At 6PM +0200 on 19/05/13 you (Reindl Harald) wrote:
Am 19.05.2013 17:51, schrieb Peter Skensved:
service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 }
chmod 666 is always a very bad idea
While I would agree with you in principle, the documentation (http://wiki2.dovecot.org/Services#auth) actually says
client: Only SASL authentication is allowed. This can be safely
exposed to entire world.Given that the SASL auth service will eventually be exposed to untrusted users via SMTP, the only additional risk from making this socket world-readable is that (AFAIK, at least) there is no rate-limiting. This makes the socket a password oracle, which can by used be any local user with access to the socket to mount a dictionary attack.
However, given again that the permissions on /var/spool/postfix/private should be 0700 postfix:wheel, and that (again AFAIK) all modern systems check the permissions on the full path when connecting to a Unix-domain socket, it doesn't actually matter what the permissions on the socket are as long as postfix can connect, so 0666 is in this case entirely safe.
Ben