On 10/24/2012 12:44 PM, /dev/rob0 wrote:
On Wed, Oct 24, 2012 at 12:28:48PM -0400, Bill Shirley wrote:
I don't understand why you strongly recommend against using the
mailbox_command. Is there a security risk here?
One issue is that mailbox_command is only used for local(8) delivery.
You brought that up for the OP, who is reporting a problem in trying
to use pipe(8). mailbox_command is not relevant for pipe. That added
more confusion to the issue at hand.
It was my understanding that he is implementing local users.
I can't speak for Robert, but as I said in the other post I agree
with him, so I will say why. You will get better overall performance
with amavisd-new and LMTP, rather than invoking a command via pipe
for every delivery.
Admittedly, I have not used amavisd-new or LMTP; they may be better.
But will they allow spamassassin per-user prefs? Performance is a plus;
another daemon is not. That saying, I'll run another daemon if I get
something out of it. Any benchmarks on this?
No, mailbox_command in itself is not a security risk, except insofar
as you could DoS yourself with more deliveries at once than the
system is able to handle. Some risk of DoS is present for any kind of
content filtering, though. But amavisd-new after-queue reduces that
risk.
I've read all the howtos.
Eww. I have not. I have made extensive referral to the documentation,
however, and that is what I recommend. Many thousands of people who
are generating web content do not know much about email. You don't
want to turn to them for advice about this!
Probably mis-spoke; I said howtos instead of documentation. Yes, there
are many bad howtos out there.
(FWIW, many of the howtos I have looked at are very bad.)
There are many ways to setup a mail server. That's the beauty of
postfix, spamassassin, dovecot, etc; you can make it do what you
want. Yes, some setups are bad.
Yes and yes.
I am not the original poster.
Respectfully,
Bill
