Re: sendmail+greylist-milter problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 20 December 2005 18:29, Alexey Tarasov <glorg@xxxxx> wrote:
> Problem 1.
> Installed:  sendmail-8.3.14, milter-greylist-2.0.2,
> selinux-policy-targeted-1.27.2-19
>
> starting sendmail from init results in:
> maillog
> ---
> sendmail[1997]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.cf: line 1674:
> Xgreylist: local socket name /var/milter-greylist/milter-greylist.sock
> unsafe: Permission denied

The problem here is that there is no policy for greylist-milter (or any other 
milter for that matter).

Currently there is policy for postgrey (the Postfix greylisting daemon which 
uses an interface that's conceptually identical to milter).  I considered 
changing that to a greylisting policy, but that doesn't seem to be the 
correct solution.

I am thinking of now writing a milter policy that is not specific to mail 
servers (which means I can't call it a "milter" policy as the term "milter" 
is specific to Sendmail - I need to find a suitable generic term for a MTA 
helper program).  The idea is that the generic mta-helper policy will 
initially support postgrey and greylist-milter (the two I'm most aware of) 
and with small modifications to the fc file most milter-type programs.  I'm 
sure that some milters will have different requirements, but a policy for 
generic milters won't preclude having specific policies for milters that need 
it.  Of course this would mean that you can have a set of milters that all 
have access to interfere with each other, is it common to have multiple 
milters running in a situation where there is a great need to isolate them 
from each other?

With the Postfix policy I used many domains, but I don't want to always be so 
free with creating new domains.  With Postfix there is a limit to how many 
domains will be needed.  But the number of milter programs can grow without 
limit (there's even a blog at http://www.milter.org/ to inform us about all 
the new milters that are being written).  So we want to restrict the number 
of milters that get specific policy both to limit the size of the policy and 
the difficulty of users getting working systems.


Comments?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux