How to force maildrop to run as the specified user and group from Postfix

I have replaced Postfix LDA with maildrop. The maildroprc script I am using also creates the mailbox folders if they do not exist.

In my /etc/postfix/master.cf I have defined the maildrop service

maildrop  unix  -       n       n       -       -       pipe
   flags=ODRhu user=vmail:daemon argv=/usr/bin/maildrop -w 90 -d ${user}@${nexthop}
   ${extension} ${recipient} ${user} ${nexthop}

When this script creates a folder for an account, the folder and files inside of it belong to the group "daemon" and Courier IMAP does not want to read the content of the folder because it expects username:group to be vmail:vmail.

If I change the service definition for maildrop in master.cf to be "vmail:vmail" I get an error from maildrop

ERR: authdaemon: s_connect() failed: Permission denied Invalid user specified.

and the mail can not be delivered. I guess this is due to the maildrop needing access to the /var/run/courier/authdaemon which is owned by the group "daemon". But I really do not understand why would maildrop need access to the authdaemon folder.

The part of the maildrop script that creates the folder:

`test -e $HOME_DIR/$HOST/$USER`
#log "Testing for $HOME_DIR/$HOST subdirectory: result=$RETURNCODE"
# Only continue if directory does NOT exist
if ($RETURNCODE != 0)
{
        log "MailDir $HOME_DIR/$HOST/$USER does NOT exist"
        `test -e $HOME_DIR/$HOST`
        if ( $RETURNCODE != 0 )
        {
                log "Creating $HOME_DIR/$HOST"
                `mkdir $HOME_DIR/$HOST`
                `chmod -R 0700 $HOME_DIR/$HOST`
        }

        # Create users MailDir
        `maildirmake $HOME_DIR/$HOST/$USER`
}

I have even tried adding chown vmail:vmail $HOME_DIR/$HOST/$USER to the script to be run after creating the maildir but the folder still belongs to the group "daemon".

EDIT:

I am using maildrop 2.0.4 package from the Debian Lenny (5.0) repository and judging by the package informatio it is compiled aganist courier authlib

Version: 2.0.4-3
Replaces: courier-base (<= 0.58.0-1)
Depends: courier-authlib, exim4 | mail-transport-agent, libc6 (>= 2.7-1), libgcc 1 (>= 1:4.1.1-21), libgdbm3, libpcre3 (>= 7.4), libstdc++6 (>= 4.2.1-4)

Best Answer

This is what I have found:

When using the standalone maildrop build with courier-authlib, one of the following configurations must be used:

Your mail server must invoke maildrop as the root user (the -d flag reads the mail account's uid and gid, then drops root) .

Manually change the permissions on the maildrop binary to be setuid root.

Manually change the permissions on the courier-authlib's socket directory (/usr/local/var/spool/authdaemon by default) to be globally readable or executable.

A changed the group ownership on the /var/run/courier/authdaemon folder from "daemon" to "vmail" and everything works fine now. I have restarted the courier-authdaemon and I can still login to my IMAP account (I guess this library is also used when Courier id looking up user accounts and password).

Is there a security implication of doing this that I should be aware of?

I guess not. User vmail does not have a local account on the box, and someone in the vmail group would be able to access all the emails on the box. Protecting the passwords doesn't seem like that big of a deal if my system has already been compromised like that :)

Best Answer

Related Solutions

Postfix – Redirect All Emails to One User

How to check the postfix queue size

Related Topic