## Smart Mail Filter milters ######################################## ## ## "Smart Mail Filter" suite variant of milter template. ## ## ## ## The name to be used for deriving type names. ## ## # template(`smf_milter_template',` milter_template(smf_$1) # Milters remove any existing socket (not owned by root) whilst running as root # and then call setgid() and setuid() to drop privileges allow smf_$1_milter_t self:capability { setuid setgid dac_override }; # Look up username for dropping privs auth_use_nsswitch(smf_$1_milter_t) # Allow communication with MTA over a unix-domain socket # Note: usage with TCP sockets requires additional policy manage_sock_files_pattern(smf_$1_milter_t, smfs_milter_data_t, smfs_milter_data_t) # Config is in /etc/mail/smfs/smf-*.conf mta_read_config(smf_$1_milter_t) # Create other data files and directories in the data directory manage_files_pattern(smf_$1_milter_t, smfs_milter_data_t, smfs_milter_data_t) ')