tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: mail.local NSS awareness

On 30-Apr-08, at 8:14 AM, I wrote:

Indeed mail.local _could_ be made so blind as to just create a file in the spool directory with the same name as the user-id (though there could be issues with character case, depending on what the MTA passes to it). In fact I would strongly prefer it to be that way.

I want to point out that I am very well aware there is the issue of changing the ownership of the mail spool file. There have been other solutions to this problem in the past (i.e. such that the spool file does not have to be owned by the user and thus also such that the LDA doesn't have to run as root, and all the while not compromising privacy, at least not so long as the MUAs are securely coded too).

However I agree that to keep the current spool interface the LDA _must_ return a "temporary" error indication to the MTA so that the message can remain in the local spool until such time that the LDA can verify the username and learn what the user-ID is. Given the requirement to maintain a Sendmail-compatible LDA interface this means the only acceptable exit code for this situation would be EX_TEMPFAIL.

I don't have YP compiled into any of my currently running systems so I can't test getpwnam() and getpwnam_r().

Note also that any proper MTA will never lose mail if the LDA returns a non-zero and non-temporary exit code -- a bounce message will be formulated and the message will be returned to the sender (and if that fails the message will be sent to the local postmaster).

                                        Greg A. Woods; Planix, Inc.

Home | Main Index | Thread Index | Old Index