On Tue, 13 Sep 2005, Bryan Henderson wrote:
> Does it have to be setuid anything?
Possibly not.
> The SMTP server can just run as real 'exim' (no setuid), right?
If by "SMTP server" you mean the Exim daemon, then maybe. The issue is
that root privilege is needed in order to start listening on a
privileged port. Once this is set up, the conventional setuid=root
Exim daemon obeys setuid(exim) in order to run as 'exim' from then on.
So I suppose you could have no setuid on the code, and always start it
as root. However, if you then change the configuration, you will have to
kill it and restart it (as root) rather than just sending a HUP signal.
The next problem is that, when it has received a message, the daemon
normally re-execs itself in order to regain root privilege for the
delivery. You'll have to live without this - all routers will have to be
able to access whatever they need as 'exim', and all transports will
have to run as 'exim'.
> The piped-to transport program would be setuid so that it can make
> local deliveries. It can also handle forwarding, or .forward files
> can simply be world readable.
Sounds like the pipe-to transport could be Exim <grin>. But yes, if you
want to do it that way.
> It can inherit it's Port 25 socket.
Eh? That doesn't make sense. That socket is long gone. It is part of the
receiving process and is discarded as soon as the message is safely on
the spool. Remember, messages may not get delivered immediately.
> As a mail originator, Exim wants to directly access the mail queue for
Sorry, I can't follow that. What do you mean by "mail queue"? Exim has
its own queue which of course it must access. What am I missing?
> local deliveries, but it doesn't have to. It could take advantage of
> a setuid pipe transport program.
There are several local delivery programs such as procmail, but I don't
think people normally run them setuid.
> Or that program could be executable only by 'exim' and the mail
> originator could do an SMTP connection to localhost. Is there a way
> today to configure Exim to do that (Use SMTP transport for locally
> originated locally bound mail, but local transport for SMTP originated
> locally bound mail)?
You can certainly configure Exim to do that if you want. Any router can
route an address to any transport. You'll need to specify exactly what
you mean by "locally originated". Some MUAs call the MTA and send
messages on stdin (sometimes using -bs and sometimes not); others send
it to 127.0.0.1. There are conditions that can be used to identify these
cases.
> Is there maybe some other simple SMTP client program that one could
> use with an MUE instead of Exim?
Pass.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
