Centralized no-su Setup
If you have multiple users using tmda-cgi in no-su mode, then you might
consider moving all of your TMDA files into one central location. This will
make it easier to keep group permissions on your directories and files. Here's
some sample directories and file contents I set up for my user
cgitest:
/etc:
-rw-r--r-- 1 root root 22 Nov 24 23:54 tmda-cgi
-rw-r--r-- 1 root root 557 Nov 27 15:05 tmdarc
-rw------- 1 tofmipd tofmipd 49 Nov 10 11:02 tofmipd |
/var:
| drwxr-s--x 3 root nobody 72 Nov 27 11:24 tmda |
/var/tmda:
| drwx--s--- 6 cgitest nobody 200 Nov 27 11:39 cgitest |
/var/tmda/cgitest:
-rw-r----- 1 cgitest nobody 0 Nov 27 11:39 config
-rw-r----- 1 cgitest nobody 41 Nov 27 11:39 crypt_key
drwx--s--- 2 cgitest nobody 96 Nov 27 12:55 filters
drwx--s--- 2 cgitest nobody 144 Nov 27 12:59 lists
drwx--s--- 2 cgitest nobody 120 Nov 27 12:57 logs
drwxrws--- 2 cgitest nobody 48 Nov 27 11:37 pending
drwx--s--- 2 cgitest nobody 768 Nov 29 09:54 responses
drwxr-sr-x 2 cgitest nobody 200 Dec 6 20:33 templates
-rw-rw---- 1 cgitest nobody 0 Dec 19 10:08 tmda-cgi.ini |
/var/tmda/cgitest/filters:
-rw-rw---- 1 cgitest nobody 153 Nov 27 12:54 incoming
-rw-rw---- 1 cgitest nobody 150 Nov 27 12:55 outgoing |
/var/tmda/cgitest/lists:
-rw-rw---- 1 cgitest nobody 0 Nov 27 12:59 blacklist
-rw-rw---- 1 cgitest nobody 0 Nov 27 12:59 confirmed
-rw-rw---- 1 cgitest nobody 0 Nov 27 12:59 whitelist |
/var/tmda/cgitest/logs:
-rw-r----- 1 cgitest nobody 0 Nov 27 12:57 debug
-rw-r----- 1 cgitest nobody 0 Nov 27 12:57 in
-rw-r----- 1 cgitest nobody 0 Nov 27 12:57 out |
/var/tmda/cgitest/templates:
-rw-r--r-- 1 cgitest nobody 407 Dec 6 20:30 bounce.txt
-rw-r--r-- 1 cgitest nobody 215 Dec 6 20:30 confirm_accept.txt
-rw-r--r-- 1 cgitest nobody 702 Dec 6 20:33 confirm_request.txt |
/etc/tmda-cgi:
/var/tmda/cgitest/filters/incoming:
from-file /var/tmda/cgitest/lists/blacklist reject
from-file /var/tmda/cgitest/lists/whitelist accept
from-file /var/tmda/cgitest/lists/confirmed accept |
/var/tmda/cgitest/filters/outgoing:
to-file /var/tmda/cgitest/lists/whitelist tag envelope dated=10d from bare
to-file /var/tmda/cgitest/lists/confirmed tag envelope dated=10d from bare |
/var/tmda/cgitest/templates/confirm_request.txt:
From.US-ASCII: "%(FULLNAME)s" <%(recipient_address)s>
Subject.US-ASCII: Please confirm your message
Reply-To.US-ASCII: %(confirm_accept_address)s
BodyCharset: US-ASCII
This message was created automatically by mail delivery software
(TMDA).
Your message attached below is being held because the address
<%(confirm_append_address)s> has not been verified.
To release your message for delivery, please send an empty message
to the following address, surf the following link, or use your
mailer's "Reply" feature.
%(confirm_accept_address)s
%(confirm_accept_url)s
This confirmation verifies that your message is legitimate and not
junk-mail. You should only have to confirm your address once. |
/etc/tmdarc:
import Util
# Allow group access to critical files
ALLOW_MODE_640 = 1
os.umask(0027)
# Locate important files and directories
DATADIR = "/var/tmda/%s/" % os.environ["USER"]
CONFIRM_APPEND = DATADIR + "lists/confirmed"
FILTER_INCOMING = DATADIR + "filters/incoming"
FILTER_OUTGOING = DATADIR + "filters/outgoing"
LOGFILE_DEBUG = DATADIR + "logs/debug"
LOGFILE_INCOMING = DATADIR + "logs/in"
LOGFILE_OUTGOING = DATADIR + "logs/out"
PENDING_BLACKLIST_APPEND = DATADIR + "lists/blacklist"
PENDING_WHITELIST_APPEND = DATADIR + "lists/whitelist"
TEMPLATE_DIR = DATADIR + "templates/"
# CGI location
CGI_URL = "http://wolfhome.com/~cgitest/index2.cgi"
# Define X-Primary-Address key for TMDA-to-TMDA communications
ADDED_HEADERS_CLIENT = { "X-Primary-Address": "%s@%s" % \
(os.environ["USER"], Util.gethostname()) } |
~cgitest/.qmail:
|preline /usr/src/tmda/bin/tmda-filter -c /var/tmda/cgitest/config
./Maildir/ |
tmda-cgi was compiled with the following options:
- config file path:
- /var/tmda/~/config
- mode:
- no-su
- authentication:
- file
- virtual user lookup script:
- None
|
