Re: OK to set /var/run/opendkim to group accessible and executable?

From: Scott Kitterman <ietf-dkim_at_kitterman.com>
Date: Mon, 30 Mar 2015 12:55:39 -0400

You can do the same thing in main.cf, it's just a question of pointing
smtpd_milters= at the TCP socket rather than the Unix socket.

Another advantage of TCP sockets is that if postfix is in a chroot (the default
configuration in Debian and Ubuntu and maybe elsewhere), TCP sockets just
magically work while you have to arrange for the Unix socket to be available
inside the chroot. In my opinion, TCP sockets are 'easier' than Unix sockets.

Scott k

On Monday, March 30, 2015 09:42:36 AM Steve Jenkins wrote:
> Thanks, Scott. That makes sense.
>
> But I hesitate to point "beginning to intermediate" users (the audience for
> my how-tp post) toward master.cf, as they can (generally) do a lot more
> damage in there than in main.cf. I think I'll keep recommending the unix
> sockets for noobs, and leave the master.cf edits for more advanced users.
>
> SJ
>
> On Mon, Mar 30, 2015 at 9:21 AM, Scott Kitterman <ietf-dkim_at_kitterman.com>
>
> wrote:
> > On Monday, March 30, 2015 09:07:36 AM Steve Jenkins wrote:
> > > On Sun, Mar 29, 2015 at 5:18 AM, Scott Kitterman <
> >
> > ietf-dkim_at_kitterman.com>
> >
> > > wrote:
> > > > If you're using the Unix socket to connect to the milter, this is
> > pretty
> > > > normal. Personally, I tend to use TCP sockets to avoid trouble like
> > this.
> >
> > > > Since the postfix configuration isn't in the bug, this is a bit of a
> > > > guess.
> > >
> > > Hi, Scott. Are you using TCP sockets in your Postfix config? If so, what
> > > does that look like?
> >
> > Yes. There's lots of ways to do it. I set it up per SMTP service.
> > Here's
> > the /etc/postfix/master.cf snippet for my submission (port 587) service:
> >
> > submission inet n - - - - smtpd
> >
> > -o syslog_name=postfix/submission
> > -o smtpd_tls_security_level=encrypt
> > -o smtpd_sasl_auth_enable=yes
> > -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> > -o milter_macro_daemon_name=ORIGINATING
> > -o smtpd_milters=inet:localhost:8892
> >
> > smtpd_milters=inet:localhost:8892 is the relevant bit.
> >
> > Scott K
Received on Mon Mar 30 2015 - 16:55:53 PST

This archive was generated by hypermail 2.3.0 : Mon Mar 30 2015 - 17:00:01 PST