Re: [Exim] receiver_verify and require_files problem

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-users
Subject: Re: [Exim] receiver_verify and require_files problem
On Wed, 5 Jan 2000, Peter Radcliffe wrote:

> The man page for require_files says that if you have an entry without
> any forward slashes it gets taken as the user to do the file existance
> check as, but here the check is obviously being done as my exim user
> (UID 27) instead of "user" which is the first entry in the list ...


> So, whats going on here ? Philip ? This isn't behaving as advertised.


Aarrgghh!! <Expletive deleted>. This is an unforseen disaster. Sorry.
The problem is that this is happening when you are verifying an incoming
address. That is, it is during message reception. This means that Exim
no longer has any root privilege and is running as the Exim user.
Consequently it is unable to change uid/gid to anything else to do the
check.

There is no way round this in terms of changing the code, as far as I
can tell. It is quite deliberate that Exim is unprivileged when talking
to a foreign host. You will have to work around it in your
configuration. When verifying an address, do you really care if the user
is a procmail user or not? Presumably not. Therefore, why not put
no_verify on that director - cf the default userforward director.

I will have to put come careful commentary into the documentation about
this one. The only other way round it is not to define an Exim user, and
run as root, but I would certainly not recommend that.

Thanks for the report, and sorry about the mess.


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.