On Thu, Dec 06, 2001 at 09:31:21AM +0000, Philip Hazel wrote:
| On Wed, 5 Dec 2001, dman wrote:
|
| > | Set security=unprivileged in your Exim configuration.
| >
| > I tried this, but it didn't work. Exim still wants to be suid root so
| > it can then switch to my UID/GID.
|
| Hmm. It should be possible. I do it regularly when testing Exim on
| machines where I do not have root access. Maybe there is an issue with
| groups. Are you in more than one group? Are you running in a group other
| than your default group when trying this?
I've undone my commenting out, so the source tree is as it was
released, and tried again.
$ whoami
dsh8290
$ groups
ugrad
$ ypcat passwd | grep dsh8290
dsh8290:##dsh8290:3283:150:Derrick S Hudson;951;wsen1;:/home/stu12/s18/dsh8290:/bin/csh
$ egrep "^EXIM_[UG]ID" Local/Makefile
EXIM_UID=3283
EXIM_GID=150
$ ls -l ./build-SunOS5-5.8-sparc/exim
-rwx------ 1 dsh8290 ugrad 559536 Dec 6 22:19 ./build-SunOS5-5.8-sparc/exim
$ ./build-SunOS5-5.8-sparc/exim dsh8290 # leading space added for this post
From: me
Subject: test
hello world
^D
$ tail -9 ~/var/log/exim/mainlog
2001-12-06 22:24:06 16CBcE-0001BX-00 <= dsh8290@???
U=dsh8290 P=local S=297
2001-12-06 22:24:06 16CBcE-0001BX-00 Unable to get root to set
uid 3283 and gid 6 for local delivery to dsh8290: uid=3283 euid=3283
2001-12-06 22:24:06 16CBcE-0001BX-00 failed to read delivery status for
dsh8290@??? from delivery subprocess
2001-12-06 22:24:06 16CBcE-0001BX-00 appendfile transport process
returned non-zero status 0x0100: exit code 1
2001-12-06 22:24:06 16CBcE-0001BX-00 == dsh8290@???
T=local_delivery defer (-1)
2001-12-06 22:24:06 16CBcM-0001Ba-00 <= <> R=16CBcE-0001BX-00
U=dsh8290 P=local S=487
2001-12-06 22:24:06 16CBcE-0001BX-00 Frozen
2001-12-06 22:24:07 16CBcM-0001Ba-00 => root <postmaster@???>
D=localuser T=local_delivery
2001-12-06 22:24:07 16CBcM-0001Ba-00 Completed
$
(with my config, the message for root went to ~/var/spool/mail/root,
as expected)
That was with no filter file installed, so delivery should have gone
to ~/var/spool/mail/dsh8290.
Interestingly enough, if I install a filter file, I get :
$ tail -3 ~/var/log/exim/mainlog
2001-12-06 22:28:18 16CBgF-0001Bt-00 <= dsh8290@???
U=dsh8290 P=local S=288
2001-12-06 22:28:18 16CBgF-0001Bt-00 ==
/home/stu12/s18/dsh8290/~/exim-Mail/ToMe/ <dsh8290@???>
D=userforward defer (-31):
directory_transport unset in userforward driver
2001-12-06 22:28:18 16CBgF-0001Bt-00 ==
/home/stu12/s18/dsh8290/~/exim-Mail/filteredinbox/
<dsh8290@???> D=userforward defer (-31):
directory_transport unset in userforward driver
$
That seems better.
It looks like I need to specify maildir in the config, and put "seen"
in front of "save" in the filter file, but I though "save" was already
significant. Maybe it kept going because the save failed?
[ some time later, while still reading docs and trying stuff ]
I found the place where directory_transport belongs. Now it delivers,
but "~" is not expanded. I see now in the examples, I can use
"$home". Why not "$HOME", which is more familiar to *nix users? Can
I create my own variables? I am getting "unknown filtering command"
messages with the syntaxes I tried.
As far as the duplicate goes, prepending "seen" in front of "save"
didn't help. The duplicate delivery is a simple "save" at the end of
the file to catch anything that didn't get delivered already.
[ after one more test ]
Oh, I need to explicitly "finish" after every save.
| > It would be nice if there was a configuration option to set in the
| > Makefile that would disable all UID checking and changing.
|
| security=unprivileged is supposed to do this.
I'm glad the feature has already been included, but I think it is a
bug that the default delivery fails when there is no reason to. Maybe
it would be better if the filter part was factored out into a separate
binary. The main exim binary can do the main MTA functions, and
invoke the filter binary in much the same way procmail is (commonly)
used today. This would also allow people who only want filtering to
ignore the rest of the MTA's capability. (then again, one could argue
that delivery is not part of the MTA's responsibility at all, and all
of the local delivery and filtering should be handled by separate MDA
program)
[ summary : ]
This message ended up being rather long. Basically I have exim
working, and now it is time to give the filtering a good comparison
against procmail. The two remaining questions I have are
1) Can I create and use variables of my own choosing in a filter
file? For example, if I want all mail folders to be in
/some/really/long/path/Mail/, I want to do something like
BASEPATH=/some/really/long/path/Mail/
save $BASEPATH/this_folder
(but I may want a variable for anything, not just paths)
2) Can I include another filter file? Suppose I want to have a
list of spammer addresses in a separate file. With procmail I
can "INCLUDERC=$HOME/util/procmailrc/spam" and avoid
cluttering up my maililng list sorting with spam cleanup.
-D
--
(E)very (M)inor (A)ttention (C)osts (S)anity
