Re: [Exim] exim is open relay when started via xinetd

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Kagan Kongar
CC: exim-users, sgl
Subject: Re: [Exim] exim is open relay when started via xinetd
On 2002-01-21 at 12:53 +0200, Kagan Kongar wrote:
> Starting exim (3.34) via xinetd (2.3.3) with default exim.conf ends up
> being an open relay.


Key point: you're not starting Exim as either the compiled-in Exim user
or as root.

>    user     = mail


What uid is that? What uid was the value of EXIM_UID in Local/Makefile
when Exim was built?

> Seems that with "-bs" option, exim treats ALL mail as local,
> and trusts the sender.


This is the case, UNLESS Exim can tell that it was started from
something like inetd. Which currently means "started as root or the
built-in user". Which assumes competence from the person who set the
system up, and an ability to read the documentation.

Complain to the person who packaged Exim for your system.

> Is this a known issue? Am i doing something wrong?


It's a known issue, and has been discussed on the list. A work-around
has been found -- to check if stdin is a socket bound to a port < 1024.

The problem here is bad packaging, using Exim in a way which was only
reluctantly added and then making mistakes in the configuration. If
exim is to be started as user "mail" from inetd, then it should have
been build with the uid of "mail" in EXIM_UID.

Exim 3 is basically in "very important fixes only" state, with Exim 4 in
testing now. The question is how important is it for Philip Hazel to go
out of his way to add code to a locked branch of code, simply to support
broken configuration by someone else. He shouldn't have to.
--
Diplomacy is the art of saying "nice doggie" whilst looking for a big rock.