bogofilter and qmail
Matthias Andree
matthias.andree at gmx.de
Mon Jun 20 01:02:26 CEST 2005
David Relson <relson at osagesoftware.com> writes:
> Greetings,
>
> My thanks go to a user (who prefers to remain without credit) for the
> following instructions on using bogofilter with qmail:
>
> As root:
> install bogofilter. then type:
>
> su -m qmailq
> cd
> mkdir .bogofilter
> cd bin
> cp -p qmail-queue qmail-queue.orig
> cat > qmail-queue
> #!/bin/sh
> HOME=/var/qmail
> export HOME
> /usr/local/bin/bogofilter -p -u -e | /var/qmail/bin/qmail-queue.orig
> ^D
> chmod 4711 qmail-queue
>
> Ready, check your mail...
This is completely bogus, for these reasons:
* qmail-queue reads the ENVELOPE on fd #0 (stdin) and the MESSAGE on
fd #1 (stdout) - bogofilter -p doesn't support that, and it should not.
* this script neither detects nor propagates bogofilter failures to the
caller, is thus unreliable.
* the script doesn't detect other errors
* the script runs bogofilter on qmailq's account, which is privileged
within qmailq's system. bogofilter is not supposed to be run setuid.
And perhaps it's better that the user remained without credit,
for he can't ruin his name/reputation this way...
I wonder if this has actually been tested, and doubt that.
--
Matthias Andree
More information about the Bogofilter
mailing list