Previously, exim would have its own spam score threshold and expect
spamassassin to mark any messages as spam (even with negative score), so
spam headers could be added on non-rejected messages. Now, we use three
acl clauses instead of just one, allowing us to accept the judgment of
spamassassin again and add spam headers in a separate clause.
spamassassin: Run as user "spamd" instead of root.
When running as root, spamd will run as whatever user the client claims
to be, to read preferences. Since this is not-so-secure, we'll just run
as an unprivileged user to begin with (since we don't do per-user
privileges anyway).
The default template is long and wordy, and says the message is marked
as spam. In our configuration, all messages get the report, so that is
not very accurate.
spamassassin: Set the threshold really low (-100.0).
Exim will has its own spamscore threshold, but only adds spam headers on
messages that are spam according to spamassasin. So we set the threshold
really low here.
This removes all previous delivery methods (.forward files, procmail and
direct Maildir delivery) in favour of using dovecot's deliver program.
Dovecot supports forwarding and filtering use sieve scripts and knows
exactly where a user's mailbox should be, so this does not remove
functionality but prevents duplicate configuration.
This commit mostly removes the fancy Debian debconf automatic stuff,
since that creates a lot of overhead with macros being defined in one
place and the actual configuration in another place. Other unused parts
of the configuration are also unused.
Configuration is added for the main delivery lookups to happen from
ldap data. Both persons and groups in the LDAP directory can have email
addresses defined, which will then get forwarded or delivered
appropriately (for emailaddresses in the virtual_domains setting, of
course). Email will also be delivered for any username@host addresses,
where host is one of the drsnuggles vservers.
This makes sure that common-account supports both unix users (from
passwd) and ldap users. A lot of services don't do real (password)
authentication, but do need to work for both ldap and unix users (cron,
su).
common-auth still only works for ldap users, since those are the only
ones with actual passwords.
pam: Allow only root to change shells and user info.
Since changing user info and shells for ldap users is not supported by
chfn and chsh anyway, and we have no real users that are not in ldap,
limiting this to just root makes sense.
The session modules seem useless, and the common files only include ldap
and don't know about root, so that only gives warnings when root is
trying to su.
This makes it impossible for non-root users to use su, but that's a
feature.