[Mailman-Developers] Re: Initial Mailman v2.0 with TMDA and Mime filtering

[J C Lawrence]

On Wed, 31 Jul 2002 13:16:30 -0600 
Jason R Mastaler <jason@mastaler.com> wrote:
> J C Lawrence <claw@kanga.nu> writes:

>> Integrating TMDA really isn't that hard a question or problem.

> To us sure, but you'd be astonished how few people have gotten it to
> work under non-qmail -- or more to the point, how many have tried and
> then given up.

Given the effective UID etc problem, I can believe.  If I hadn't already
known how easy it would be to use Exim I might have given up as well (or
hand-patched procmail to do what I wanted ala /etc/procmailrcs).

>> I was interested in integrating TMDA in a fashion that also leant
>> itself to integrating other useful tools, rather than making such
>> further extensions difficult.  As such I tried to build a framework
>> more than a single point solution.

> I understand.  It's just when I started reading through your 28K
> HOWTO, my head started spinning.  Perhaps this is just because I don't
> use Exim and procmail though.

<nod>

I'm afraid I do all sorts of things with procmail.  

  $ wc -l .~/procmailrc ~/Mail/*.procmail | tail -1
     1215 total

>>> What user is the filter process executed as by default?
>> nobody.nogroup.

> How about adding `mailman' to nobody's supplemental groups list so it
> can read ~mailman's files?

Many other services and processes execute in nobody.nogroup as a
known-safe near jail.  I'm very unwilling to alter my security stance by
extending the permission set of nobody.nogroup, especially when all
those email addresses are within the risk set.

-- 
J C Lawrence                
---------(*)                Satan, oscillate my metallic sonatas. 
claw@kanga.nu               He lived as a devil, eh?		  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.