Discussion about the maildrop mail delivery agent

brian | 12 Nov 2011 16:40

Re: Need some very very basic help with Maildrop please

On 11/12/2011 01:50 PM, Fabio Catunda wrote:

In this case, I believe that it's normal for maildrop, look:

Not sure which point exactly you are referring to above?

# man maildrop
... -d user
.... In all cases, the -d option is allowed if user is the same user who is running maildrop.

Yeah read that, but I must say I dont understand it. Fetchmal runs with USER= Fetchmail
So if the -d parm can only be the same as the USER running maildrop, then I could only use fetchmail as the user there. True?

Also, for the -d option to work at
all, maildrop must be executed by root, or maildrop must be a root-owned program with the setuid bit set. Absence of a filename on maildrop’s command line implies the -d option for the user running maildrop...."

I am running maildrop without a filename.

I'm not a fetchmail user, but I believe that if you try to run fetchmail with root privilege everything will just work. (it's not very safe... but hey, at least it will work).

Regards,

Fábio Catunda.

I am the only one that has access to the server, so I can try it like that. But I assume it must be possible with a different user.

Going to check the setuid bit and permissions set to 600 as Sam pointed out.

I much appreciate the help.
Cheers Brian

------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1

_______________________________________________
Courier-maildrop mailing list
Courier-maildrop <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/courier-maildrop

headers

Fabio Catunda | 12 Nov 2011 16:54

Re: Need some very very basic help with Maildrop please

Brian,
>> In this case, I believe that it's normal for maildrop, look:
>
> Not sure which point exactly you are referring to above?
It's normal that maildrop refuse to delivery an e-mail to user "brian" 
been called by user "fetchmail"...
>
>> # man maildrop
>> ... -d user
>> .... In all cases, the -d option is allowed if user is the same user 
>> who is running maildrop. 
> Yeah read that, but I must say I dont understand it. Fetchmal runs 
> with USER= Fetchmail
> So if the -d parm can only be the same as the USER running maildrop, 
> then I could only use fetchmail as the user there. True?
... and this is normal too.
There is a reason for all this restriction... maildrop usually is set 
SUID, so it's a big risk for the system to allow anyone to call it, 
imagine that someEvilUser wants to make something bad with you, he could 
just run something like that:
while [ 1 ] ; do
   echo "ByeByeHardDrive" | maildrop -d brian
done

After some time you would have no more free space on your HD! :-D

That is the reason that maildrop allow only a fell users to call it. 
Usually, only root and mail users can call maildrop with -d parameter 
setted to something. I believe that you can specify a list of valid 
users on compile time, but I'm not really sure.

Another idea that I can give to you is to try to run fetchmail as "mail" 
user, maybe it works.
>
>
> I am the only one that has access to the server, so I can try it like 
> that. But I assume it must be possible with a different user.
Also... try to run fetchmail with your user... as you're the only one 
acessing it, it might work.

Good luck!

Fábio Catunda.

------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1

headers

brian | 13 Nov 2011 11:55

Re: Need some very very basic help with Maildrop please

On 11/12/2011 04:54 PM, Fabio Catunda wrote:

Brian,

In this case, I believe that it's normal for maildrop, look:
Not sure which point exactly you are referring to above?
It's normal that maildrop refuse to delivery an e-mail to user "brian" been called by user "fetchmail"...

# man maildrop ... -d user .... In all cases, the -d option is allowed if user is the same user who is running maildrop.
Yeah read that, but I must say I dont understand it. Fetchmal runs with USER= Fetchmail So if the -d parm can only be the same as the USER running maildrop, then I could only use fetchmail as the user there. True?
... and this is normal too. There is a reason for all this restriction... maildrop usually is set SUID, so it's a big risk for the system to allow anyone to call it, imagine that someEvilUser wants to make something bad with you, he could just run something like that: while [ 1 ] ; do echo "ByeByeHardDrive" | maildrop -d brian done After some time you would have no more free space on your HD! :-D That is the reason that maildrop allow only a fell users to call it. Usually, only root and mail users can call maildrop with -d parameter setted to something. I believe that you can specify a list of valid users on compile time, but I'm not really sure. Another idea that I can give to you is to try to run fetchmail as "mail" user, maybe it works.
I am the only one that has access to the server, so I can try it like that. But I assume it must be possible with a different user.
Also... try to run fetchmail with your user... as you're the only one acessing it, it might work. Good luck! Fábio Catunda. ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Courier-maildrop mailing list Courier-maildrop <at> lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/courier-maildrop

Hi,

running as mail or root didn't make a noticeable difference.

Cheers

------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1

_______________________________________________
Courier-maildrop mailing list
Courier-maildrop <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/courier-maildrop