Security problem Xmail (umask)?, Umask defaults to 111?

It seems the xmail umask defaults to 111?

See my (new) mail files in a directory:
computername:/mail/MailRoot/domains/DOMAIN.com/info/Maildir/new# ls -lsa
totaal 32
4 drwxr-xr-x 2 xmail xmail 4096 2005-11-28 15:59 .
4 drwxr-xr-x 10 xmail xmail 4096 2005-11-26 20:29 ..
4 -rw-rw-rw- 1 xmail xmail 2226 2005-11-27 19:00 1133114422268.1286048688.cf0.pierre-srv
4 -rw-rw-rw- 1 xmail xmail 2234 2005-11-27 19:00 1133114440391.1269271472.cf3.pierre-srv
4 -rw-rw-rw- 1 xmail xmail 1136 2005-11-27 20:14 1133118888089.1286048688.cfc.pierre-srv
4 -rw-rw-rw- 1 xmail xmail 1999 2005-11-28 06:47 1133156839800.1135053744.d1f.pierre-srv
4 -rw-rw-rw- 1 xmail xmail 928 2005-11-28 12:07 1133176026972.1286048688.d38.pierre-srv
4 -rw-rw-rw- 1 xmail xmail 2009 2005-11-28 15:59 1133189992910.1093110704.d6b.pierre-srv

This really looks not good! It means anybody can ready my precious email messages if they have a system-account.

I have looked for a umask setting but I can't find anything. How to change this behaviour? I really don't like the idea every systemuser can trash my e-mail!!

Did I changed anything bad or is it an xmail thing? I would really like the umask to 177 or 117.. thx

Did you chmod -R 700 /var/MailRoot ?

No, mailroot is:
drwxr-xr-x

That's because my IMAP servers needs access to things and my symlink to the sendmail program of xmail needs access to the directory. Therefore I chmoded it.

btw, look at this:
pierre-srv:/mail/MailRoot/domains/XXXXXXXX.com/info/Maildir/cur# ls -lsa
totaal 36
8 drwxr-xr-x 2 xmail xmail 8192 2005-11-30 17:09 .
4 drwxr-xr-x 10 xmail xmail 4096 2005-11-30 17:09 ..
4 -rw-r--r-- 1 xmail xmail 2982 2005-08-14 11:44 1124012664263.1344736176.26a9.pierre-srv:2,RS
8 -rw-r--r-- 1 xmail xmail 5840 2005-08-14 14:00 1124020847101.1344736176.26bc.pierre-srv:2,RS
4 -rw-r--r-- 1 xmail xmail 2071 2005-08-19 01:41 1124408462404.1327958960.293b.pierre-srv:2,RS
4 -rw-r--r-- 1 xmail xmail 2369 2005-09-20 14:28 1127219328541.1336347568.3780.pierre-srv:2,RS
4 -rw-r--r-- 1 xmail xmail 3531 2005-09-20 18:55 1127235303077.1353124784.379b.pierre-srv:2,RS
pierre-srv:/mail/MailRoot/domains/XXXXX/info/Maildir/cur# cd ../new/
pierre-srv:/mail/MailRoot/domains/XXXXX/info/Maildir/new# ls -lsa
totaal 8
4 drwxr-xr-x 2 xmail xmail 4096 2005-11-30 17:09 .
4 drwxr-xr-x 10 xmail xmail 4096 2005-11-30 17:09 ..
pierre-srv:/mail/MailRoot/domains/XXXXX/info/Maildir/new#

The "cur" is old mail, which is chmodded by me some time ago after installment I think. The /new is new mail and that has those bad things.

Does xmail lookup the umask by looking at it's parent directory (MailRoot)? Also, I didn't installed it in /var but in /mail.

Anyone who can clear this up?

(p.s. can you make a screenshot of your mail?)

All new files inherit the permissions of the parent folder. So all my mail is set to rwx------ .

Please forward this as a feature request to Davide at xmailserver.org. This will make 3rd party bindings like IMAP more secure. A relocation of the domain storage folder would be a nice alternative, too. But this is also not possible at the moment.

Sorry for late reply i'm very busy atm.

Something is really still wrong, look at my permissions:



pierre-srv:/mail/MailRoot/domains/XXXXX.com/baran/Maildir/new# ls -lsa
totaal 12
4 drwx------ 2 xmail xmail 4096 2005-12-03 17:25 .
4 drwx------ 8 xmail xmail 4096 2005-12-02 18:36 ..
4 -rw-rw-rw- 1 xmail xmail 1378 2005-12-03 17:25 1133627125991.1294429104.0.pierre-srv

You see, it's writable for everyone, this new message (i restarted xmail before sending this message).

