php mail() function not working
Fraser Campbell
fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org
Tue Oct 7 12:26:17 UTC 2003
On Monday 06 October 2003 19:31, Keith Mastin wrote:
> As it turned out, it had nothing to do with the code. Postfix-2.0.15
> wasn't accepting mail from apache, failing with a permission error to
> write to the postdrop directory. We mucked around with it for a while, and
> finally came to the conclusion that the only way for this to work now is
> to add the user apache to the postfix and postdrop groups. I'm still
> unsure of all the security implications here, but I'm sure there will be
> something.
There's no way that apache should be a member of the postdrop group. The
implication is that apache can write directly to the maildrop directory. A
malicious apache process (CGI or whatever) could dump bogus data into the
postdrop directory possibly screwing up legitimate email delivery, if it
isn't a shared server then the risk is pretty small. Postfix tries to be
smart about security, using multiple processes for each step in delivery, one
process not trusting the other so I doubt that the security implications are
more serious than a DoS.
If you read the postfix anatomy documents
(http://www.postfix.org/receiving.html) you'll see that /usr/sbin/sendmail
invokes postdrop to deliver mail into the maildrop directory. I suspect that
the permissions on your postdrop program are incorrect, they look like this
on Debian:
-r-xr-sr-x 1 root postdrop 7564 Jul 28 18:58 /usr/sbin/postdrop
--
Fraser Campbell <fraser-Txk5XLRqZ6CsTnJN9+BGXg at public.gmane.org> http://www.wehave.net/
Halton Hills, Ontario, Canada Debian GNU/Linux
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list