Postfix virtual and Dovecot
Karyl F. Stein
karyl.lists at mailforest.com
Mon Jan 9 23:44:09 UTC 2006
Lamont R. Peterson wrote:
>>Perhaps postfix works differently to sendmail but I use procmail to
>>deliver mail received by sendmail to maildirs under /var/spool/mail,
>>which is mail_spool_t and hence works fine with dovecot.
>>
>>
>
>Well, Postfix does work differently from Sendmail...but I don't think that has
>much to do with his problem here.
>
>Also, either maildrop or procmail (or both, if you really want to go nuts) can
>be used with either Postfix or Sendmail...they do the same thing. I like
>maildrop better, myself, because it seems to work with less overhead than
>procmail (I've never done benchmarks, so this is just one of those
>seems-to-my-gut kinda things) and because the syntax for the ~/.mailfilter
>files is less cryptic than procmail recipes; it's much easier for new users
>to learn and be comfortable.
>
>
I got maildrop working with courier-authlib to query the LDAP and
deliver the mail to the correct maildir. If I call maildir from the
command line it works great with Dovecot. However, it doesn't work
through Postfix. I changed the maildrop context to postfix_pipe_exec_t
so Postfix could call it. The problem is that maildrop is now being
blocked from accessing the named pipe (tclass=sock_file) that
courier-authlib creates. (I need courier-authlib because the LDAP code
now resides in there only.) I tried to change the pipe's context to
something like postfix_pipe_t, but am blocked from doing that.
>>(having just looked at the policy sources, the one for postfix is vastly
>>more complicated than the sendmail one so it does indeed appear to be
>>different...)
>>
>>
>
>Yeah, I don't know why there seems to be no real overlap in the Sendmail &
>Postfix policies, though I can guess. I'm wondering if there needs to be a
>common type. mail_spool_t would seem to fit the bill, but I haven't really
>looked too closely at this one.
>
>
This would fix my problems and seems to be pretty clean. For now, I
think I'm throwing in the towel on getting this to work.
Thanks,
Karyl
More information about the fedora-selinux-list
mailing list