nyarlathotep: cleanup after deployment #55
|
|
@ -214,9 +214,8 @@ in {
|
||||||
++ ["sieve.trusted.*"]; #for macros to be able to include our redirection script
|
++ ["sieve.trusted.*"]; #for macros to be able to include our redirection script
|
||||||
sieve.trusted = {
|
sieve.trusted = {
|
||||||
scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script
|
scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script
|
||||||
|
Gonne marked this conversation as resolved
Outdated
|
|||||||
from-addr = "sender"; # set the from-address to the original sender as specified in the MAIL FROM.
|
return-path = "sender"; # set the outgoing MAIL FROM to the original sender as specified in the incoming MAIL FROM.
|
||||||
|
Gonne marked this conversation as resolved
Outdated
nerf
commented
the the `trusted` part is to much, also see the comment at `from-name` below
|
|||||||
from-name = "sender";
|
|
||||||
|
Gonne marked this conversation as resolved
Outdated
nerf
commented
I couldn't figure out what I couldn't figure out what `from-name` or `from-addr` actually do. Reading the documentation I believe combined they
set the default value for the `From:` header of a generated mail. But I couldn't verify this in tests.
Maybe it does something different that has to do with the `MAIL FROM:` see comment below
nerf marked this conversation as resolved
nerf
commented
where did the where did the `/tmp` folder discussion disappeared to?
nerf
commented
ahh it got marked outdated ahh it got marked outdated
|
|||||||
return-path = "sender";
|
|
||||||
# If we are the sender, we sign the message with DKIM. Else we leave it alone.
|
# If we are the sender, we sign the message with DKIM. Else we leave it alone.
|
||||||
|
Gonne marked this conversation as resolved
Outdated
nerf
commented
This seems to do what we want, even though the documentation reads like it sets the This seems to do what we want, even though the documentation reads like it sets the `Return-Path:` header. But it seems to set the reverse path (which is the argument to the `MAIL FROM:` smtp command). Maybe it does both?
nerf
commented
This parameter seems to control the This parameter seems to control the `MAIL FROM:` and with this all the headers we want to set.
The documentation reads to me as if it sets the `Return-Path:` header. I'm unsure if it actually does it.
|
|||||||
sign = [
|
sign = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
maybe we should move this file from
/tmpinto the/rundirectory as this usually has properfile access rights set up.
There is also
JoinsNamespaceOfforPrivateTmpof systemd service units (https://www.man7.org/linux/man-pages/man5/systemd.exec.5.html) but I didn't succeed setting it.Reading https://lwn.net/Articles/436012/ I have no idea whether
/runis a better place.We don't care about the early boot discussion. So the question is, is it runtime date or temporary data, wherever the boundary between these two is. Putting things in
/tmpis often a buggy mess as this directory is usually somewhat of a global dumpster fire, where there are no guarantees that this file does not already exist with some important information for some other process (though unlikely).PrivateTmpwould save us here, but even the documentation says that one should not rely on this (and we would need to get it to work).If we already follow Lennart's advice then we also should use
mkstempto generate files in/tmpwhich willbe very painful in a nix setting (as paths and filenames will only be available at runtime). Lennart also seems to think that
/runis primarily for communication primitives (is this one?).See his blogpost.
So after reading all of this maybe the cleanest option is to get the
JoinNamespaceOfoption to work?I got the private
/tmpwithJoinsNamespaceOfworking.