Hello, I used to have tmda-ofmipd working OK, but I've upgraded (using the rpm method) and now things aren't looking so good.
I want tmda-ofmipd (or any other tool, for that matter) to use the same configuration files & whitelist to send mail as I use to receive mail (tmda-filter). I'd like to be able to start/stop it using some kind of standard tool, and it would even be nice to have it log each message sent in maillog. I don't have to use tmda-ofmipd to do this, if there is another way. Previously I was using a sort of hackish mail loop through qmail by setting SMTPAUTH to "smtpauth" and then having a virtualdomain and a .qmail-smtpauth-default to handle mail for that domain; this ran a script which checked for the existence of a tmda config file and ran tmda-inject if so, otherwise qmail-inject. I was happy to turf that system when I did get tmda-ofmipd working a while ago. Unfortunately, I ran into a problem that spurred me to upgrade: tmda-ofmipd was exploding when I sent mail to people not on my whitelist -- it couldn't append to the whitelist file and died ungracefully. I upgraded because I didn't want to bug you about the error unless I had the latest version installed (so I dont have the stacktrace anymore). So far I've found a few gotchas that could certainly be documented or fixed: 1. The crypt_key must be mode 700 or 600 -- however, when I receive mail I do it as myself, but when I send it the tofmipd user is used (so, basically I have to run it as myself). Maybe this should allow other modes (e.g. allow tofmipd to read the file?) This seems to be new since my previous version. 2. It seems to require /etc/tofmipd or ~/.tmda/tofmipd; I dont want this file. Also this file wants to be mode 700 or 600 so I can't "share" it with tofmipd. This seems to be new since my previous version. 3. Even if I was able to "share" my tmda config with ofmipd, it probably still wouldn't be able to update my whitelist, because it always creates that file with mode 600, which means whoever creates it is the only one who can read it -- this is the problem that I started with. 4. The auth command option, -A, makes it very difficult to write the command line for this correctly. When you run it in the shell, you can say tmda-ofipd -A "/usr/bin/checkpassword-pam -s smtp -- /bin/true", however using daemontools you cannot use these double quotes with daemon --user, because it puts its own double quotes on (to pass to su -c) and doesn't escape mine. In other tools using checkpassword, the auth command is given the entire tail end of the command line for itself and its children so you dont have to deal with these quoting quirks. I think its other option to authenticate using your actual smtp server might replace that, though. 5. Its difficult to get the output -- it seems like initlog logs the first few lines but nothing more. Anyhow, after making these discoveries, I'm now able to run this as myself. It would be nice to support multiple users, but the permissions things I noted above dont seem to make that feasible -- if I could turn these off that would be nicer. Hope this helps, Dobes _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
