[EMAIL PROTECTED] wrote: > You are quite right and I misunderstood them. > But since Mr.Sam names those options "XXX_FIELD", > it's better to write field names here for clearer meaning. > I am talking about the values, not about the fields. I mean you can use constant values for uid, gid, ... instead of adding a column in your db. so one can say MYSQL_UID_FIELD '1234'
> If home is constant, other problems will arise. > The file etc/maildirfilterconfig should be modified. why? I use a constant home, constant uid/gid, but deliver to per user maildirs via the maildir field (which is not directly in the db). works since long. no issues found. It's actually the opposite: maildrop won't complain about inexistent home dir since it's guaranteed to exist. of course, I don't use .mailfilter directly. I use include statements in maildroprc to specify per-user filter files (which I don't call .mailfilter but that's a personal choice). > Alias files $HOME/.courier-* may not exist, then. > I believe that per-user home is better. > This depends on your configuration. I use a constant home. per-user home is appropriate if you use per-mailbox uid/gid. [Off topic from now on] ====================== >> 127.0.0.1 may help in chrotted environments. also, some systems have a >> broken implementation of unix sockets. >> > > Unix domain socket has a much higher efficiency than TCP on loopback > network. true. but I don't like tuning without real need and profiling. premature optimization is ... > Actually the most popular free OSs, GNU/Linux and *BSD have > implemented it well. of course, if we're talking bsd/linux, there should be no issues. but that may not be true under solaris and other systems which implement sockets as a library (around streams...). > > If chrooted environment such as FreeBSD's JAIL is required to be > applied, the socket-bound file may be put into the chrooted environment. First, this is freebsd specific. you'll need to learn how to do it for other platforms, assuming this is possible. Second, this equires work. so yes, that's feasible, nice... if some kind volunteers take the efforts to document this for multiple *linux and *bsd variants. > Actually, MySQL client program always knows username and password to > access MySQL server, which means the MySQL server outside JAIL is as > dangerous as the MySQL client inside JAIL. Only to put the whole MySQL > server into JAIL is a complete solution. > I am not convinced this can be done safely with sockets kept open outside of the jail. now, I didn't read the jail docs for very long (but I seem to remember that if safety is needed, the process shouldn't have descriptors open outside of the jail).
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
