Jason,
>> It says it works with exim. The suggested installation says to add
>> yourself to trusted_users. I don't really like that idea very much,
>> and I suspect it isn't needed.
As you've written, it needs this to have the envelope-from address
changed from the user's normal origin address. This opens up the
possibility for all local users which can use TMDA to tag outgoing
messages (and therefor must be trusted exim users) to also fake the
origin to whatever they like, and I think this is a real security
concern for systems with shell users, esp. if it's not in a controlled
area. I would not like that idea on a school/college/university/..
system.
><http://software.libertine.org/tmda/config-pre.html>
I've read through your pages and in generally, it's a very interesting
tool, but I can't figure all the details how it really works so I'm a
bit lost in how I could implement it on my system.
So what I'm missing is some kind of a flow chart telling me where the
messages go through on inbound and outbound with the details on where
which address part get's rewritten and so on.
Said all this, to make it somewhat more interesting, I'm not sure on
how to implement it on a system with absolutely NO shell users. This
means, the mail is collected by pop and delivered with SMTP (with or
without auth). This also means, the "users" don't have a home
directory at all and therefore can't have any kind of ~/.forward or
whatever files, including any user-specific white-/black-lists in a
home directory.
So I've some ideas, but be warned I don't have any idea of how this
has to be implemented into TMDA, as I didn't look at the source yet.
For a system like that (which probably is not too un-common these
day's), I need it set up on a system-wide basis, but still
configurable by the user. The configuration files could be held in a
configuration directory, base name set to the user's mailbox name. But
it might also be desirable to have domain-wide files, and/or system
wide files. Next probably also complicating fact is that the mailbox
name, the user name used for picking up the pop mail and delivering
mail with ASMTP, is not the same as the email address itself. Say user
User1 has email address joe@??? and User2 is
diane@??? and so on.
The user/domain-wide configuration could be done with some web
interface or perhaps easier with an email address the user can send
change requests for his configuration, similar to controlling mailing
list subscriptions.
My general impression is, that it would be something like a
system-wide rewrite filter for every mail passing in and out. That way
it should also be possible to have it do the outbound tagging without
the users to be trusted (at least so I can imagine it to work).
This all said, I'd be very interested to help out implementing
something like that, but at the moment I don't have the necessary
spare time and I don't know python at all. I can help you test
something like that, if that would help you.
BTW: I've also studied the example for qmail/vpopmail to implement it
for Win-Clients but could not transfer that information to my exim
installation at all.
So now Jason, did I understand something right or am I completely
wrong with my assumptions? Contact me directly if you like to discuss
any of this off the list, ovb-at-ovb-dot-ch.
Cheers,
Oliver
