On 10/24/2012 12:44 PM, /dev/rob0 wrote:
On Wed, Oct 24, 2012 at 12:28:48PM -0400, Bill Shirley wrote:
I don't understand why you strongly recommend against using the mailbox_command. Is there a security risk here? One issue is that mailbox_command is only used for local(8) delivery. You brought that up for the OP, who is reporting a problem in trying to use pipe(8). mailbox_command is not relevant for pipe. That added more confusion to the issue at hand. It was my understanding that he is implementing local users.
I can't speak for Robert, but as I said in the other post I agree with him, so I will say why. You will get better overall performance with amavisd-new and LMTP, rather than invoking a command via pipe for every delivery. Admittedly, I have not used amavisd-new or LMTP; they may be better.
But will they allow spamassassin per-user prefs? Performance is a plus; another daemon is not. That saying, I'll run another daemon if I get something out of it. Any benchmarks on this?No, mailbox_command in itself is not a security risk, except insofar as you could DoS yourself with more deliveries at once than the system is able to handle. Some risk of DoS is present for any kind of content filtering, though. But amavisd-new after-queue reduces that risk.
I've read all the howtos. Eww. I have not. I have made extensive referral to the documentation, however, and that is what I recommend. Many thousands of people who are generating web content do not know much about email. You don't want to turn to them for advice about this! Probably mis-spoke; I said howtos instead of documentation. Yes, there are many bad howtos out there.
(FWIW, many of the howtos I have looked at are very bad.)
There are many ways to setup a mail server. That's the beauty of postfix, spamassassin, dovecot, etc; you can make it do what you want. Yes, some setups are bad. Yes and yes.
I am not the original poster.
Respectfully, Bill