Re: [refpolicy] Milter Mail Filters

[Paul Howarth <paul@city-fan.org>]

Paul Howarth wrote:
> attached is a patch based on local policy I'm using on Fedora 9 to 
> support two "milter" mail filter daemons in conjunction with sendmail, 
> namely spamass-milter and milter-regex (I maintain the packages for both 
> of these in Fedora).
> 
> I've taken the view that most milter applications will have similar 
> requirements and so I've created a milter_template interface that 
> contains most of what's needed, and then added the specifics that are 
> needed on top of the generic stuff for each application.
> 
> However, as I'm by no means an selinux expert, there are a number of 
> things I'm unsure about:
> 
> 1. In a situation where sendmail is the running MTA on a system, what is 
> the difference between sendmail_t and system_mail_t?
> 
> 2. MTAs other than sendmail (postfix comes to mind) can also use 
> milters, but as I don't have any boxes running postfix, I don't know 
> what I'd need to add to postfix policy to support milters.
> 
> 3. Fedora 9 has an interface spamassassin_domtrans_spamc that I used in 
> my local policy. It doesn't appear to be present in refpolicy; what 
> would be the right thing to use for a daemon calling spamc?
> 
> 4. I cribbed the milter_port_t stuff from the only example I could find, 
> and it's probably wrong. What would be the correct way of defining this?
> 
> 5. Does the use of a template for these applications a sane way to do it?

Should I have raised this somewhere else, or in a different way? I've 
had no responses either here or on fedora-selinux-list. The 
spamass-milter is currently broken with SELinux enforcing on Fedora 9 
and I'd like to be able to make at least a little progress towards 
fixing that.

Paul.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.