Thread: Qmail - Qmail-scanner - vpopmail - Big problem with permission
View Single Post

  #4 (permalink)  
Old 07-13-2004
John Doe
 
Posts: n/a
Default Re: Qmail - Qmail-scanner - vpopmail - Big problem with permission

"John Doe" <axam@vcable.net> wrote in message
news:64r9s1-3s7.ln1@ns.ixip.net...
>
> "Jeremy Kitchen" <kitchen-usenet@scriptkitchen.com> wrote in message
> news:10f3g746ndrhd58@corp.supernews.com...
> > John Doe wrote:
> > > Hello all,
> > >
> > > I have big problem with qmail-scanner.
> > > I use vpopmail with qmail. I setup qmail-scanner to run with user
qscand
> but
> > > i have problems with permission and i
> > > change permisions to use as user vpopmail group vchkpw.
> >
> > umm... why.. that's a Bad Idea. qmail-scanner runs as an entirely
> separate
> > user for a few very good reasons:
> > if, while breaking the email apart, an exploit is performed that
attempts
> to
> > modify files on your filesystem, the qscand user should not have any
> > permission to do so, therefore the attempt is thwarted.
> >
> > if, while running a virus scanner, an exploit is performed, again,
nothing
> > will be affected (other than perhaps the qmail-scanner directories,
which,
> > isn't mission critical if some of those files get completely destroyed,
as
> > they can be regenerated, and any incoming emails that get destroyed will
> get
> > deferred and tried again)
> >
> > now say, someone ran that exploit when you had qmail-scanner running as
> the
> > vpopmail user, or as root as you said you had done. There can be a very
> huge
> > impact on your system, and one that may not be easily recoverable.
> >
> > I will not go forth and tell you how to solve the problem you're having,
> > simply because you should not attempt to do what you're doing.
> >
> > -Jeremy
>
> Yea, i know, but the problem is that if i setup qmail-scanner normal as
user
> qscand
> is work to one moment, that if message must be return to sender and the
> qmail-scanner
> is runned from user qmails not qscand and error is :
> Jul 12 06:47:53 ns X-Qmail-Scanner-1.22: [ns108960407347928751] cannot
open
> /var/spool/qmailscan/qmail-scanner-queue-version.txt - did you initialise
> the system by running "qmail-scanner-queue.pl -z"? - Permission denied
> or
> X-Qmail-Scanner-1.22:[] cannot create /var/spool/qmailscan/tmp -
Permission
> denied
>
> This error i see only if user not exist on server and email must be
returned
> to sender.
> This is the problem and for this i want some body to help me if know how
to
> fix this.
> I use env QMAILQUEUE not direct replace qmail-queue.
>
>
> Regards,
> John
>
>

The problem is resolved.

Regards,
John


Reply With Quote