[Mimedefang] MIMEDefang

[Kris Deugau]

Benoit Panizzon wrote:
> Make sure MIMEDefang is listening to an inet socket, maybe better on
> localhost, if you don't run your MIMEDefang on a dedicated filter
> machine.

This shouldn't be necessary, although for a variety of reasons it tends 
to be *easier* to get working since there are fewer places it can get 
blocked/broken.  I'm using a Unix socket on my personal server currently.

Aside from security layers like AppArmor or SELinux, the key thing is to 
make sure the permissions and ownership on the directories leading up to 
the milter socket are correct (755, and root:root for /var and 
/var/spool, 750 and defang:defang for /var/spool/MIMEDefang - IIRC these 
should be default on Debian and Ubuntu at least), and that the Postfix 
system user is a member of the defang group.

Plugging ClamAV into MIMEDefang tends to hit the same permissions maze, 
along with a light dose of "where did Clam actually put the socket?", 
since I think MD looks in the "wrong" place by default.  This has 
probably been fixed in newer packages.

-kgd