Nate Sanders wrote:
I must say, I think you lost me :-]
I understand the concern of having multiple users append the same file with no locking. But I'm not sure I follow either of your guys solutions to get around that..
Ok. The basic idea is that you want everyone to share a single whitelist, which is auto-maintained by TMDA whenever anyone confirms.
The potential problem with this is multiple processes updating the whitelist at the same time.[1]
So, this means we can't have each user have CONFIRM_APPEND set to the same file. This is the only way to guarantee avoiding multiple TMDA processes writing to the file at the same time.
So, configure each user to have their own whitelist file in their ~/.tmda/config (or even /etc/tmdarc if you use a username variable to construct the filename)
user a: CONFIRM_APPEND = /home/a/.tmda/lists/confirmed
user b: CONFIRM_APPEND = /home/b/.tmda/lists/confirmed
user c: CONFIRM_APPEND = /home/c/.tmda/lists/confirmed
The only problem with this setup is that users a, b, c won't by default use each-other's whitelists in their incoming filters. So, for every user, you need the following in ~/.tmda/filters/incoming - an explicit usage of every user's confirmed file:
in every users' filter: from-file /home/a/.tmda/lists/confirmed accept from-file /home/b/.tmda/lists/confirmed accept from-file /home/c/.tmda/lists/confirmed accept
Another problem is file permissions. user a needs to be able to read user b's and user c's whitelist. You should be able to solve this by simple Unix file permissions. Actually, I'd recommend putting all whitelist files in a single shared globally readable location , with the unix sticky bit set.
Finally, there's the hassle of editing every user's incoming filter whenever you add a new user to the system (since they will have a new whitelist file, and all users filters must accept mail from that file).
There are probably tweaks you can make to improve this:
a) Set CONFIRM_APPEND in /etc/tmdarc based off some template e.g. concatenate your shared path to the user ID. This means you don't have to manually setup CONFIRM_APPEND for each new user.
b) Create a centralized filter file that lists all whitelist files, and include that from each user's incoming filter. This means only one filter to edit when adding new users.
c) The above could be auto-generated from a cron script, or a custom adduser script.
Finally, I should point out that if you want all users to share a single TMDA configuration (i.e. whitelist etc.), it might be better to set up a relaying mail server. This is a mail server whose sole purpose is to run TMDA, filtering email based upon common criteria, and then forwarding it to your real mail server. For qmail at least, this is addressed in the FAQ at:
http://tmda.net/faq.cgi?req=all#3.8
[1] Note that I base this on the fact that you're not supposed to e.g. edit the whitelist in vi/emacs/... whilst TMDA could be running. Another poster pointed out that TMDA only appends to the whitelist, so it may be safe to have multiple TMDA instances writing to one file. The reason one shouldn't edit in vi/emacs/... could be because one tends to delete/re-order entries whereas TMDA just appends. I'm pretty sure that even multiple processes appending to the same file won't work, and hence I recommend caution attempting this!
-- Stephen Warren, Software Engineer, NVIDIA, Fort Collins, CO [EMAIL PROTECTED] http://www.wwwdotorg.org/pgp.html
signature.asc
Description: OpenPGP digital signature
_____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
