maildrop

[Matthias Andree]

David Relson <relson at osagesoftware.com> writes:

> Unfortunately, maildrop doesn't seem to support a shared wordlist.
> With procmail, I can use "bogofilter -pelu" (for auto-updating), and
> have my wordlist in /var/spool/bogofilter/ and it works fine.  I
> couldn't do that with maildrop, which is a shame because the syntax of
> the maildroprc file is very nice.

Right, no _easy_ loopholes for root with maildrop, and that's good:
A single fault in the procmail setup, procmail, bogofilter might
compromise a whole system. Not so with maildrop.

Proper umask and group settings should be able to achieve what you
desire, as can sudo(1) with proper sudoers(5) configuration.

sudo allows you to lock command and arguments of the bogofilter call,
and it allows you to run the system-wide bogofilter under a dedicated
account. Assuming your bogofilter account was called "bogouser", this
would allow all mailusers group members to run
"/usr/local/bin/bogofilter -pelu" on all hosts, at all times, without
password (so the bogouser account can be with locked password, but it
needs a valid shell).

ALL      ALL = (bogouser) NOPASSWD: /usr/local/bin/bogofilter -pelu

The /etc/maildroprc line might then look:

xfilter 'sudo -u bogouser /usr/local/bin/bogofilter -pelu'

Note: this is untested.

-- 
Matthias Andree
_______________________________________________
Bogofilter mailing list
Bogofilter at bogofilter.org
http://www.bogofilter.org/mailman/listinfo/bogofilter