I believe that in retrospect it was a mistake to use the domain procmail_t for
procmail.
There are several other programs providing essentially the same functionality,
I am now using Courier "maildrop" on one important server and will soon
evaluate "deliver" from Dovecot.
It seems to me that there is no benefit in trying to isolate the different
LDAs from each other. The only situation in which it seems possible to have
more than one LDA in use is from a .forward file (under local user control)
which therefore has Unix permissions to isolate the different instances. It
would be good to have extensions to some popular MTAs to use a user specific
context for the LDA, which could be something like user_lda_t, staff_lda_t,
etc.
While it would be quite possible to extend the courier and dovecot policies to
support maildrop and deliver, I think that would be the wrong approach.
I believe that the right thing to do is to start by renaming procmail to lda
and then adding support for maildrop and deliver, and I'll write the policy
and send a patch after giving people time to comment.
--
russell at coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog