Re: [exim] error in mainlog - exim-4.67

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Chris Russell
CC: exim-users@exim.org
Subject: Re: [exim] error in mainlog - exim-4.67
On 2013-06-06 at 11:26 +0100, Chris Russell wrote:
> Your address_file transport has 'user = root' set. Your exim binary
> was compiled (for your safety) to disallow transports running as root
> using the 'never_users' compile-time option.
>
> You should adjust the transport such that it writes to a file which is
> writeable by the exim user or by some other user you can set with
> user= or check_local_user.


To be clear, what's happening is that there's an _extra_ delivery being
set up by the system-filter, presumably some kind of "log all mail sent
or received" thing.

The Transport probably should not be overriding the user, but instead
accepting the user given to it (usually by a Router, sometimes by the
system filter's configured user).

Prashanth is running Exim 4.67, from before the system_filter_user
default was changed from "root" to "exim" (in Exim 4.73). This is one
of a number of security improvements made in that release.

Prashanth: set system_filter_user to a user not on the never_users
list (and do not try removing root from that list, it's too dangerous to
do so).

I *strongly* advise you to *not* leave system_filter_user set to root.
There are ways around this if you must leave it as root (using the
system_filter_file_transport option) but you'll need to read the
documentation for the details, as I think that approach is sufficiently
dangerous in this situation that you'll need to read the documentation
to learn enough for it to stand even a chance of being safe.

It's easier, simpler and much much safer to just change
system_filter_user.

-Phil