--
Circa 2002-Jan-13 03:00:58 +0100 dixit Phil Pennock:
: On 2002-01-12 at 20:10 +0000, Philip Hazel wrote:
: [ exim rejecting connections if port != 25 ]
: >
: > Indeed. That's a tighter variant on the suggestion above. I had
: > overlooked the possibility of testing the port.
:
: And breaks if someone is running Exim on submission/tcp (587) or one of
: the port-26 hacks used by some, in combination with authentication, to
: get around forced proxying by ISPs with broken set-ups.
:
: Unless anyone here has a pressing desire to see a huge upsurge of
: exim-users@ posts by people who don't read FAQs or do background
: research, surely it's safer to merely check for a port < 1024, which
: should (on 'supported' platforms) be sufficient to check that someone
: with administrative access set-up the situation under which Exim is
: being run.
Sounds like this sort of thing should be made configurable. I can
easily envision situations where having exim listen on a non-privileged
port in a controlled environment would be beneficial. E.g., testing a
new version in an evironment where spare machines are wanting.
Not to mention that the idea of privileged vs. non-privileged ports is
somewhat less relevant than it used to be.
Wouldn't it be better for exim to use a specific command-line flag to
say that it's running under inetd (and should therefore expect a socket
on stdin)? That would solve the problem of detecting whether it
*should* have a socket on stdin or not. Then, if the calling user is
root or an admin user, exim would accept the socket, otherwise it
refuses.
Or, if it comes to that, add an 'inetd_user' configuration option, and
exim accepts sockets only from that user (or only from root and that
user).
Problem solved, no?
: Unless Windows is now a supported Exim platform? ;^)
http://www.exim.org/mailman/htdig/exim-users/Week-of-Mon-20011203/032744.html
http://www.exim.org/mailman/htdig/exim-users/Week-of-Mon-20011203/032747.html
Won't be long now. ;)
--
jim knoble | jmknoble@??? |
http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
--
[ Content of type application/pgp-signature deleted ]
--