sendmail+greylist-milter problem

Russell Coker russell at coker.com.au
Wed Dec 21 16:18:39 UTC 2005 

On Tuesday 20 December 2005 18:29, Alexey Tarasov <glorg at bk.ru> wrote:
> Problem 1.
> Installed:  sendmail-8.3.14, milter-greylist-2.0.2,
> selinux-policy-targeted-1.27.2-19
>
> starting sendmail from init results in:
> maillog
> ---
> sendmail[1997]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 1674:
> Xgreylist: local socket name /var/milter-greylist/milter-greylist.sock
> unsafe: Permission denied

The problem here is that there is no policy for greylist-milter (or any other 
milter for that matter).

Currently there is policy for postgrey (the Postfix greylisting daemon which 
uses an interface that's conceptually identical to milter).  I considered 
changing that to a greylisting policy, but that doesn't seem to be the 
correct solution.

I am thinking of now writing a milter policy that is not specific to mail 
servers (which means I can't call it a "milter" policy as the term "milter" 
is specific to Sendmail - I need to find a suitable generic term for a MTA 
helper program).  The idea is that the generic mta-helper policy will 
initially support postgrey and greylist-milter (the two I'm most aware of) 
and with small modifications to the fc file most milter-type programs.  I'm 
sure that some milters will have different requirements, but a policy for 
generic milters won't preclude having specific policies for milters that need 
it.  Of course this would mean that you can have a set of milters that all 
have access to interfere with each other, is it common to have multiple 
milters running in a situation where there is a great need to isolate them 
from each other?

With the Postfix policy I used many domains, but I don't want to always be so 
free with creating new domains.  With Postfix there is a limit to how many 
domains will be needed.  But the number of milter programs can grow without 
limit (there's even a blog at http://www.milter.org/ to inform us about all 
the new milters that are being written).  So we want to restrict the number 
of milters that get specific policy both to limit the size of the policy and 
the difficulty of users getting working systems.


Comments?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

More information about the fedora-selinux-list mailing list