Centralized no-su Setup

If you have multiple users using tmda-cgi in no-su mode, then you might consider moving all of your TMDA files into one central location. This will make it easier to keep group permissions on your directories and files. Here's some sample directories and file contents I set up for my user cgitest:

/etc:
-rw-r--r--    1 root     root           22 Nov 24 23:54 tmda-cgi
-rw-r--r--    1 root     root          557 Nov 27 15:05 tmdarc
-rw-------    1 tofmipd  tofmipd        49 Nov 10 11:02 tofmipd

/var:
drwxr-s--x    3 root     nobody         72 Nov 27 11:24 tmda

/var/tmda:
drwx--s---    6 cgitest  nobody        200 Nov 27 11:39 cgitest

/var/tmda/cgitest:
-rw-r-----    1 cgitest  nobody          0 Nov 27 11:39 config
-rw-r-----    1 cgitest  nobody         41 Nov 27 11:39 crypt_key
drwx--s---    2 cgitest  nobody         96 Nov 27 12:55 filters
drwx--s---    2 cgitest  nobody        144 Nov 27 12:59 lists
drwx--s---    2 cgitest  nobody        120 Nov 27 12:57 logs
drwxrws---    2 cgitest  nobody         48 Nov 27 11:37 pending
drwx--s---    2 cgitest  nobody        768 Nov 29 09:54 responses
drwxr-sr-x    2 cgitest  nobody        200 Dec  6 20:33 templates
-rw-rw----    1 cgitest  nobody          0 Dec 19 10:08 tmda-cgi.ini

/var/tmda/cgitest/filters:
-rw-rw----    1 cgitest  nobody        153 Nov 27 12:54 incoming
-rw-rw----    1 cgitest  nobody        150 Nov 27 12:55 outgoing

/var/tmda/cgitest/lists:
-rw-rw----    1 cgitest  nobody          0 Nov 27 12:59 blacklist
-rw-rw----    1 cgitest  nobody          0 Nov 27 12:59 confirmed
-rw-rw----    1 cgitest  nobody          0 Nov 27 12:59 whitelist

/var/tmda/cgitest/logs:
-rw-r-----    1 cgitest  nobody          0 Nov 27 12:57 debug
-rw-r-----    1 cgitest  nobody          0 Nov 27 12:57 in
-rw-r-----    1 cgitest  nobody          0 Nov 27 12:57 out

/var/tmda/cgitest/templates:
-rw-r--r--    1 cgitest  nobody        407 Dec  6 20:30 bounce.txt
-rw-r--r--    1 cgitest  nobody        215 Dec  6 20:30 confirm_accept.txt
-rw-r--r--    1 cgitest  nobody        702 Dec  6 20:33 confirm_request.txt

/etc/tmda-cgi:
cgitest:XPkY0q/9Uge9I

/var/tmda/cgitest/filters/incoming:
from-file /var/tmda/cgitest/lists/blacklist reject
from-file /var/tmda/cgitest/lists/whitelist accept
from-file /var/tmda/cgitest/lists/confirmed accept

/var/tmda/cgitest/filters/outgoing:
to-file /var/tmda/cgitest/lists/whitelist tag envelope dated=10d from bare
to-file /var/tmda/cgitest/lists/confirmed tag envelope dated=10d from bare

/var/tmda/cgitest/templates/confirm_request.txt:
From.US-ASCII: "%(FULLNAME)s" <%(recipient_address)s>
Subject.US-ASCII: Please confirm your message
Reply-To.US-ASCII: %(confirm_accept_address)s
BodyCharset: US-ASCII
 
This message was created automatically by mail delivery software
(TMDA).
 
Your message attached below is being held because the address
<%(confirm_append_address)s> has not been verified.
 
To release your message for delivery, please send an empty message
to the following address, surf the following link, or use your
mailer's "Reply" feature.
 
  %(confirm_accept_address)s
 
  %(confirm_accept_url)s
 
This confirmation verifies that your message is legitimate and not
junk-mail. You should only have to confirm your address once.

/etc/tmdarc:
import Util
 
# Allow group access to critical files
ALLOW_MODE_640 = 1
os.umask(0027)
 
# Locate important files and directories
DATADIR = "/var/tmda/%s/" % os.environ["USER"]
CONFIRM_APPEND           = DATADIR + "lists/confirmed"
FILTER_INCOMING          = DATADIR + "filters/incoming"
FILTER_OUTGOING          = DATADIR + "filters/outgoing"
LOGFILE_DEBUG            = DATADIR + "logs/debug"
LOGFILE_INCOMING         = DATADIR + "logs/in"
LOGFILE_OUTGOING         = DATADIR + "logs/out"
PENDING_BLACKLIST_APPEND = DATADIR + "lists/blacklist"
PENDING_WHITELIST_APPEND = DATADIR + "lists/whitelist"
TEMPLATE_DIR             = DATADIR + "templates/"
 
# CGI location
CGI_URL = "http://wolfhome.com/~cgitest/index2.cgi"

# Define X-Primary-Address key for TMDA-to-TMDA communications
ADDED_HEADERS_CLIENT = { "X-Primary-Address": "%s@%s" % \
 (os.environ["USER"], Util.gethostname()) }

~cgitest/.qmail:
|preline /usr/src/tmda/bin/tmda-filter -c /var/tmda/cgitest/config
./Maildir/

tmda-cgi was compiled with the following options:

config file path:
/var/tmda/~/config

mode:
no-su

authentication:
file

virtual user lookup script:
None