Yes, acl_not_smtp seems to be the right way. Nice suggestion, thanks!
Of course it can't block SMTP connection, but my exim accepts only authenticated user on SMTP, so it is difficult to have code injection so sophisticated to use SMTP with auth.
Why did you state that PHP script accessing to local submission via socket could hack the MTA? Doesn't the acl_non_smtp also deals about that kind of connections? This is very important to me ...
I'll try the acl_non_smtp method and read more about it to understand if it's enough in my case.
Thanks for any other clue will you like to share.
g
On 19/07/2015 06:47, Jasen Betts wrote:
> On 2015-07-17, Giuliano David <g.david@???> wrote:
>> Hi everbody.
>> Within Exim I tried using "trusted_users = root" in main configuration,
>> but the effect is not what I need as I read in chapter 14
>> (http://www.exim.org/exim-html-current/doc/html/spec_html/ch-main_configuration.html)
>> and in chapter 5.2 of Exim documentation.
> on *nix PHP's mail() function sends email via local
> submission ( /var/lib/sendmail )
>
>> Can anyone point me in the right direction to achieve the same with exim4?
> Exim's default config is to accept all local senders, but that's
> easily fixed.
>
> # in the main section:
>
> acl_not_smtp = acl_local
>
> # in the ACL section:
> # order of ACLs is not significant, just insert this at the head of
> # that section.
>
> acl_local:
>
> accept
> authenticated = root:exim
> # the list here should include the username exim runs under, else
> # bounce messages won't be generated successfully, and failed emails
> @ will be retried indefinately..
>
> deny
>
>
> # that's all the configuration needed/
>
> if the rogue PHP is instead opening a socket to localhost:smtp or localhost:submission
> do also as suggested previously by others.
>
