Re: [exim] greylistd problems

On 5/22/06 11:34 AM, "Tony Finch" <dot@???> wrote:

> On Mon, 22 May 2006, Doug Jolley wrote:
>
>>> Does the debugging output indicate that Exim is setting its groups
>>> correctly?
>>
>> Yep:
>>
>>>> changed uid/gid: privilege not needed
>>>> uid=93 gid=93 pid=7479
>>>> auxiliary group list: <none>
>
> Er, that looks like a "no" to me. And in any case, you're looking at the
> wrong line because you want the "running as a daemon" line.
>
> However you have perhaps revealed a bug in that Exim probably ought to be
> doing an initgroups() in that situation.

Exim tends to avoid initgroups() for performance reasons. There is a
transport option (I think it is) to set up the groups if needed for that
transport. I don't believe that sort of option made it into ACLs, but I've
been wrong many times before.

We run our own greylisting code (a Python daemon we wrote) so I have no
experience with greylisd (which wasn't ready for prime time when we made
that decision). Ours runs as the exim user (carefully selected to make the
socket work).

--John