Author: W B Hacker Date: To: exim users Subject: Re: [exim] trusted_users option has stopped working for me
mark david mcCreary wrote: > On 11/3/11 9:31 PM, W B Hacker wrote:
>> mark@??? wrote:
>>> I'm up to Exim 4.71 with Ubuntu Lucid.
>>>
>>> I've got some procmail jobs that send out email using Exim, as a named
>>> system user.
>>>
>>> :0
>>> |/usr/sbin/exim4 -f liaison@??? $SUBSCRIBER
>>>
>>> In this example, the user is liaison
>>>
>>> liaison:x:1007:1007:liaison,,,:/home/liaison:/bin/bash
>>>
>>> The body of the email being sent out contains headers like this
>>>
>>>> From Debian-exim Thu Nov 3 02:27:45 2011
>>> Date: Wed, 02 Nov 2011 22:27:26 EDT
>>> MIME-Version: 1.0
>>> Message-ID:<201111022227.7d904eb1fc1212e@???>
>>> Subject:
>>> From: liaison@???
>>> To: xxxxx@???
>>> Content-Type: text/plain; charset=us-ascii
>>> Content-Transfer-Encoding: 7bit
>>>
>>>
>>> That did not use to happen.
>>
>> ? WHAT 'did not use to happen' ... or what was it that happened BEFORE?
>
>
> Bill
>
> Thanks for asking.
>
> Before, in the good old days, the original headers were not placed into
> the body of the message, preceeding the real message.
>
> Now, I have this extra set of headers, in the body of the email, as Exim
> is trying to it's show it's suspicious.
>
>
>
>>
>>>
>>> The Exim Configuration file contains
>>>
>>> trusted_users = "Debian-exim:liaison:listmast"
>>>
>>> Is this a new security feature introduced recently ?
>>
>> 'trusted_users' is VERY old.
>>
>
> I'm very old too, but I'm still working :-)
>
> Let me go dig around and see what looks new in this area.
>
> But what would you suggest to get rid of those extra headers in the
> emails my on system users are generating.
>
>
>> 4.71 is stale, but not as old.
>>
>
> I'm working on rolling out Ubuntu Oneiric as we speak.
>
>
>
>> There HAVE been several rolling security improvements.
>> Some MAY affect who can utilize the binary or re-load a config.
>
> Ok, I can compile Exim if I have to.
>
>>
>> Or not.
>>
>>> Something that I
>>> have to enable when compiling Exim ?
>>>
>>> Got any troubleshooting tips for me ?
>>>
>>> Thanks
>>>
>>> mark
>>>
>>
>> Not YET.... not sure what is being asked..
>
> I want to eliminate the extra set of headers in the body of messages
> being sent by "trusted" users on my server.
>
> What do you suggest ?
>
> Thanks
>
> mark
>
>
>
>
>
'ON the server' may be the key.
There are TWO places you can manage headers easily, acl's and
router/transports, though the actual 'meat' takes place in the latter.
But WHEN there is no 'session', eg direct invocation of the binary, IF
you want to use the superb flexibility of an acl, (see re-writing) THEN
it has to be an acl_not_smtp acl - not ordinarily present by default-
and not divided into 'session phases' as over-the-wire smtp is. All-in-one.
Easiest, however, as it can ALSO smack sense into truant MLM's, is to do
it directly in the branching/delivery function of router/transports with
"headers_remove = "(and one : several : or a : whole : long : list..).
Plenty of examples in docs and archives.
Note, for example, that my posts here do not reveal which of many
'desks' or local uplinks I am sitting in front of - the trail begins
with the server jump-off.
That said, 'headers-remove' is an easy, but BFBI approach. There is
PROBABLY a way to have Exim not add those headers in the first place.
I leave that to the 'real experts', as I am still running a 4.69 with
too many source-code mods to one-click upgrade.