Bug#1002527: "milter-greylist -u user" considered harmful
X-Debbugs-CC: mrvn@renich.org, bunk@debian.org, tron@zhadum.org.uk, tobi@debian.org
Hello,
How do folks feel about the attached patch (against
https://salsa.debian.org/debian/milter-greylist)? It implements
Matthias's proposal of allowing the use of a user (and/or group)
other than 'greylist' for systemd users as well.
I understand it may not be a 100% "solution" that everyone would be
happy with (e.g. postinst configure still sets 'greylist' as the owner
user and group for /var/lib/milter-greylist), but I think it's an
improvement over the current situation, as it makes milter-greylist
respect the corresponding setting in its configuration file, and also
adds an example of more suitable 'socket' and 'user' settings values
to the configuration file for use with a chrooted Postfix.
I'd appreciate any comments/feedback on this, but if there aren't any,
I'd ask Tobi to sponsor it to unstable for me.
Thanks,
-a
>From cbfdd5fb0dcc45639b313eea5cdf2f580be18f52 Mon Sep 17 00:00:00 2001
From: Amin Bandali <bandali@gnu.org>
Date: Fri, 13 Oct 2023 01:28:35 -0400
Subject: [PATCH] Set user greylist in greylist.conf instead of
milter-greylist.service
---
debian/changelog | 12 ++++++++++++
debian/milter-greylist.service | 2 +-
debian/patches/greylist.conf | 19 ++++++++++++-------
3 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 3a05494..f36f77a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+milter-greylist (4.6.4-1.2) unstable; urgency=medium
+
+ * QA upload.
+ * Non-maintainer upload.
+ * Set user greylist in the configuration file rather than as a
+ command-line option in the service file (which always takes
+ precedence) to allow easier customization. (Closes: #1002527)
+ - debian/milter-greylist.service
+ - debian/patches/greylist.conf
+
+ -- Amin Bandali <bandali@gnu.org> Fri, 13 Oct 2023 18:43:39 -0400
+
milter-greylist (4.6.4-1.1) unstable; urgency=medium
* QA upload.
diff --git a/debian/milter-greylist.service b/debian/milter-greylist.service
index b5a6e80..bcef86f 100644
--- a/debian/milter-greylist.service
+++ b/debian/milter-greylist.service
@@ -5,7 +5,7 @@ Before=postfix.service
[Service]
Type=forking
-ExecStart=/usr/sbin/milter-greylist -u greylist
+ExecStart=/usr/sbin/milter-greylist
Restart=on-failure
PrivateTmp=true
diff --git a/debian/patches/greylist.conf b/debian/patches/greylist.conf
index 6e1d33d..216aae9 100644
--- a/debian/patches/greylist.conf
+++ b/debian/patches/greylist.conf
@@ -8,23 +8,28 @@ Index: milter-greylist-4.5.11/greylist.conf
===================================================================
--- milter-greylist-4.5.11.orig/greylist.conf 2014-07-30 09:29:48.543484591 +0100
+++ milter-greylist-4.5.11/greylist.conf 2014-07-30 09:29:48.539484522 +0100
-@@ -6,11 +6,17 @@
+@@ -6,11 +6,21 @@
#
pidfile "/var/run/milter-greylist.pid"
-socket "/var/milter-greylist/milter-greylist.sock"
-dumpfile "/var/milter-greylist/greylist.db" 600
++socket "/var/run/milter-greylist/milter-greylist.sock"
+dumpfile "/var/lib/milter-greylist/greylist.db" 600
dumpfreq 1
-+
-+# For sendmail use the following two lines
-+socket "/var/run/milter-greylist/milter-greylist.sock"
- user "smmsp"
+-user "smmsp"
++user "greylist"
-+# For Postfix uncomment the following two lines and comment out the
-+# sendmail ones above.
++# If using Postfix rather than Sendmail, uncomment the following
++# socket and user settings and comment out the socket and user above.
+#socket "/var/run/milter-greylist/milter-greylist.sock" 660
+#user "postfix"
++
++# If using a chrooted Postfix, you might want to use something like
++# the following instead (where "/var/spool/postfix" is the Postfix
++# chroot):
++#socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 660
++#user "greylist:postfix"
# Log milter-greylist activity to a file
#stat ">>/var/milter-greylist/greylist.log" \
--
2.39.2
Reply to: