maildrop
David Relson
relson at osagesoftware.com
Tue Mar 8 02:16:58 CET 2005
On Tue, 08 Mar 2005 02:09:01 +0100
Matthias Andree wrote:
> David Relson <relson at osagesoftware.com> writes:
>
> > Unfortunately, maildrop doesn't seem to support a shared wordlist.
> > With procmail, I can use "bogofilter -pelu" (for auto-updating), and
> > have my wordlist in /var/spool/bogofilter/ and it works fine. I
> > couldn't do that with maildrop, which is a shame because the syntax of
> > the maildroprc file is very nice.
>
> Right, no _easy_ loopholes for root with maildrop, and that's good:
> A single fault in the procmail setup, procmail, bogofilter might
> compromise a whole system. Not so with maildrop.
>
> Proper umask and group settings should be able to achieve what you
> desire, as can sudo(1) with proper sudoers(5) configuration.
>
> sudo allows you to lock command and arguments of the bogofilter call,
> and it allows you to run the system-wide bogofilter under a dedicated
> account. Assuming your bogofilter account was called "bogouser", this
> would allow all mailusers group members to run
> "/usr/local/bin/bogofilter -pelu" on all hosts, at all times, without
> password (so the bogouser account can be with locked password, but it
> needs a valid shell).
>
> ALL ALL = (bogouser) NOPASSWD: /usr/local/bin/bogofilter -pelu
>
> The /etc/maildroprc line might then look:
>
> xfilter 'sudo -u bogouser /usr/local/bin/bogofilter -pelu'
>
> Note: this is untested.
The thought of a 'mail' group had briefly crossed my mind (and been
forgotten :-) "sudo" seems a bit heavy handed, though the idea of
'group bogouser' seems reasonable. Guess it's time to experiment :-)
_______________________________________________
Bogofilter mailing list
Bogofilter at bogofilter.org
http://www.bogofilter.org/mailman/listinfo/bogofilter
More information about the Bogofilter
mailing list