On Tue, Aug 28, 2001 at 03:34:17PM +0200, Sheldon Hearn wrote:
> That's fine, since only Exim's trusted_users are allowed to send mail as
> if from someone else. So just make sure nobody SuEXECs to a
> trusted_user.
Hi Sheldon,
I fail to see your point here. If they are not able to affect the
envelope sender (a good thing), I will need to have a look at the
From: header, to determine which sender to block as I won't be
able to block a system user. (I still have no way of actually doing
this though - for all I know it might not even be possible in Exim
3)
A message from a non-suexec'd user would have headers like:
Return-path: <www@???>
Received: from www by fama.uk.clara.net with local (Exim 3.33 #1)
id 15bjMX-000KFP-00
for ollie@???; Tue, 28 Aug 2001 14:57:05 +0100
From: whatever_address@they_choose.net
To: ollie@???
So, if the script generating these mails was causing loading
problems - my only choice would be to, somehow, not accept
messages locally that have the From: header "whatever_address@they_choose.net".
If they are SuEXEC, I might be able to block their UID from passing
messages to Exim locally. In fact, I think this is what I'm going
to have to end up doing - and have no comeback on non SuEXEC'd users
until we can migrate them across. I just hope there is a way of choosing
which users are allowed to user exim on the commandline.
Maybe I misunderstood what you were saying...?
Cheers,
Ollie
--
Oliver Cook Systems Administrator, ClaraNET
ollie@??? 020 7903 3065
