On 03/07/2014 12:26 AM, Alan Chandler wrote: > On 06/03/14 21:23, Tom Hendrikx wrote: >> >> Dspam needs to know who is calling it, so it can check if it's a >> trusted user. Real question is of course why you are trying to run it >> as a numeric uid that does not belong to any system account :) > > Well, because I suppose that is the architecture of Dovecot and the > Antispam plugin. It runs it in the context of the uid of the users > mailbox. > > Why = when I started this project, although I only have 4 users, I > decided it was all about doing what someone with a virtual mailboxes > with 1000s of users > would do, so I tried to design the system so that I didn't need a system > user.
The regular approach to that is that you run and store everything under a single uid, typically named 'vmail' [1]. Right now you have a 'virtual accounts' setup that borrows privilege separation from the 'system accounts' design, but with crippled/broken system accounts. [1] http://wiki2.dovecot.org/HowTo/SimpleVirtualInstall > > I came across a similar post to mine about 4 years old - someone had hit > this problem and couldn't find the correct answer. He didn't seem to > find the answer then, and went down the mail forwarding approach > > It looks though this discussion is going the same way. Dovecot antispam > and a dspam backend is not the right way when you have virtual > mailboxes. Instead, use antispam's ability to pipe the mail to sendmail > and postfix's ability to call dspam with a solid user account. And as > someone said in that other thread - makes sense to not have all the > users creating lots of threads as they move chunks of messages to and > out of their spam folder - but rather use postfix's queuing mechanism to > have a more controlled approach to such a load. > Do you have any number that back this up? I guess that the load caused by an incoming spam run creates a larger peak in IMAP activities (i.e. dovecots LDA storing the messages) than the users that will use the anti-spam plugin to move those messages around: the delivery happens within the hour, the users will do their work in the 24 or so hours after that... Anyway: if you want to go down the sendmail approach, you need to look into the way that messages are formatted when they are sent, and if the headers are preserved. Tom
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce. With Perforce, you get hassle-free workflows. Merge that actually works. Faster operations. Version large binaries. Built-in WAN optimization and the freedom to use Git, Perforce or both. Make the move to Perforce. http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________ Dspam-user mailing list Dspam-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspam-user
