On March 24, 2007 7:39:23 PM +0100 Milan Holzäpfel <listen@mjh.name> wrote:
Hello,
on my system, I have a copy of /usr/libexec/dovecot/deliver located in /usr/libexec/dovecot/postfix-deliver/deliver (only accessible to postfix and with SUID root permissions). If I happen to forget to update this copy after an upgrade of dovecot, the deliver LDA bounces mails:
...
Should I just set version_ignore=yes and remember myself to upgrade it, or could deliver return a code signaling "temporary failure", or should I rather make postfix interpret 89 as temporary failure? (don't know by heart whether that's possible).
You should leave version_ignore=no and remember to upgrade it.
One way (there are many) to avoid this problem is to invoke sudo deliver instead of deliver.
Another is to (within postfix) configure the local transport to run with root privs, avoiding the need for a setuid root program altogether.
-frank