Re: [exim] unable to use $home variable in accept router?!

Top Page
Delete this message
Reply to this message
Author: Jürgen Edner
Date:  
To: exim-users
Subject: Re: [exim] unable to use $home variable in accept router?!
Hi Andrew, hi Jeremy,

>> localuser_maildir:
>> driver = accept
>> check_local_user
>> debug_print = DEBUG-HOME:$home:
>> condition = ${if exists{$home/.imapmail/cur}}
>> transport = local_delivery_maildir
>> ...
>> Does anyone have an idea why the condition fails and what need to
>> be done to get it running?
> Presumably you know there is actually a file or directory by that name?
>
> Assuming yes: next step is a repeat of your debug run but with +expand
> added, so we see the "if exists" being expanded. Maybe the default
> actions for the missing yes/no result cases is not working right.


yes, the directory defintely exists, but I think your hints are
already leading me into the right direction. It seems that the
problem is defintely been caused by insufficient access rights.

1. The access rights of the users home and all sub directories
    are 0700, owned by the user, by default. The exim user, under
    which the daemon is running, therefore cannot access the
    directory.


    # ls -ld /home/tom /home/tom/.imapmail /home/tom/.imapmail/cur
    drwx------ 13 tom users 12288 Oct 10 01:47 /home/tom
    drwx------ 12 tom users  4096 Oct 10 01:47 /home/tom/.imapmail
    drwx------  2 tom users  4096 Sep 23 19:18 /home/tom/.imapmail/cur


    For testing purposes I changed the access right to 0701 and the
    condition doesn't run into an error anymore.


2. Nevertheless I questioned myself why the same check is working
    as expected on another server but not on this one. I found out,
    that if I send an email from a local user to another local user
    WITHOUT sender authentication the condition check fails:


    20475 --------> localuser_maildir router <--------
    20475 local_part=tom domain=my-domain.dom
    20475 checking for local user
    20475 seeking password data for user "tom": cache not available
    20475 getpwnam() succeeded uid=2001 gid=100
    20475 checking "condition" "${if exists{$home/.imapmail/cur}}"...
    20475  ╭considering: ${if exists{$home/.imapmail/cur}}
    20475   ╭considering: $home/.imapmail/cur}}
    20475   ├──expanding: $home/.imapmail/cur
    20475   ╰─────result: /home/dumbo/.imapmail/cur
    20475  ├──condition: exists{$home/.imapmail/cur}
    20475  ├─────result: false
    20475  ├──expanding: ${if exists{$home/.imapmail/cur}}
    20475  ╰─────result:
    20475 localuser_maildir router skipped: condition failure  # <<<!!!
    20475 --------> unknown_user router <--------


3. If I send an email from a local user to another local user
    WITH sender authentication the condition check succeeds:


    17647 --------> localuser_maildir router <--------
    17647 local_part=tom domain=my-domain.dom
    17647 checking for local user
    17647 seeking password data for user "tom": cache not available
    17647 getpwnam() succeeded uid=2001 gid=100
    17647 checking "condition" "${if exists{$home/.imapmail/cur}}"...
    17647  ╭considering: ${if exists{$home/.imapmail/cur}}
    17647   ╭considering: $home/.imapmail/cur}}
    17647   ├──expanding: $home/.imapmail/cur
    17647   ╰─────result: /home/dumbo/.imapmail/cur
    17647  ├──condition: exists{$home/.imapmail/cur}
    17647  ├─────result: true
    17647  ├──expanding: ${if exists{$home/.imapmail/cur}}
    17647  ╰─────result: true
    17647 calling localuser_maildir router                     # <<<!!!
    17647 localuser_maildir router called for tom@???
    17647 ...


My conclusion is, that although the check_local_user function is called
and the local user is found (getpwnam() succeeded uid=2001 gid=100) and
the $home variable is set correctly, the access priviliges are not
changed for the following exists command which results in a condition
failure.

I've also tried to replaced the "condition" by a "require_files"
statement, but this doesn't work either. So it seems that there is
no way to use this condition check in combination with an
unauthenticated delivery, except I would alter the directory access
rights.

Regards
Juergen
--