3

I often see tutorials for setting up Postfix with the virtual mailbox delivery agent on Linux that instruct to create a new disabled-login user and group to own virtual mailboxes in /home/example_username. This, of course, makes sense and is a viable option.

In the virtual mailbox example in the Postfix documentation he uses the following settings, but does not discuss what, if any, user(s) have been created:

http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox

/etc/postfix/main.cf

virtual_mailbox_base = /var/mail/vhosts
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

Debian, by default, includes a mail user and group, uid 8 and gid 8, with home directory /var/mail. Is there any reason not to use this user and group to own the virtual mailboxes? Perhaps adjusting the above example as follows. I know the point of the virtual_minimum_uid is to be a safety mechanism to prevent mail being written to sensitive files, but if the uid and gid are defined as static entries, is there any danger in using this setup?

/etc/postfix/main.cf

virtual_mailbox_base = /var/mail/vhosts
virtual_minimum_uid = 8
virtual_uid_maps = static:8
virtual_gid_maps = static:8
user981178
  • 445
  • 1
  • 3
  • 13

1 Answers1

0

Yes, there are good reasons why Debian does not use uid 8 and gid 8 for Postfix.

You could install other binaries, which use those groups and this could theoretically result in security problems, especially if they run suid mail.

Postfix should use its own gid and uid for security reasons, period.

Marc Stürmer
  • 1,904
  • 13
  • 15
  • Thanks for the information. I did decide that there was probably a good reason for this, and ended up using a setup similar to that mentioned in the first paragraph of my question. – user981178 Jul 31 '14 at 15:31
  • Reading your answer again, I do want to clarify, that I am not referring in the above question to the uid and gid of the postfix user and group, but only the uid and gid used by the postfix virtual transport, which is different. – user981178 Aug 02 '14 at 14:03
  • That's a really poor reason, if a reason at all. Any decent admin must know what they install and what system users/groups are being used with every daemon they intend to configure and run. That is just pretty basic stuff. Do you mean that postfix mda/lda should use the postfix user/group? If not, then what you last said doesn't make any sense at all. What is postfix's own gid and uid then? That one shouldn't be used, because it is already being used for other stuff. What should be used is a unused and unprivileged user:group, therefore mail:mail is perfectly valid. – Chazy Chaz Oct 27 '19 at 15:24