sendmail+greylist-milter problem
Russell Coker
russell at coker.com.au
Wed Dec 21 16:18:39 UTC 2005
On Tuesday 20 December 2005 18:29, Alexey Tarasov <glorg at bk.ru> wrote:
> Problem 1.
> Installed: sendmail-8.3.14, milter-greylist-2.0.2,
> selinux-policy-targeted-1.27.2-19
>
> starting sendmail from init results in:
> maillog
> ---
> sendmail[1997]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 1674:
> Xgreylist: local socket name /var/milter-greylist/milter-greylist.sock
> unsafe: Permission denied
The problem here is that there is no policy for greylist-milter (or any other
milter for that matter).
Currently there is policy for postgrey (the Postfix greylisting daemon which
uses an interface that's conceptually identical to milter). I considered
changing that to a greylisting policy, but that doesn't seem to be the
correct solution.
I am thinking of now writing a milter policy that is not specific to mail
servers (which means I can't call it a "milter" policy as the term "milter"
is specific to Sendmail - I need to find a suitable generic term for a MTA
helper program). The idea is that the generic mta-helper policy will
initially support postgrey and greylist-milter (the two I'm most aware of)
and with small modifications to the fc file most milter-type programs. I'm
sure that some milters will have different requirements, but a policy for
generic milters won't preclude having specific policies for milters that need
it. Of course this would mean that you can have a set of milters that all
have access to interfere with each other, is it common to have multiple
milters running in a situation where there is a great need to isolate them
from each other?
With the Postfix policy I used many domains, but I don't want to always be so
free with creating new domains. With Postfix there is a limit to how many
domains will be needed. But the number of milter programs can grow without
limit (there's even a blog at http://www.milter.org/ to inform us about all
the new milters that are being written). So we want to restrict the number
of milters that get specific policy both to limit the size of the policy and
the difficulty of users getting working systems.
Comments?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list