
Fri Feb 12 12:04:01 EST 2016

Hash: SHA1

On 2/11/2016 3:54 AM, Bill Maidment wrote:
> -----Original message-----
>> From:Richard Laager <rlaager at wiktel.com> Sent: Thursday 11th
>> February 2016 18:22 To: mimedefang at lists.roaringpenguin.com 
>> Subject: Re: [Mimedefang] Permissions on /varspool/MIMEDefang
>> On 02/10/2016 11:01 PM, Bill Maidment wrote:
>>> Hi After your most recent release I have had problems with the
>>> permissions on /var/spool/MIMEDefang being reset to 0750 after
>>> a reboot. I need the permission to be 0770 to allow for clamd
>>> scanner to use the directory. I eventually discovered this line
>>> in /usr/lib/tmpfiles.d/mimedefang.conf z
>>> /var/spool/MD-Quarantine 0750 defang defang - -
>> `grep -r tmpfiles.d mimedefang-2.78` returns nothing for me. Are
>> you sure this isn't coming from your distro's package of
>> MIMEDefang?
> It may be coming from EPEL (the packager), but the file is
> mimedefang.conf not mimedefang-2.78
>> Also, /var/spool/MIMEDefang and /var/spool/MD-Quarantine aren't
>> the same thing.
> I meant /var/spool/MIMEDefang
>> And in any event, why would clamd need to write to
>> /var/spool/MIMEDefang?
> It's where clamd at scan wants to store the clamd.sock when
> communicating with mimedefang.

In /etc/sysconfig/mimedefang, what's the current setting for

If group access is currently not allowed, then working files created
by MIMEDefang will not be created group readable irrespective of spool
directory permissions.

I recommend configuring MIMEDefang to use the default ClamAV socket
file location, adding the clam user (clam or clamav usually) to the
"defang" group and enabling AllowSupplementaryGroups in clamd.conf;
that way MIMEDefang and ClamAV can easily be independently updated
without clobbering each other.

- ----
Nels Lindquist

Version: GnuPG v2.0.20 (MingW32)


More information about the MIMEDefang mailing list