Re: [exim] Vary weird problem - unable to set uid=12

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: Re: [exim] Vary weird problem - unable to set uid=12
Marc Perkel wrote:
> You've mentioned ${readsocket} a number of times and I'm still
> interested by don't know how to do it. I'm using run but what I'm
> running is very somple. It just uses netcat to send a line of text to a
> listening port on another computer. I wonder what would be the most
> efficient way for a group of Exim servers to send lines of text to a
> central listening server?


readsocket is pretty much perfect for that and doesn't have the overhead
of forking a process and loading a program before it sends the line.

I use a unix socket "/tmp/greylistd", however exim also accepts tcp
sockets like "inet:1.2.3.4:5321" ie central listening server

It works like any string expansion except that you're asking a foreign
program listening on a port to fill the string in for you. Of course,
you don't have to pay attention to the return value.

eg. when a host hits a dnslist, I tell my external daemon and ignore the
result.

GLSOCK=/tmp/greylistd

  deny    message        = ERRMSG_DNSBL
          condition      = ${if eq{$acl_c_rbldns}{yes}}
          !authenticated = *
          dnslists       = zen.spamhaus.org
          continue       = ${readsocket{GLSOCK}{rblexpire
$sender_host_address $dnslist_domain}{20s}{ }{SOCKETERROR}}


Or you can send all the relevant information off to the external daemon,
get it to decide something and return a sting value. ($acl_c_greylist is
set to ***NOT SET*** in the connect acl). This sends the IP, helo,
sender email and first recipient of an email off to the daemon which
returns a single word - defer/accept/reject - which I then process in
the subsequent acls.

  warn    !hosts         = +relay_from_hosts
          !authenticated = *
          !domains       = +skip_greylist
          condition      = ${if eq{$acl_c_greylist}{***NOT SET***}{yes}{no}}
          set acl_c_greylist    = ${readsocket{GLSOCK}{query
$sender_host_address $sender_helo_name <$sender_address>
<$local_part@$domain>}{20s}{ }{SOCKETERROR}}


Or you can use the value and some of string expansions in exim to
extract out interesting bits for use later to determine which ACLs to
run. The defer afterwards is to check to see if the daemon is missing.
Here I send a few things off to the daemon and it returns a string with
key="value" pairs which I then split up into connection variables for
use in later acls.

acl_check_helo:
  warn    set acl_c_tmp = ${readsocket{GLSOCK}{athelocheck
addr="$sender_host_address" helo="${quote:$sender_helo_name}"
helocmd="${quote:${substr_0_4:$smtp_command}}" if="$received_ip_address"
rport="$sender_host_port"}{20s}{ }{SOCKERR}}
          set acl_c_helo        = $sender_helo_name
          set acl_c_stupidhost  = ${extract{stupidhost}{$acl_c_tmp}}
          set acl_c_shseen      = ${extract{shseen}{$acl_c_tmp}}
          set acl_c_gldelay     = ${if
eq{$acl_c_stupidhost}{yes}{${eval:30 * $acl_c_shseen}}{0}}
          set acl_c_helotype    = ${extract{helotype}{$acl_c_tmp}}
          set acl_c_rbldns      = ${extract{allowrbldns}{$acl_c_tmp}}
          set acl_c_connid      = ${extract{connid}{$acl_c_tmp}}
          set acl_c_badhelo     = ${extract{badhelo}{$acl_c_tmp}}
          set acl_c_heloerr     = ${extract{heloerr}{$acl_c_tmp}}


  defer   message               = 421 Temporary local error - please try
again later
          condition             = ${if eq{$acl_c_tmp}{SOCKERR}}
          set acl_c_badhelo     = SOCKERR
          set acl_c_heloerr     = Temporary local error - please try
again later
          continue              = ${run{/etc/exim/lethalerror SOCKERR}}




--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/