>
> On Thu, 19 Aug 1999, Julian King wrote:
>
> > Does anyone know of a drop in replacement for sendmail which just does
> > smart hosting/smtp conversion? I want something which will take
> > sendmail-esque arguments and just splat the whole thing over SMTP.
> > The only logging should be done via syslog - and it should not need
> > to be run as a special user/setuid? Or failing that something
> > close which can be moulded to that?
>
> How simple do you want it? What should happen if the smart host is down?
> Do you want queueing or not? And how many sendmail-esque arguments need
> it support?
In this particular situation it won't matter, since the smart host
will be on the loopback interface, and this 'MTA' will be running
inside a chroot on the same machine. As for how many arguments it
needs to support, the answer is as many as people use - however only
ones used by external programs to send mail, not things like -bd since
it should never be daedmonised. From my personal experience of
using sendmail in this fashion I doubt that there are more than about 10
different styles of piping mail into it which are commonly used, but
someone is bound to try and use the 11th.
> If you use Exim to do this job, you don't have to run it setuid root.
> However, you do need to run it setuid *something* unless you allow all
> and sundry to write to the spool directory. And of course I haven't got
> round to making it syslog yet...
We considered using exim, but it seemed to get too messy. I do not
want any setuid programs inside this chroot if I can possibly help it.
Barring checks made by exim as to whether it can [e]setuid() itself
I can probably use it as is, but it is sever overkill for what I was
thinking of doing. In principle I should either be able to use it
with sticky directories, or by using it through a wrapper using a
program called userv (
http://www.chiark.greenend.org.uk/~ian/userv/)
which (sort of) provides a replacement to su (quoting from the
above URL: "a Unix system facility to allow one program to invoke
another when only limited trust exists between them.")
If you want I can attempt to try and explain the scenario where I
am trying to set this up, either on-list, off-list, or in person.
Julian
--
Julian King
Computer Officer, University of Cambridge, Unix Support