[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: mail.local NSS awareness
On 30-Apr-08, at 8:14 AM, I wrote:
Indeed mail.local _could_ be made so blind as to just create a file
in the spool directory with the same name as the user-id (though
there could be issues with character case, depending on what the MTA
passes to it). In fact I would strongly prefer it to be that way.
I want to point out that I am very well aware there is the issue of
changing the ownership of the mail spool file. There have been other
solutions to this problem in the past (i.e. such that the spool file
does not have to be owned by the user and thus also such that the LDA
doesn't have to run as root, and all the while not compromising
privacy, at least not so long as the MUAs are securely coded too).
However I agree that to keep the current spool interface the LDA
_must_ return a "temporary" error indication to the MTA so that the
message can remain in the local spool until such time that the LDA can
verify the username and learn what the user-ID is. Given the
requirement to maintain a Sendmail-compatible LDA interface this means
the only acceptable exit code for this situation would be EX_TEMPFAIL.
I don't have YP compiled into any of my currently running systems so I
can't test getpwnam() and getpwnam_r().
Note also that any proper MTA will never lose mail if the LDA returns
a non-zero and non-temporary exit code -- a bounce message will be
formulated and the message will be returned to the sender (and if that
fails the message will be sent to the local postmaster).
Greg A. Woods; Planix, Inc.
Main Index |
Thread Index |