Re: [exim-dev] [Bug 1031] Implement database logging of comp…

Top Page
Delete this message
Reply to this message
Author: Axel Rau
Date:  
To: W B Hacker
CC: Phil Pennock, exim-dev
Subject: Re: [exim-dev] [Bug 1031] Implement database logging of completed remote delivery

Am 15.02.2011 um 14:23 schrieb W B Hacker:

> Axel Rau wrote:
>>
>> Am 14.02.2011 um 19:16 schrieb Phil Pennock:
>>
>>>
>>> Will you settle for 4.76? :)
>> OK.
>> ...
>>
>>> although I do wonder about what happens with DB connections
>>> happening from multiple users, depending on which user Exim was
>>> running
>>> as when it opened the connection?
>>
>> You mean a multi-users system, where exim is used for submission?
>> If exim is not setuid root/exim_user then my code won't work
>> in that situation. It requires either setuid executable or an
>> outgoing
>> relay,
>> which would do the job. Same is true with other DB-lookups.
>> All my experience is based on networked clients which connect to a
>> daemon
>> (usually IMAP with submission capability) on a server which has no
>> user
>> accounts on it.
>>
>> Axel
>> ---
>> axel.rau@??? PGP-Key:29E99DD6 +49 151 2300 9283 computing @
>> chaos
>> claudius
>>
>>
>>
>
> Axel, all...
>
> Coming late to a discussion not of my making .. worse, probably
> forgetting earlier discussions...

Thanks for bringing this back to me, giving me a chance to clarify.
>
> ...but one has never needed setuid root <nor anything else special>
> to write logs or, indeed essentially *anything* into a DB with
> *unpatched* Exim 4.4X onward..
>
> All that is needed is a valid set of DB access credentials and the
> use of 'INSERT', 'UPDATE', etc (for SQL, anyway...) from anywhere
> in acl's or router/transports. And that's just the built-in route.
>
> Externals can be called as well.
>
> What is it that is seen to be in need of patched/new code?
>
> And should the offered patch be the one thaqt makes the cut if it
> *requires* setuid?

My patch does not change this.

I'm using FreeBSD ports and what I see: the exim excutable is
installed setuid root and its running as mailnull (which owns spool
directory etc). However I'm using ssl to access the db-server and
hence in the home of mailnull (which is /var/spool/mqueue) is a
subdirectory .postgresql with the cert and key files to access the db
(instead of a password in the exim config). This works because my mail
servers have no user accounts and everything is handled by mailnull.

The decision, to use ssl or not is up the administrator.

If no ssl being used, then a password must be supplied in the exim
config, which I personally don't like.

Axel
---
axel.rau@??? PGP-Key:29E99DD6 +49 151 2300 9283 computing @
chaos claudius