roehling
commented
1 year ago I regret using LibMilter, because I paid for the luxury of not needing to implement the Milter protocol myself with major restrictions on how I interact with the code. I cannot create the socket early, because it gets created once I turn control over to the milter main loop, which means I cannot drop privileges after. You can try this, i.e., create a subdirectory that is owned by the PostSRSd user and put the socket there.
I tried out PostSRSd in milter mode and couldn't get it to work. After running it through gdb, I noticed that
acquire_lock("unix:/var/spool/postfix/srs_milter")is failing because it is called after privileges are dropped.Besides fixing this bug, it would be nice if the errors were logged, and if the main process waited for the child milter process to report successful startup (and exit non-0 if it fails to start).