Postgrey - should it be using a Unix Socket

SYSTEM INFORMATION
OS type and version Ubuntu Linux 22.04.4
Webmin version 2.111
Usermin version 2.010
Virtualmin version 7.10.0
Theme version 21.10
Package updates 85 package updates are available

My understanding it is better to use a unix socket where possible (Windows Guy Alert).

When you enable greylisting Virtualmin --> Email Settings --> Email Greylisting the following policy:

check_policy_service inet:127.0.0.1:10023

gets added to :

Webmin --> Servers --> Postfix Mail Server --> SMTP Server Options --> Restrictions on recipient addresses:

I have come across these policy socket declarations people are using instead:

check_policy_service unix:/var/spool/postfix/postgrey/socket 
check_policy_service unix:postgrey/socket
  • Are these a better way to do things?
  • Does using the 127.0.0.1 method allow for better compatibility between the Linux distros?

Sockets are generally better. I don’t know why we use a port. This is pretty old code.

It’s not about compatibility; all Linux versions going back many years support named sockets. @Jamie is there a reason other than historical baggage we’re using a port for the greylisting policy server rather than a named socket? Maybe it’s what ships in the package?

Currently we just follow the default port as set in /etc/default/postgrey by the distro packages, but if that’s not found we do fall back to using a TCP port. We could change that though…

I can’t really think of any security reason it’d be necessary/useful, so I don’t think it’s urgent, But doing things in the usual way (whatever the project maintainers recommend or what’s the default in the package, when reasonable) is always good.

Shall I do a github issue (another one :smile: ) so it can be stuck on this list at some point.

I think this one is mostly a preference thing, I’m unaware of security or performance concerns here; a port and a named socket behave the same. The only benefit to a socket is a user can’t squat on it…but that’s unlikely to happen with a service that starts at boot, and there are no security implications I can think of to doing so even if they could.

Yes please …

I think I’m missing something. Why would this be an important/urgent change?

For me it is not important, I just wanted to point it out just incase it was. So I am all good.

Howdi Joe

Its not urgent nor important, but it should be listed that way when you get sick of working so hard on the cloudmin install script you promised us 2 years ago, you have a record of things that should be looked at given extra time.

That is why you have a github page isn’t it so people can list things that need/want to be changed ?

Thanks
Michael

Post it shoulders good to have a list of things to be done.

Does using a Unix socket skip using the TCP/IP stack?

or even “would like” someday when you have nothing more adventurous to do with your life?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.