Thread: [maildropl] Maildrop used with Courier SMTP & LDAP problem
Brought to you by:
mrsam
From: Gilion G. <ggo...@ma...> - 2002-06-19 12:24:03
|
Hi'all! I'm succesfully using Courier SMTP/IMAP/POP with LDAP for email-address = lookup using multiple domains. Quite a nice setup for hosting actually. Consequence of this, is that the 'users' (login with full email-address) = are not unix-users as such; no entries in the /etc/passwd file. If I've read the maildrop documentation correctly, I understand that = maildrop checks for the homedir and such in the /etc/passwd file. Could = this be why none of my filtering rules in the homedirs .mailfilter file = get executed? Thank you, Gilion R. Goudsmit -=3D Gilion Goudsmit -=3D- RedHat Linux Engineer -=3D- +31-(0)6-21892744 = =3D- -=3D MagicMinds -=3D- Experience The Experience -=3D- www.magicminds.com = =3D- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/CM/CS/E/P d-@ s-: a-->+++ C++++() UL*++++ P+++>+++++ L+++(++)>+++++ = E--- W++(+) N+>+++ o+>+++++ K?> w(---) O M--(-) V PS+ PE++ Y+ PGP t+ 5 X R>+ = tv>+ b++ DI(++)>+ D++ G>++ e++(*)>++++ h+(--)>+ r+ = y+++++(++)>++++++++++++++***** ------END GEEK CODE BLOCK------ |
From: Christian K. <chr...@ka...> - 2002-06-19 12:35:58
|
Hi Gilion, no program should ever try to get such data from /etc/passwd directly. It uses the glibc which builds a transparent system to access data from various sources like NIS, LDAP... To come to your question: There should be a maildropldap.config file. There you set the attributes which contain the needed data. e.G.LDAP attribute homeDir. So if you have a proper ldap installation, there should be no problem. If you don't use this file or ldap in maildrop, you can use pam_ldap nss_ldap instead. They let you access ldap through PAM and NSSWITCH (glibc) Christian. Zitat von Gilion Goudsmit <ggo...@ma...>: > If I've read the maildrop documentation correctly, I understand that maildrop > checks for the homedir and such in the /etc/passwd file. Could this be why > none of my filtering rules in the homedirs .mailfilter file get executed? -- Systemhaus Kalkhoff - Whatever you want, you get IT ;-) fon: +49 (34 43) 82 06 56 fax: +49 (34 43) 82 06 76 net: www.kalkhoff.net ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ |
From: Gilion G. <ggo...@ma...> - 2002-06-20 11:52:58
|
> no program should ever try to get such data from /etc/passwd directly. It uses > the glibc which builds a transparent system to access data from various sources > like NIS, LDAP... That's what I figured! But maildrop's manpage has /etc/passwd listed as one of the used files... Not 100% true I guess.. > There should be a maildropldap.config file. There you set the attributes which > contain the needed data. e.G.LDAP attribute homeDir. So if you have a proper > ldap installation, there should be no problem. Okay... This is where it got interesting; I am using the rpm's generated from the tarfile, as per the instructions that come with Courier. The maildrop configuration defined in the specfile doesn't compile with the enable-maildropldap option, so I editted the specfile. It doesn't seem to pickup my altered --with-ldapconfig option though, which means the maildropldap.config file is in /etc instead of /etc/courier, but that's an esthetic thing. This actually seems to work somewhat; if I now execute 'maildrop -V 10 -d ggo...@ma...' I get the following: maildrop: Changing to /data/mail/magicminds.com/ggoudsmit maildrop: Unable to change to home directory. So maildrop has correctly figured out where my homedirectory is, and is trying to chdir to it to read my .mailfilter... I have no idea why maildrop can't change to my homedir though... My maildrop is root setuid, so I suppose it runs as root. It should be able to chdir anywhere right? Any idea as to what might be causing this? > If you don't use this file or ldap in maildrop, you can use pam_ldap nss_ldap > instead. They let you access ldap through PAM and NSSWITCH (glibc) Wouldn't that mean all user-authentication goes thru LDAP? Even local logins and such? That wouldn't be what I want... Regards, Gilion R. Goudsmit |
From: Christian K. <chr...@ka...> - 2002-06-20 12:02:19
|
> Okay... This is where it got interesting; I am using the rpm's generated > from the tarfile, as per the instructions that come with Courier. The > maildrop configuration defined in the specfile doesn't compile with the > enable-maildropldap option, so I editted the specfile. It doesn't seem to > pickup my altered --with-ldapconfig option though, which means the > maildropldap.config file is in /etc instead of /etc/courier, but that's an > esthetic thing. > > This actually seems to work somewhat; if I now execute 'maildrop -V 10 -d > ggo...@ma...' I get the following: > > maildrop: Changing to /data/mail/magicminds.com/ggoudsmit > maildrop: Unable to change to home directory. Hmm. I have ldap-support enabled in maildrop but it seems to use my glibc anymore. I disabled nss_ldap today and after that it said invalid username user_domain_tld. After reactivating it all worked fine. I will try out a bit more later. > > So maildrop has correctly figured out where my homedirectory is, and is > trying to chdir to it to read my .mailfilter... Is it possible the homedir is root owned? I had such a problem when i started with maildrop. So perhaps the user has no access to her/his own maildir. > > I have no idea why maildrop can't change to my homedir though... My > maildrop > is root setuid, so I suppose it runs as root. It should be able to chdir > anywhere right? Hmm. Not sure. It is able as long it doesn't run as as the delivery user. So we have e.g. nobody starts maildrop, maildrop runs as root, as root it changes to user foobar to deliever his mail. Imagine now maildir of user foobar is owned by root. So It has no write rights to this dir. ;-) > > Any idea as to what might be causing this? > > > If you don't use this file or ldap in maildrop, you can use pam_ldap > nss_ldap > > instead. They let you access ldap through PAM and NSSWITCH (glibc) > > Wouldn't that mean all user-authentication goes thru LDAP? Even local > logins > and such? That wouldn't be what I want... > You don't have to use pam_ldap in every service, only thus you need. nss_pam is for things like getting home dirs etc. In fact you only have to use nss_ldap for maildrop since i think it has nothing todo with pam. Christian. -- Systemhaus Kalkhoff - Whatever you want, you get IT ;-) fon: +49 (34 43) 82 06 56 fax: +49 (34 43) 82 06 76 net: www.kalkhoff.net ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ |