Mailscanner quarantine permissions for Mailwatc h

Desai, Jason jase at SENSIS.COM
Mon Apr 5 17:06:51 IST 2004


Sorry to respond to my own post.  Just want to clarify.  When I talk about
specifying an exim user and group below, I am talking about the Run As User
and Run As Group config options in MailScanner.conf.

-----Original Message-----
From: Desai, Jason
Sent: Monday, April 05, 2004 12:02 PM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Mailscanner quarantine permissions for Mailwatc h


I do not need to change the group of the work dir for my setup.  But you are
correct - for the patch to be complete, it should do the same thing for the
incoming work group as well.

I honestly don't fully understand what the perl code is doing, which is why
I wanted you to take a look.  Doing some debugging, I ran the "id" command
from within MailScanner.  I found that if I specified an exim user and
group, those were the only ones that would show up if I ran "id" from within
Quarantine.pm where it sees if it can successfully change the group and user
of the quarantine files.  I so I tried different things not completely
understanding what it is doing, but got it so that the "id" command would
start showing the group that I specified for quarantine files in
MailScanner.conf.  And then MailScanner was able to change the group of
those files.

I was hoping someone else would be able to see if the code is correct, or if
it may have some unintentional side effects.  To make the patch complete, we
probably need to do the same thing for the incoming work group.  Would you
like me to try to work a patch up that does both?

Jason

-----Original Message-----
From: Julian Field [mailto:mailscanner at ECS.SOTON.AC.UK]
Sent: Monday, April 05, 2004 11:41 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Mailscanner quarantine permissions for Mailwatc h


Why does your patch only read quarantinegroup? Surely it should handle the
work dir group as well.
Just trying to confirm that it does what you intended, and does the whole
job.

At 16:34 05/04/2004, you wrote:
>Try this patch - I sent it to this list recently.  But I don't know if it
>will be accepted or not.
>
>Julian, can you take a look and see if this will cause problems for people
>running MailScanner as root?  It seems to fix this issue for me running
>exim, and I know of another user who runs postfix and it also fixed the
>issue for him.  I had the exim user in the apache group, but MailScanner
>would not change the group unless I had this patch in there too.
>
>Jason
>
>-----Original Message-----
>From: Samuel Luxford-Watts [mailto:slwatts at WINCKWORTHS.CO.UK]
>Sent: Monday, April 05, 2004 11:27 AM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: [MAILSCANNER] Mailscanner quarantine permissions for Mailwatch
>
>Hi All,
>
>I think this is more a mailscanner issue than mailwatch hence the posting
>here. I am having trouble getting mailscanner to save files in
>/var/spool/MailScanner/quarantine with the correct user:group. In
>/etc/MailScanner/MailScanner.conf I have set:
>
>Quarantine User = postfix
>Quarantine Group = www
>Quarantine Permissions = 0660
>Incoming Work User = postfix
>Incoming Work Group = www
>Incoming Work Permissions = 0600
>Run As User = postfix
>Run As Group = postfix
>
>However when I run MailScanner it always saves files into the quarantine
>dir owed by postfix:postfix. I am running Mailscanner V 4.28.6, Suse 8.1
>and Postfix.
>
>In MailScanner.conf it does say that it may not be able to chown to
>another user if it is not run as root. Are there any problems running
>MailScanner as root? I generally do not like running services as root and
>if I can chown a file quite happily using the postfix user why cant
>Mailscanner?
>
>Am I missing something obvious?
>
>Sam
>
>
>Winckworth Sherwood Solicitors and Parliamentary Agents
>DX 148400 WESTMINSTER 5 : 35 Great Peter Street, London SW1P 3LR Telephone
>020 7593 5000 Fax 020 7593 5099
>
>Confidentiality
>This email message and any attachments are confidential; they may be
>subject to legal professional privilege and are intended for the named
>recipient only. If you are not the named recipient, please return the
>message and enclosures immediately and delete them from your system.
>
>Caution
>Before advice received only by email (whether by attachment or otherwise)
>may be relied on, the authenticity of the communication must be verified
>by means independent of email.
>
>Regulation
>The firm is regulated by the Law Society.
>
>Partners
>A list of partners is available for inspection at each office of the firm
>and on the firm's website at
><http://www.winckworths.co.uk>www.winckworths.co.uk
>

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list