Hi,
I'm trying to get the following router to work properly in Exim 4.14:
tripnote:
driver = accept
verify = false
condition = ${if eq {${extract{targetType}{$address_data}}}{user} {true}}
router_home_directory = \
${extract{home}{${extract{spoolInfo}{$address_data}}}{$value}fail}
user = ${extract{target}{$address_data}}
require_files = ${extract{target}{$address_data}}:$home/tripnote
# Don't send autoreplies to common administrative addresses.
senders = ! : !^.+-request@ : !^owner-.+@ : !^.+-owner@ : !^postmaster@ : \
!^listmaster@ : !^mailer-daemon@ : !^root@ : !^.+-admin@ : \
!^.+=.+\\..+@
transport = tripnote_reply
retry_use_local_part
unseen
address_data is set from a LDAP lookup; the LDAP objects this router
should work for has the following relevant elements
targetType="user"
target="USERNAME"
spoolInfo="home=HOMEDIR maildrop=MAILDROP_PATH"
Users' homedirs are (non-root) NFS mounted on the mail server. Some
users have mode 0700 on their homedirs.
In Exim 2, the '/'-less first element of the require_files section was
interpreted as a username, and caused the existence test for later
elements to be done under the UID of that user.
From looking at the function check_files() in src/route.c, it appears
that this is no longer the case. The function will now try doing a
stat() of any file elements it finds *without* changing (effective)
uid.
Re-reading the latest Exim specification, I can sort of see that the
behaviour I'm experiencing is documented. And, indeed, the
behaviooral change is listed rather explicitly in Exim4.upgrade.
I have searched the list archives and browsed the FAQ, both to no
avail; it seems no one else has seen this as a problem at all.
So, I'm seemingly up the brown river without a paddle. Or, is there
something I'm missing? Pleeeease, tell me it is so! :-)
If I'm *not* missing anything: Can anyone tell me why running as root
while routing is better (securitywise, the Exim4.upgrade file makes me
presume) than using seteuid?
--
Harald
