[Mailman-Developers] Postfix, Mailman, no aliases file, neat setup?

Owen Taylor otaylor@redhat.com
16 Nov 2000 18:11:21 -0500


barry@digicool.com (Barry A. Warsaw) writes:

> >>>>> "OT" == Owen Taylor <otaylor@redhat.com> writes:
> 
>     OT> Well, you can't lose the aliases file, but you can make it
>     OT> pretty darn invisible.
> 
>     >> From postfix's main.cf:
> 
>     OT>  alias_maps = hash:/etc/aliases,hash:/home/mailman/aliases
> 
> I do this.
> 
>     OT> And the following patch automatically updates the file.
> 
> A couple of notes.  First, the version of newlist that's going to be
> in rc3 (some time today) has a -o/--output switch that does the
> appending to a specified file, somewhat like the way your patch does
> (although the file name is taken from the command line and a few
> other minor differences).

Hmmm, it seems to me that that should be in the config system somehow -
so everybody running newalias doesn't need to know to use the 
flag. (I can set up a wrapper script, but that isn't so nice.)

> But the real problem is a permissions problem.  Say you run postalias
> as yourself, because you installed Mailman.  Or say you installed it
> as user `mailman', and that's the user you run postalias as.  Then the
> resulting aliases.db file will be owned by you (or `mailman') and
> Postfix will try to deliver email destined for those addresses as your
> (or mailman's) gid, but not as the gid you compiled into the wrapper
> script.
>
> Thus I found that I had to run newaliases (a.k.a. postalias) as root
> for the gids to be correct.

Well, I have the mailman gid as the gid compiled into the wrapper script,
so all mailman processesing occurs with the mailman uid/gid.

I guess this doesn't work in general, though it works well for our setup.
 
> Not an insurmountable problem, but it's a pain.  It would be nice if
> Postfix could be configured to automatically run newaliases if
> necessary (maybe there already is such an option?).

Well, it wouldn't very secure if a user could put something into an
alias file, and then postfix would compile that into an alias.db that is
executed with root permissions...

Basically, from a security point of view, the person composing the
alias file can put arbitrary commands into the alias file, so the 
execution of commands in the alias file has to be done with the 
permissions of the owner of the file.

Regards,
                                        Owen