[exim] Working around =?utf-8?Q?=E2=80=9Cexim=3A_?=permissio…

Top Page
Delete this message
Reply to this message
Author: Michael Steigman
Date:  
To: exim-users
New-Topics: Re: [exim] Working around “exim: permission denied”
Subject: [exim] Working around =?utf-8?Q?=E2=80=9Cexim=3A_?=permission denied”
Hello,

I have some Linux/MTA experience but no experience with exim. I am trying to get a dockerized version of exim (https://github.com/devture/exim-relay) working on the Red Hat OpenShift Kubernetes distribution. (This isn’t my project but it is used by another project that I am trying to run.)

In the Dockerfile, Exim is installed via apk:

apk --no-cache add exim tini

There is a config file copied into the image that appears to be a default or example config.

When the image starts, it is set up to run the command

exim -bdf -q15m

The exim package installs a user ID 100, group ID 101 and the docs for the image instruct us to invoke it with docker option —user=100:101. This works for me with Docker Desktop.

With OpenShift, however, all containers are run by a user with an arbitrary ID. That ID is linked to the project you are running the image in. It’s usually something like 1001360000. OpenShift adds the user to the image and makes it a member of the group root before starting up a container with the image.

When I run the image on OpenShift, all I see in the log is “exim: permission denied”. The container restarts constantly until it enters the CrashLoopBackOff state.

What I’ve tried adding to config, with no luck:

admin_groups = root (same permission error, invoking mailq with no options produces same error as well)
trusted_groups = root (same permission error, invoking mailq with no options produces same error as well)
queue_list_requires_admin = false (invoking mailq doesn’t produce an error but still get it when running command above)

Also chmoded 0775 exim itself and changed group ownership to root and set g=u for /var/spool/exim as well.

Hope someone can give me a bit of guidance. Thanks!

exim —version displays

Exim version 4.95 #2 built 22-Oct-2021 03:20:21
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2020
Using tdb
Support for: crypteq IPv6 Expand_dlfunc OpenSSL TLS_resume move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPE_CONNECT PRDR PROXY Experimental_Queue_Ramp SPF TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dsearch passwd
Authenticators: cram_md5 dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /etc/exim/exim.conf