Now look at the MailRoot:
pierre-srv:/mail# ls -lsa
totaal 20
4 drwxr-xr-x 4 xmail xmail 4096 2005-12-03 17:24 .
4 drwxr-xr-x 24 root root 4096 2005-11-26 16:15 ..
4 drwxr-xr-x 15 xmail xmail 4096 2005-12-03 17:24 MailRoot
4 -rw-rw-rw- 1 xmail xmail 4 2005-12-03 17:24 XMail.pid
Yes, you see it: The MailRoot directory is NOT group and NOT world writable!

And further up:
pierre-srv:/mail/MailRoot# ls -lsa |grep domains
4 drwxr-xr-x 2 xmail xmail 4096 2005-01-10 00:00 custdomains
4 drwxr-xr-x 26 xmail xmail 4096 2005-10-10 20:00 domains
4 -rw------- 1 xmail xmail 363 2005-10-10 20:00 domains.tab
Yes, you see it: The domains directory is NOT group and NOT world writable!

pierre-srv:/mail/MailRoot/domains# ls -lsa |grep XXXXXXXXXXX
4 drwxr-xr-x 6 xmail xmail 4096 2005-11-04 23:44 XXXXXXXXXXX.com
Yes, you see it: The XXXXXXX.com directory is NOT group and NOT world writable!

And the user in the domain:
4 drwx------ 3 xmail xmail 4096 2005-10-24 20:57 baran
That is a user created by xmail after my chmodding things on the whole directory structure I did some monts ago. You see, the user directory is created with right permissions.
But inside the directory:
pierre-srv:/mail/MailRoot/domains/XXXXXXXXXX.com/baran# ls -lsa
totaal 16
4 drwx------ 3 xmail xmail 4096 2005-10-24 20:57 .
4 drwxr-xr-x 6 xmail xmail 4096 2005-11-04 23:44 ..
4 drwx------ 8 xmail xmail 4096 2005-12-02 18:36 Maildir
4 -rw-rw-rw- 1 xmail xmail 139 2005-12-02 17:59 user.tab

Oh no! user.tab is writable to anyone!'

But, as you know, because users can't access the directory "baran" because that has been set with strict permissions, noone will be able to write to a users directory. But, if for some reason, that directory is made readable, afaik you will be able to write to the user.tab file (and mail which I showed you above).

My mailroot is located in /mail/MailRoot. The /mail directory is NOT group and NOT world writable.

So, strange thing is: All directory's, in my case:
/mail/MailRoot/domains/flexbouncer.com/
Are NOT group and world writable. However, new e-mail and .tab files ARE writable!

Can you tell me about which parent folder you are talking?
Because:
pierre-srv:/mail/MailRoot/domains/XXXXXXXX.com/baran/Maildir/new# ls -lsa
totaal 12
4 drwx------ 2 xmail xmail 4096 2005-12-03 17:25 .
4 drwx------ 8 xmail xmail 4096 2005-12-02 18:36 ..
4 -rw-rw-rw- 1 xmail xmail 1378 2005-12-03 17:25 1133627125991.1294429104.0.pierre-srv

You see (the single dot) this parent directory for new mail is not writable for anyone. However, new mail is put there writable. But no directory in the whole part of going up in the structure untill we arive in the "new" directory has the writable options for group or world set.

Maybe you can tell me if it's a bug or not. If it's a bug, I'll contact davide. btw, ignore the CAPS it's just to let the see the difference better nothing personal

Thanks for looking at it!

Reply of davide, maybe someone can use it

On Sat, 3 Dec 2005, Pierre van den Oord wrote:

> No, I didn't. I just needed to to test some settings. I'll make
> mailroot have other permissions, but atm they are:
> 4 drwxr-xr-x 15 xmail xmail 4096 2005-12-03 17:24 MailRoot
>
> So, that's 755
> But my files get 666 permissions!
>
> Yes, people could read email from eachother in this situation, I had
> to change it because of some old implementation issues which are
> already solved. But this behaviour is strange, it should never make
> things writable if the top directory is not writable.
>
> I've had this to give people access to sendmail, but i'll implement
> the following now:
> Make sendmail script in /bin have the UID/GID bit set on execution
> So that xmail binary will be accessable by it.

Remove the umask(0); line from MainLinux.cpp and rebuild. Then use `umask`
in the xmail boot script to set what you want.

XMail is based on a 700 permission thru the whole directory tree. IF MailRoot/domains is chmodded to something else, then all files created inside will have that permissions too. So patching the source code is the only way.

OOOPS *blush*

I chmod'ed 777 the whole tree in order to fix my sendmail problem *runs off fast*

~Akari

About sendmail binary see http://xmailforum.homelinux.net/index.php?showtopic=2928

And five years later, XMail version 1.27, the source code is still not fixed.

Thanks to the person who found this though.