From 76b4e498a252e7e200c00b63ae9de290696b9a27 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 5 Oct 2014 21:45:45 +0000 Subject: [PATCH] VIRTUAL_VACATION/INSTALL.TXT: - change instructions to use /usr/lib/postfixadmin to avoid vacation.pl has write access to itsself - replace instructions for /var/spool/vacation/ with instructions for a log file or directory - various other changes git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1692 a1433add-5e2c-0410-b055-b7f2511e0802 --- VIRTUAL_VACATION/INSTALL.TXT | 58 +++++++++++++++++++++++------------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/VIRTUAL_VACATION/INSTALL.TXT b/VIRTUAL_VACATION/INSTALL.TXT index e8ab73d0..c7046a9e 100644 --- a/VIRTUAL_VACATION/INSTALL.TXT +++ b/VIRTUAL_VACATION/INSTALL.TXT @@ -1,6 +1,6 @@ -################################################## -# Virtual Vacation for Postfix Admin Release 2.x # -################################################## +###################################### +# Virtual Vacation for Postfix Admin # +###################################### # # Postfix Admin (Virtual Vacation) # Originally authored by Mischa Peters @@ -38,6 +38,7 @@ Install Virtual Vacation 1. Create a local account ------------------------- + Create a dedicated local user account called "vacation". This user handles all potentially dangerous mail content - that is why it should be a separate account. @@ -46,6 +47,8 @@ Do not use "nobody", and most certainly do not use "root" or "postfix". The user will never log in, and can be given a "*" password and non-existent shell and home directory. +Also create a separate "vacation" group. + This should look like this: #/etc/passwd @@ -55,24 +58,30 @@ vacation:*:65501:65501:Virtual Vacation:/nonexistent:/sbin/nologin vacation:*:65501: -2. Create a directory ---------------------- -Create a directory, for example /var/spool/vacation, that is accessible -only to the "vacation" user. This is where the vacation script is supposed -to store its temporary files. +2. Create a log directory or log file +------------------------------------- + +If you want to log to a file ($log_to_file), create a log directory or an +empty log file. +This file or directory needs to be writeable for the "vacation" user. -3. Copy the files ------------------ +Note: If you are logging to syslog, you can skip this step. -Copy the vacation.pl file to the directory you created above: - $ cp vacation.pl /vacation.pl - $ chown -R vacation:vacation +3. Install vacation.pl +---------------------- + +Create a directory /usr/lib/postfixadmin/ and copy the vacation.pl file to it: + + $ mkdir /usr/lib/postfixadmin + $ cp vacation.pl /usr/lib/postfixadmin/vacation.pl + $ chown -R root:vacation /usr/lib/postfixadmin + $ chmod 750 /usr/lib/postfixadmin/ /usr/lib/postfixadmin/vacation.pl Which will then look something like: --rwx------ 1 vacation vacation 3356 Dec 21 00:00 vacation.pl* +-rwxr-x--- 1 root vacation 3356 Dec 21 00:00 vacation.pl* 4. Setup the transport type @@ -81,7 +90,7 @@ Define the transport type in the Postfix master file: #/etc/postfix/master.cf: vacation unix - n n - - pipe - flags=Rq user=vacation argv=/var/spool/vacation/vacation.pl -f ${sender} -- ${recipient} + flags=Rq user=vacation argv=/usr/lib/postfixadmin/vacation.pl -f ${sender} -- ${recipient} 5. Setup the transport maps file -------------------------------- @@ -124,14 +133,20 @@ file. You can do this in two ways: -a) edit vacation.pl directly +a) edit vacation.pl directly (not recommended!) -b) create /etc/mail/postfixadmin/vacation.conf and enter your settings there +b) create /etc/postfixadmin/vacation.conf and enter your settings there Just use perl syntax there to fill the config variables listed in vacation.pl (without the "our" keyword). Example: $db_username = 'mail'; + To make sure nobody except vacation.pl can read your vacation.conf (including the + database password), run + + $ chown root:vacation /etc/postfixadmin/vacation.conf + $ chmod 640 /etc/postfixadmin/vacation.conf + 7. Check the alias expansion ---------------------------- @@ -141,7 +156,7 @@ your postfix master.cf file. This is especially the case if you are also using A another content filtering system when mail is re-injected into Postfix using the smtpd daemon. If you are, it's likely that alias expansion may happen more than once, in which case you -may see vacation-style responses duplicated. To suppress this behaviour, you need to add : +may see vacation-style responses duplicated. To suppress this behaviour, you need to add: -o receive_override_options=no_address_mappings @@ -186,9 +201,10 @@ joeuser#something.com@autoreply.yourdomain.com vacation.pl then checks the database to see wether a user is on holiday and what message to send back. Make sure that vacation.pl is able to communicate -to your database. In the first couple of lines you have to specify the -database, username and password for it. -NOTE: Make sure that the path to perl is correct. +to your database. You have to specify the database, username and password for +it as described in the "Configure vacation.pl" section. + +NOTE: Make sure that the path to perl in vacation.pl is correct. I'm in trouble!