[Dovecot] spamc can't seem to call /usr/lib/dovecot/deliver
Bill Shirley
Bill at KnoxvilleChristian.org
Wed Oct 24 20:21:58 EEST 2012
On 10/24/2012 12:44 PM, /dev/rob0 wrote:
> On Wed, Oct 24, 2012 at 12:28:48PM -0400, Bill Shirley wrote:
>> I don't understand why you strongly recommend against using the
>> mailbox_command. Is there a security risk here?
> One issue is that mailbox_command is only used for local(8) delivery.
> You brought that up for the OP, who is reporting a problem in trying
> to use pipe(8). mailbox_command is not relevant for pipe. That added
> more confusion to the issue at hand.
It was my understanding that he is implementing local users.
>
> I can't speak for Robert, but as I said in the other post I agree
> with him, so I will say why. You will get better overall performance
> with amavisd-new and LMTP, rather than invoking a command via pipe
> for every delivery.
Admittedly, I have not used amavisd-new or LMTP; they may be better.
But will they allow spamassassin per-user prefs? Performance is a plus;
another daemon is not. That saying, I'll run another daemon if I get
something out of it. Any benchmarks on this?
>
> No, mailbox_command in itself is not a security risk, except insofar
> as you could DoS yourself with more deliveries at once than the
> system is able to handle. Some risk of DoS is present for any kind of
> content filtering, though. But amavisd-new after-queue reduces that
> risk.
>
>> I've read all the howtos.
> Eww. I have not. I have made extensive referral to the documentation,
> however, and that is what I recommend. Many thousands of people who
> are generating web content do not know much about email. You don't
> want to turn to them for advice about this!
Probably mis-spoke; I said howtos instead of documentation. Yes, there
are many bad howtos out there.
>
> (FWIW, many of the howtos I have looked at are very bad.)
>
>> There are many ways to setup a mail server. That's the beauty of
>> postfix, spamassassin, dovecot, etc; you can make it do what you
>> want. Yes, some setups are bad.
> Yes and yes.
>
>> I am not the original poster.
Respectfully,
Bill
More information about the dovecot
mailing list