[Mimedefang] REVISED: postfix/mimedefang socket

Michael Fox news at mefox.org
Sat Sep 23 02:59:38 EDT 2017 

Thanks Richard,

BTW, I also installed from packages.

So, with a unix socket you still have the same problem I do with the inet socket, which is: the order of start/restart matters and can break things.  That's not good.

This seems like a clear bug in MIMEDefang.

Evidence:
1)  Other milter(s) share a socket with Postfix and don't care which order they are started/restarted (example:  OpenDKIM)
2)  Dovecot shares a socket with Postfix and doesn't care which order they are started/restarted
3)  Amavisd-new is a different mechanism, but it also doesn't care which order it is started/restarted
4)  And even MIMEDefang didn't care about the order in v2.73

I'm new to the list.  What's the process for reporting/resolving issues?

Thanks,
Michael



> -----Original Message-----
> From: Richard Laager [mailto:rlaager at wiktel.com]
> Sent: Friday, September 22, 2017 9:51 PM
> To: Michael Fox <news at mefox.org>
> Cc: mimedefang at lists.roaringpenguin.com
> Subject: Re: [Mimedefang] REVISED: postfix/mimedefang socket
> 
> On 09/22/2017 12:47 PM, Michael Fox wrote:
> > Option 3:  Use unix socket in Postfix chroot jail
> 
> This looks to be what I do. I'm running Postfix and MIMEDefang on
> Ubuntu, both from packages. Postfix runs as the postfix user, and
> there's a defang group. I run Postfix in a chroot.
> 
> These appear to be the relevant parts of my install script:
> 
> adduser --quiet postfix defang
> 
> install -d -o defang -g defang -m 750 \
>     /var/spool/postfix/var/spool/MIMEDefang
> 
> chown -R defang:defang \
>     /var/lib/MIMEDefang \
>     /var/spool/MIMEDefang \
>     /var/spool/postfix/var/spool/MIMEDefang
> 
> sed -i 's|^\(#
> \)\?\(SOCKET\)=.*|\2=/var/spool/postfix/var/spool/MIMEDefang/mimedefang.so
> ck|' \
>     /etc/default/mimedefang
> 
> I believe we have some sort of trouble if one of the daemons is
> restarted, but not the other, or if it's done in the wrong order or
> something. I don't have a lot of specifics off the top of my head. In
> practice, we hardly ever restart one or the other. It's usually either
> stopping both (and starting MIMEDefang first, to give slaves a chance to
> spin up), or rebooting the server.
> 
> I hope this helps. If you have specific questions, I'll try to dig into
> my config if I can. I'm currently out of the office, though.
> 
> --
> Richard

More information about the MIMEDefang mailing list