Re: [exim] stopping a user from using exim on system

Pàgina inicial
Delete this message
Reply to this message
Autor: Bill Hacker
Data:  
A: exim
Assumpte: Re: [exim] stopping a user from using exim on system
Frank DeChellis DSL wrote:

> Hi,
>
> We're using Exim 4.54 with Net BSD.
>
> I want to deny access to user www (U=www in my logs).
>
> Is there an easy way to do this? We're trying to find the root of a
> problem and denying this user access would be a great help.
>
> I have ACL running. I've been searching and have not been able to find
> what I am looking for...unless I am working it wrong. I am a 4/10 on
> the Exim expertise scale (6/10 on looks and 8/0 on personality)
>
>
> Thanks
> Frank
>


'www' sounds like an on-box process / daemon-runner. If that is not
clear, then:
add to your ~/configure file:

log_selector = +all

Re-hup Exim, and note your logs show more detail - including the IP and
ports 'www' is connecting from/to
- if any.

Almost certainly your server is running an httpd daemon, such as
A-Patchy as user 'www' and it will not be coming from outside.

You may be hosting web pages that offer 'forms' to be e-mailed, or a
'click here to e-mail this page to a friend' feature.
Webpage mailer-forms are a long-standing source of abuse, and should be
carefully vetted if permitted at all [1].

Exim ordinarily views any on-box 'shell accounts', system aliases,
daemon-runners or other system-users (chron, etc.)
as 'pre-approved' - permitted to submit traffic without further ado.

It can very easily be told otherwise, but you may want to insure that
other on-box submission is not blocked, such as statistics and security
reports, ordinarily submitted by chron-as-root.


HTH,

Bill Hacker

[1] If you run a web-server on the same box as a mail server, *and* have
virtual-domain account-holders who do their own web-page design, *and*
run, for example Apache, PHP, etc. - i.e. - typical LAMPS, then lean
over, grab your ankles and kiss either peace-of-mind, regular sleep, or
your security-model ..... a fond goodbye! ;-)