Re: [Exim] Exim on webservers

Top Pagina
Delete this message
Reply to this message
Auteur: Ollie Cook
Datum:  
Aan: Sheldon Hearn
CC: exim-users
Onderwerp: Re: [Exim] Exim on webservers
On Tue, Aug 28, 2001 at 03:34:17PM +0200, Sheldon Hearn wrote:
> That's fine, since only Exim's trusted_users are allowed to send mail as
> if from someone else. So just make sure nobody SuEXECs to a
> trusted_user.


Hi Sheldon,

I fail to see your point here. If they are not able to affect the
envelope sender (a good thing), I will need to have a look at the
From: header, to determine which sender to block as I won't be
able to block a system user. (I still have no way of actually doing
this though - for all I know it might not even be possible in Exim
3)

A message from a non-suexec'd user would have headers like:

  Return-path: <www@???>
  Received: from www by fama.uk.clara.net with local (Exim 3.33 #1)
        id 15bjMX-000KFP-00
        for ollie@???; Tue, 28 Aug 2001 14:57:05 +0100
  From: whatever_address@they_choose.net
  To: ollie@???


So, if the script generating these mails was causing loading
problems - my only choice would be to, somehow, not accept
messages locally that have the From: header "whatever_address@they_choose.net".

If they are SuEXEC, I might be able to block their UID from passing
messages to Exim locally. In fact, I think this is what I'm going
to have to end up doing - and have no comeback on non SuEXEC'd users
until we can migrate them across. I just hope there is a way of choosing
which users are allowed to user exim on the commandline.

Maybe I misunderstood what you were saying...?

Cheers,

Ollie

-- 
Oliver Cook    Systems Administrator, ClaraNET
ollie@???               020 7903 3065