Author: Bill Hacker Date: To: exim Subject: Re: [exim] stopping a user from using exim on system
Frank DeChellis DSL wrote:
> Hi,
>
> We're using Exim 4.54 with Net BSD.
>
> I want to deny access to user www (U=www in my logs).
>
> Is there an easy way to do this? We're trying to find the root of a
> problem and denying this user access would be a great help.
>
> I have ACL running. I've been searching and have not been able to find
> what I am looking for...unless I am working it wrong. I am a 4/10 on
> the Exim expertise scale (6/10 on looks and 8/0 on personality)
>
>
> Thanks
> Frank
>
'www' sounds like an on-box process / daemon-runner. If that is not
clear, then:
add to your ~/configure file:
log_selector = +all
Re-hup Exim, and note your logs show more detail - including the IP and
ports 'www' is connecting from/to
- if any.
Almost certainly your server is running an httpd daemon, such as
A-Patchy as user 'www' and it will not be coming from outside.
You may be hosting web pages that offer 'forms' to be e-mailed, or a
'click here to e-mail this page to a friend' feature.
Webpage mailer-forms are a long-standing source of abuse, and should be
carefully vetted if permitted at all [1].
Exim ordinarily views any on-box 'shell accounts', system aliases,
daemon-runners or other system-users (chron, etc.)
as 'pre-approved' - permitted to submit traffic without further ado.
It can very easily be told otherwise, but you may want to insure that
other on-box submission is not blocked, such as statistics and security
reports, ordinarily submitted by chron-as-root.
HTH,
Bill Hacker
[1] If you run a web-server on the same box as a mail server, *and* have
virtual-domain account-holders who do their own web-page design, *and*
run, for example Apache, PHP, etc. - i.e. - typical LAMPS, then lean
over, grab your ankles and kiss either peace-of-mind, regular sleep, or
your security-model ..... a fond goodbye! ;-)