On Tue, Aug 28, 2001 at 02:39:46PM +0100, Julian King wrote:
> > Anyones success stories etc. on running exim on
> > webservers would also be appreciated.
>
> The best solution I have implemented in several attempts was to
>
> a) always use suexec (if a kludged one that called userv:
> http://www.chiark.greenend.org.uk/~ian/userv/) Thus all cgi ran as a
> user unique to that website.
All new customers on the servers in question run under suexec. It's
quite a task to migrate non-suexec users, but we're getting there.
> b) have the webservers chrooted, and separate from each other
There is only one webserver with multiple vhosts. Running one
webserver for each of the thousands of sites on the server would
be pretty nasty I think!
> Your setup appears to not be using a, which I think is a bad thing. This
> means that you can't easily trace which websites caused email to be emitted.
You are quite correct in this - but unfortunately I have to work
with it like this for the time being.
It seems so far that my only choices are to chmod 0 the offending
scripts, if I find them!
I am still looking for the elusive, "users_not_allowed_to_call_exim_locally"
option! ;)
Thanks for your input.
Ollie
>
> > Ollie
>
> Julian
--
Oliver Cook Systems Administrator, ClaraNET
ollie@??? 020 7903 3065
