This post originated from an RSS feed registered with Python Buzz by Ng Pheng Siong. Original Post: XMail No Root Feed Title: (render-blog Ng Pheng Siong) Feed URL: http://sandbox.rulemaker.net/ngps/rdf10_xml Feed Description: Just another this here thing blog. Latest Python Buzz Posts Latest Python Buzz Posts by Ng Pheng Siong Latest Posts From (render-blog Ng Pheng Siong)

As mentioned, XMail runs as root. The following steps make XMail run as a non-root uid/gid on a Unix-like host.

» Create group 'xmail' and user 'xmail'.

» Change the permissions of /var/MailRoot:

# chown root:xmail /var/MailRoot
# chmod 750 /var/MailRoot

» Change ownership of the following files and directories in /var/MailRoot to 'xmail:xmail'; for directories, the ownership changes apply recursively:

dnscache/
domains/
logs/
message.id
pop3locks/
spool/
tabindex/

» The file 'mailusers.tab' contains "encrypted" passwords; it must be readable by uid/gid 'xmail' although it can be owned by root, e.g.,

-rw-r-----   1 root   xmail     1118 Oct  5 08:17 mailusers.tab

» Since XMail no longer runs as root, it is unable to bind to ports 25 (smtp), 79 (finger) and 110 (pop3). The command line options for these ports are "-Sp", "-Pp" and "-Fp", respectively. XMail comes with a sample startup script: modify the line XMAIL_CMD_LINE in this file to incorporate the above command line options, e.g.:

XMAIL_CMD_LINE="-Sp 50025 -Pp 50110 -Fp 50079"

Because the script is run by root, another modification further down that file is needed to add the requisite "su - xmail -c ..." command to start XMail as the uid 'xmail'.

» The final step is to add firewall rules to redirect traffic hitting the standard ports to the non-privileged ports that XMail is running on.