[Mailman-Developers] Re: Initial Mailman v2.0 with TMDA and Mime
filtering
J C Lawrence
claw@kanga.nu
Wed, 31 Jul 2002 13:43:53 -0700
On Wed, 31 Jul 2002 13:16:30 -0600
Jason R Mastaler <jason@mastaler.com> wrote:
> J C Lawrence <claw@kanga.nu> writes:
>> Integrating TMDA really isn't that hard a question or problem.
> To us sure, but you'd be astonished how few people have gotten it to
> work under non-qmail -- or more to the point, how many have tried and
> then given up.
Given the effective UID etc problem, I can believe. If I hadn't already
known how easy it would be to use Exim I might have given up as well (or
hand-patched procmail to do what I wanted ala /etc/procmailrcs).
>> I was interested in integrating TMDA in a fashion that also leant
>> itself to integrating other useful tools, rather than making such
>> further extensions difficult. As such I tried to build a framework
>> more than a single point solution.
> I understand. It's just when I started reading through your 28K
> HOWTO, my head started spinning. Perhaps this is just because I don't
> use Exim and procmail though.
<nod>
I'm afraid I do all sorts of things with procmail.
$ wc -l .~/procmailrc ~/Mail/*.procmail | tail -1
1215 total
>>> What user is the filter process executed as by default?
>> nobody.nogroup.
> How about adding `mailman' to nobody's supplemental groups list so it
> can read ~mailman's files?
Many other services and processes execute in nobody.nogroup as a
known-safe near jail. I'm very unwilling to alter my security stance by
extending the permission set of nobody.nogroup, especially when all
those email addresses are within the risk set.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw@kanga.nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.