Re: [exim] Returning mail via filter/how to avoid frozen mes…

Top Page
Delete this message
Reply to this message
Author: Toralf Lund
Date:  
To: Tony Finch
CC: exim-users
Subject: Re: [exim] Returning mail via filter/how to avoid frozen messages
Tony Finch wrote:

>On Thu, 27 Jan 2005, Toralf Lund wrote:
>
>
>
>>  2. Principally speaking, I'm doing this as a normal (Exim) e-mail
>>     user, not as an administrator. Now, I happen to know the root
>>     password and have access to the Exim config, as you probably have
>>     guessed by now, but I'm still not sure it's right to mess up the
>>     global config with all sorts of special cases for my personal needs.

>>
>>
>
>It's possible to cause Exim to run .forward files at RCPT time by removing
>the no_verify option from the userforward redirect router. This means that
>users (independent of the sysadmin) can cause messages to be rejected
>rather than bounced. This might be useful in a setup which supports
>local-part suffixes. One reason that the standard configuration does not
>do this is that Exim is running as the exim user at verification time, so
>users must make their .forward files globally readable.
>

Actually, it turns out to be a bit harder than this. If user is set,
exim will actually try to change to that user when reading the forward
file, at least if it's a filter. It will fail to do that during the
verification, of course, unless the user happens to be the same one as
the one Exim is running as, i.e. often "exim". (This is essentially the
same problem as one discussed on another of my recent threads - on
failing alias expansion.) Furthermore, you typically want the forward
router to set "local user", not Exim. And you need *some* user if
filters are to be allowed.

However, I've now tried adding the following router instead:

forwardtest:
driver = redirect
allow_filter
allow_fail
check_local_user
user=exim
group=exim
no_check_owner
no_check_group
check_ancestor
file = $home/.forward-test
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
ignore_eacces
verify_only

- with quite promising results. Notice how group and user are
overridden. check_local_user is still there, though, so that $home is
still set. Also, permission checks are skipped, and unreadable files are
treated as missing. I'm not using the read forward file(s) for this yet,
though. And I'm wondering if I need the transports etc.

- Toralf