[Dovecot] Comments about LDA wiki page

[Magnus Holmgren]

I've just tried out Dovecot LDA. The reason I didn't want to use it before was 
that I found it unnecessary together with Exim, plus I wanted to use Exim's 
filtering. But now I wanted to see if can notice any improvement when the 
indexes are updated on delivery, and I saw that it's possible to use Exim 
filters and pass the resulting folder with -m.

Now, correct me if I'm wrong, but IIUC some corrections, improvements, and 
comments could be made on http://wiki.dovecot.org/LDA.

In the "Site-wide setup" section (and in dovecot.conf) it's suggested that 
access be restricted to the master socket somehow. The first Exim example 
("System-users"), however, requires a world-writable socket. Uncomment "group 
= mail" and deliver will complain that setgid() fails. In this situation, 
the "-d $local_part@$domain" is unnecessary because then deliver will use the 
name of the user it's running as (it should probably have been just "-d 
$local_part" anyway). However, if deliver is run by root (which is by default 
impossible under Exim) or setuid root, then a destination user is mandatory.

Oh wait, without -d the auth socket isn't used at all, only the HOME 
environment variable and default_mail_env are. Well, it shouldn't matter much 
if you're running a standard pam/passwd setup, but with a more complicated 
non-virtual setup I see only four solutions: Make deliver setuid root, remove 
root from the compiled-in FIXED_NEVER_USERS list, run deliver as a user/group 
that has write access to all mailboxes, or make the master socket 
world-writable.

-- 
Magnus Holmgren        holmgren at lysator.liu.se
                       (No Cc of list mail needed, thanks)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20061130/ccb91cd0/attachment.pgp