Milter-greylist

"compconsultant"
<Compconsultant-y+1K9gjoRMQAvxtiuMwx3w@...> writes:

> What SEEMS to happen using the original startup script on Centos is
> the files (such as the socket file) are built as root, THEN, the user
> changed to the correct user (in my case postfix), meaning, postfix
> cannot write to the files. Perhaps this is a bug in milter-greylist.

That's proper behavior.  Daemons usually delay dropping of permissions
until privileged operations have been finished.  Such privileged operations
are for example:

* creating pid file under /var/run (which is writable by root only)

* binding to ports < 1024

Both operations are done resp. are very likely to be done by milter-greylist
so that dropping the uid within the daemon is the right choice.

For your postfix problem I suggest to:

* use TCP for the milter socket, or

* place the unix socket into a protected directory which can be read by
  the postfix user/group and set a umask of 007 or 000 (this is already
  supported by milter-greylist's socket mode option).


Enrico