kdeugau at vianet.ca
Tue Nov 6 15:18:37 EST 2018
Benoit Panizzon wrote:
> Make sure MIMEDefang is listening to an inet socket, maybe better on
> localhost, if you don't run your MIMEDefang on a dedicated filter
This shouldn't be necessary, although for a variety of reasons it tends
to be *easier* to get working since there are fewer places it can get
blocked/broken. I'm using a Unix socket on my personal server currently.
Aside from security layers like AppArmor or SELinux, the key thing is to
make sure the permissions and ownership on the directories leading up to
the milter socket are correct (755, and root:root for /var and
/var/spool, 750 and defang:defang for /var/spool/MIMEDefang - IIRC these
should be default on Debian and Ubuntu at least), and that the Postfix
system user is a member of the defang group.
Plugging ClamAV into MIMEDefang tends to hit the same permissions maze,
along with a light dose of "where did Clam actually put the socket?",
since I think MD looks in the "wrong" place by default. This has
probably been fixed in newer packages.
More information about the MIMEDefang