Some discussion with the debian packager shows that
the behavior of exim4 and the debian package is correct,
so it comes down to a need for a work around. As the
packager expressed no interest in making any suggestions
as to the preferable approach to the problem, I'm
going straight to the top :-)
I have a legacy mail delivery system which I wrote and
have had in use for about 8-9 years now (in one for or
another). Originally it ran under sendmail (until I
abandoned it for exim way back... remember the sendmail
security update of the day period?).
The primary feature, and only one relevant to this
problem, is the use of a choice of mSQL or per
domain flat files for pop mail user authentication.
All has been well until the recent spammer technique
of using trojan networks to try thousands of possible
email addresses against each domain. It brough my
server to the edge of collapse last week. The solution
was to write an email address verifier that can check
the existing popmail user data. This looked fairly
straightforward, and the coding only took a couple
hours... even including figuring out code I'd not
touched in seven or eight years. Figuring out the
best way to make exim4 do this test at the HELO took
me a little longer, but even so was not *that* bad.
spec.txt is huge, but I managed this:
weasel_vfy:
driver = queryprogram
domains = +weasel_domains
retry_use_local_part
command = /usr/sbin/weaselvfy ${local_part} ${domain}
command_user = mail
command_group = mail
verify_only
verify_sender = false
verify_recipient = true
debug_print = "***** WEASEL VERIFIER ${local_part} ${domain} *****"
The verifier is set up like this:
-r-sr-xr-x 1 root mail 12416 Jul 4 02:25 /usr/sbin/weaselvfy
The user data files are set up like this:
-rw-r--r-- 1 root root 6647 Mar 2 19:12 users
(I'd actually rather have it 600, but that seems to
present even more problems)
The only problem is, it cannot work the way I wish. I have just
this evening been told the documentation points out:
"verify_only
Type: boolean (precondition)
Default: false
Warning: When the router is being run to verify addresses for an incoming SMTP
message, Exim is not running as root, but under its own uid. If the router
accesses any files, you need to make sure that they are accessible to the Exim
user or group."
that command_user and command_group are ignored. So it
is explained why in this particular case code that
worked under the transports during delivery did not work
in routers during verify.
So how do I best work around this without making my mail
user security data 'too' insecure? This is what I wish
to accomplish:
* spammer feeds me an invalid user name
during the HELO, etc exchange.
* If the mail is in a domain handled by
my external system, I ask it to
validate the name against the
database.
* As soon as I see the user is not
in the database, I drop the connection.
Given the way you have the code setup, what is your
intended way for problems of this sort to be handled?
The 'interior logic' of your code as it were?
--
------------------------------------------------------
Dale Amon amon@??? +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------