Re: [Exim] Sending messages with different priorities

Top Page
Delete this message
Reply to this message
Author: Enrico Zini
Date:  
To: exim-users
Subject: Re: [Exim] Sending messages with different priorities
On Tue, Dec 11, 2001 at 12:53:48PM +0200, Sheldon Hearn wrote:

> > 2001-12-11 10:33:42 exim user (uid=33) is defined only at runtime; privilege lost for -C
> If you're seeing this, you're wrong about the debian packages providing
> compile-time values for exim_user and exim_group.


Maybe I was unclear. I try to summarize again my situation:

I use the exim binary that comes with debian testing, that has
exim_user=mail and exim_group=mail. This is fine with the primary exim
configuration.

For the second one, I wanted to avoid recompiling and I'm just using a
different configuration file. Compile time defaults are therefore the
same as debian ones, since it is the same binary (that is,
exim_user=mail and exim_group=mail), but in the second config file I
have:

exim_user = www-data
spool_directory = /var/spool/exim_bulk
log_file_path = /var/log/exim_bulk/%slog

Here are the directory and file permissions:

service:~# ls -lad /var/spool/exim_bulk/ /var/log/exim_bulk/
drwxr-s---    2 www-data adm          4.0k Dec 11 10:22 /var/log/exim_bulk//
drwxr-x---    5 www-data mail         4.0k Dec 11 11:50 /var/spool/exim_bulk//


service:~# ls -la /var/log/exim_bulk/
total 25M
drwxr-s---    2 www-data adm          4.0k Dec 11 10:22 ./
drwxr-xr-x   11 root     root         4.0k Dec 11 06:26 ../
-rw-r-----    1 www-data adm           24M Dec 11 11:58 mainlog
-rw-r-----    1 www-data adm             0 Dec 11 10:22 paniclog
-rw-r-----    1 www-data adm             0 Dec 11 10:22 rejectlog


mainlog has been created by exim itself, while the other two have been
created by me to try to make exim write into them, but with no success.


> > Why aren't they going to the logs? mainlog is being written, and the
> > directory it is into is writable by www-data.
> Check your paniclog. Also, how're you going to write to the paniclog
> successfully if you've lost privelege? :-)


The paniclog is empty, but as you can see it is writable by www-data, so
exim should be able to write into it. It is able to write into mainlog,
why not paniclog? Even if I'm loosing root privileges, I still have
those of www-data, isn't it?


> > Another question: how can I tell the second exim configuration to route
> > the messages to be delivered locally through the first one? When some
> > delivery fails, exim tries to notify the sender by e-mail, but since it
> > is running as www-data it cannot do local deliveries. Should I just
> > tell it that no addresses are local and let it go through the usual MX
> > routing for local messages, too?
>
> Well then there's a reason not to do what you're doing. I don't think
> you can achieve what you want without giving Exim compile-time defaults
> for exim_user and exim_group and not messing around with having the
> queue owned by www-data.


As you can see, the queue IS owned by www-data and exim_user and
exim_group are overridden in the second config file and the logs are
owned by www-data and I have another exim in the same machine that can
do local deliveries and I can use it.

I fear that I'm not explaining myself well, since I feel like I'm
repeating all this over and over, so please tell me if after reading my
messages there's still something you have unclear about my
configuration.

The questions I have now are:
 1) Why aren't tose messages I get in exim's stderr (as reported in the
    previous post) being written to the logs?
 2) Can I just say to the second exim that deliveries for the local
    hostname and localhost are to be delivered via SMTP to localhost,
    where the primary exim is listening?


Thanks a lot for the help you are giving me!

Bye, Enrico