I got it working.
Here are the problems I fixed, and it would have been *lots* easier if the dovecot antispam plugin had better error/debug logging.
Johannes, I can work on a patch for the following if you prefer, and I'd much rather spend my time getting ntp-4.2.6 out the door.
Getting this working would have been lots easier if the dovecot-antispam package would:
- build dspam-exec's argv before the fork so it can be fully and cleanly reported in the debug log
- If there is a problem, report WIFEXITED(status) and WEXITSTATUS(status)
- if the execv fails, log an error message, noting dspam_binary, strerror(errno) and the uid/gid
If you want to be thorough about it I recommend logging an error whenever any system call fails.
The current freebsd ports tools offer postfix, dovecot, dovecot-antispam, and dspam in a way that they do not play nicely together.
The antispam plugin cannot exec the dspam binary. Choices include figuring out what user/group are needed (dspam is suid root, executable by the root or the mail group only, and dovecot will exec it as virtual/virtual), or opening up the execute privs on the dspam executable.
The dspam.conf file will need a "Trust virtual" line in it.
There might have been something else.
Having said all this, I really appreciate the dovecot antispam plugin.
H