Re: [exim] Running exim as a user with no username

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
MMike Cardwell en <-
MMike Cardwell en ->
Delete this message
Reply to this message
Autor: W B Hacker
Data:  
A: exim-users
Assumpte: Re: [exim] Running exim as a user with no username
Mike Cardwell wrote:

> * on the Tue, Feb 21, 2006 at 04:27:04AM +0800, W B Hacker wrote:
>
>
>>I understand the solution, but I was puzzled by your OP as to
>>why you wanted to do this at all (w/r Exim's EUID) - and am
>>still puzzled.
>>
>>Just as background, in my own installations Exim, SA, ClamAV,
>>Dovecot IMAP/POP, and the Webmail daemon each run at all times
>>as their own UID.
>>
>>The end user's ID is not only not used - they don't even *have*
>>one. Even 'postmaster' has to have an entry in the SQL DB.
>>
>>Which is perhaps as diametrically opposite to your approach as
>>it gets - where you run the daemon with no default UID, I handle
>>the users with no UID.
>>
>>Neither criticizing nor advocating either method, as mine is as
>>non-standard as yours is.
>>
>>But hope you can see why I am (still) curious...
>>
>>Care to enlighten?
>
>
> The environment this is running in sounds very different to yours.
> The machines are actually web servers, not mail servers. Exim
> isn't even running as a daemon. The only reason exim is on there
> is so people can send emails from forms. UIDs on the system are
> mapped to usernames via an ldap connection to the Active
> Directory. When someone runs their (hopefully safe) copy of
> formmail.cgi etc they run under a suexec style system so the
> process runs as their own user. At the normal user level they
> don't have access to query the AD. Is this starting to look more
> clear?
>
> Mike
>

I now understand how. I think I understand what for.

'Why Exim' for mere submission of outbound traffic to a foreign
host, and only from a 'known in advance' list/DB of permitted
users, still escapes me. If that is actally the 'what'.

Unless Exim is *also* (but separately) installed to handle
other-than formmail traffic, the whole exercise strikes me as a
bit like potting rabbits with a 16-inch-fifty. Even with free
ammunition, the cost of positioning and aiming the piece is too
great for the gain.

One could use a <language of your choice> tool and no 'full
spec' MTA at all. Or do specialized relay through a single
remote Exim you control for many-many webservers.

Or (my preference) no mail services of any kind on the box,
write the form output to a quarantined file area, and collect
them if-exist and/or at-intervals by file transfer. Or
interested parties login and read/download them via browser,
wiki/forum style.

Keeps 'em off the public smtp roads entirely.

YMMV,

Bill




Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] Not frozing on unexistent userRe: [exim] Not frozing on unexistent user->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)